Malware Removal Guide Rogue anti-spyware Security Spyware Removal

Remove the Windows Security 127.0.0.1:8080 Proxy

November 23, 2016
Lawrence Abrams

Click here to visit Original posting

Remove the Windows Security 127.0.0.1:8080 Proxy

  • Wed, 23 Nov 2016 08:57:12 EST
  • Read 3847 times

Windows Security is an adware program that installs a proxy server in Windows and then configures your web browsers to use it. This allows the adware to inject advertisements and other unwanted behavior into web pages as you are browsing the web. This proxy server will also make it so that if a user search on Google, it will instead load a Google Custom Search engine under the control of the malware developers.

When installed, the Windows Security adware will configure the computer to use a proxy server located at http://127.0.0.1:8080. This proxy server is actually the C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe program, which will then inject advertisements into web pages, cause link clicks to open up ads in new browser tabs, and display a Google Custom Search engine when searching on Google.

How did the Powered by Windows Security Proxy Hijacker get on my computer?

It is important to note that this adware is bundled with and installed by free programs that did not adequately disclose that other software would be installed along with it. Therefore, it is important that you pay close attention to license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed. Furthermore, If the license agreement or installation screens state that they are going to install a toolbar or other unwanted adware, it is advised that you immediately cancel the install and not use the free software.

In my opinion, this adware was created solely to generate revenue for the developer. With all of the problems it causes, the ads it displays, and the hijacking of Google search results, I do not feel this is a program you want on a computer. If you wish to remove it and possibly other associated adware, you can use this guide to remove it and any other related programs for free

Array
View Associated Windows Security 127.0.0.1:8080 Proxy Files

C:\Program Files\XBox\ C:\Program Files\XBox\XBLive.exe\ C:\Program Files (x86)\F9457400-1479826686-11E3-823A-B8AEED772649\ C:\Program Files (x86)\F9457400-1479826686-11E3-823A-B8AEED772649\Uninstall.exe C:\Program Files (x86)\F9457400-1479826686-11E3-823A-B8AEED77264\9\vnsq90B0.tmp C:\ProgramData\Intel\{17E87DD9-4270-4452-A06D-4F6DE04A9136} C:\ProgramData\Microsoft\Network\Dsq\ C:\ProgramData\Microsoft\Network\Dsq\chrome\ C:\ProgramData\Microsoft\Network\Dsq\chrome\libvlc.dll C:\ProgramData\Microsoft\Network\Dsq\chrome\vlc.exe C:\ProgramData\Microsoft\Network\Dsq\chrome\work.dll C:\ProgramData\Microsoft\Network\Dsq\func\ C:\ProgramData\Microsoft\Network\Dsq\func\ca.crt C:\ProgramData\Microsoft\Network\Dsq\func\ca.key C:\ProgramData\Microsoft\Network\Dsq\func\cert8.db C:\ProgramData\Microsoft\Network\Dsq\func\certutil.exe C:\ProgramData\Microsoft\Network\Dsq\func\freebl3.dll C:\ProgramData\Microsoft\Network\Dsq\func\key3.db C:\ProgramData\Microsoft\Network\Dsq\func\libnspr4.dll C:\ProgramData\Microsoft\Network\Dsq\func\libplc4.dll C:\ProgramData\Microsoft\Network\Dsq\func\libplds4.dll C:\ProgramData\Microsoft\Network\Dsq\func\libvlc.dll C:\ProgramData\Microsoft\Network\Dsq\func\msvcr100.dll C:\ProgramData\Microsoft\Network\Dsq\func\nss3.dll C:\ProgramData\Microsoft\Network\Dsq\func\nssckbi.dll C:\ProgramData\Microsoft\Network\Dsq\func\nssdbm3.dll C:\ProgramData\Microsoft\Network\Dsq\func\nssutil3.dll C:\ProgramData\Microsoft\Network\Dsq\func\secmod.db C:\ProgramData\Microsoft\Network\Dsq\func\smime3.dll C:\ProgramData\Microsoft\Network\Dsq\func\softokn3.dll C:\ProgramData\Microsoft\Network\Dsq\func\sqlite3.dll C:\ProgramData\Microsoft\Network\Dsq\func\ssl3.dll C:\ProgramData\Microsoft\Network\Dsq\func\vlc.exe C:\ProgramData\Microsoft\Network\Dsq\func\work.dll C:\ProgramData\Microsoft\Network\Dsq\network\ C:\ProgramData\Microsoft\Network\Dsq\network\ca.crt C:\ProgramData\Microsoft\Network\Dsq\network\ca.key C:\ProgramData\Microsoft\Network\Dsq\network\default_cse.js C:\ProgramData\Microsoft\Network\Dsq\network\general.js C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe C:\ProgramData\Microsoft\XBLive\ C:\ProgramData\Microsoft\XBLive\Egg\ C:\ProgramData\Microsoft\XBLive\Egg\{ax5b2oazfce5474fb8a7de6ebad21b34161123}.config C:\ProgramData\Windows Security\ C:\ProgramData\Windows Security\winsecurity.exe %AppData%\ASPackage\ %AppData%\ASPackage\ASPackage.exe %AppData%\ASPackage\Uninstall.exe %AppData%\WMPNetworkAcSvc\ %AppData%\WMPNetworkAcSvc\config.ini %AppData%\WMPNetworkAcSvc\Interface.dll %AppData%\WMPNetworkAcSvc\st.con %AppData%\WMPNetworkAcSvc\st.log %AppData%\WMPNetworkAcSvc\WMPNetworkAcSvc.exe

File Location Notes:

%AppData% refers to the current users Application Data folder. By default, this is C:\Documents and Settings\<Current User>\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\<Current User>\AppData\Roaming.

View Associated Windows Security 127.0.0.1:8080 Proxy Registry Information

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ASPackage HKLM\SOFTWARE\Wow6432Node\Clients\Mail\ChannelId instalmsterbr20 HKLM\SOFTWARE\Wow6432Node\SkypeUpdateEx HKLM\SOFTWARE\Wow6432Node\WMPNetworkAcSvc HKLM\SYSTEM\CurrentControlSet\services\WindowsSecurity HKLM\SYSTEM\CurrentControlSet\services\XBox