Fix the Proxy Settings Locked by Spigot Malware

It’s the process how we fixed the browser hijacking for a user. A Spigot malware locked his IE proxy settings. We finally solve the problem by Malwarebytes.

Recently one of our customers had a strange problem. Some program locked his proxy settings. It was one kind of browser hijacking.

We could not change the proxy settings from the Internet Options dialog. There was an error message “Some settings are managed by your system administrator.

IE Proxy Settings Locked
IE Proxy Settings Locked

Our product My IP Hide failed to work because of it. It showed the error message “You are using the unencrypted regular proxy 127.0.0.1. Your real IP address may leak.

MyIPHide Not Working
MyIPHide Not Working

Reset Internet Explorer Settings

We tried to reset his Internet Explorer settings by clicking its menu Tools > Internet Options > Advanced tab > Reset. But it didn’t work. We have to try other methods.

Reset IE Settings
Reset IE Settings

Change Proxy Settings in Control Panel

Then we modified the proxy settings in the control panel. But it will be reverted to 127.0.0.1:8080 immediately.

System Proxy Settings
System Proxy Settings

However, we didn’t find any program listening on (managing) the 8080 port. It caused the browsers could not open any page.

Found the Suspect: Spigot

Then we try to find what program was changing the proxy settings. Finally, we found a suspicious program “PreferencesManager.exe” by Process Monitor.

PreferencesManager.exe
PreferencesManager.exe

That program belonged to a company named Spigot Inc. It produces many Adware and potentially unwanted programs (PUP). They compulsively redirect users to their advertiser’s sites to earn money. It will cause a lot of problems for the user’s system.

Manually Fix the Windows Registry

We removed the Spigot program YTD Toolbar from the Control Panel. But it didn’t solve the problem. The proxy settings are still locked. We tried to fix it by manually changing these Windows Registry entries which control the system proxy settings.

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings

Use Anti-Virus/Malware Programs

However, it still could not solve the problem. It was too hard for us to fix all the corrupted registry keys manually. Thus We decided to use a professional tool to fix it. We tried these anti-virus programs.

  • Avast
  • 360 Total Security
  • Tweaking Windows Repair
  • AdwCleaner

One by one, download, install, run, scan, repair, reboot for each of them. However, sadly enough, none of them were able to solve the problem.

Avast Scanning
Avast Scanning

The Finisher: Malwarebytes

Finally, we find the finisher, Malwarebytes Anti-Malware. It successfully cleared the system and fixed the problem after a quick scan and reboot.

Malwarebytes
Malwarebytes Anti-Malware

Thanks to Malwarebytes, our product My IP Hide worked again.

MyIPHide Working Again
MyIPHide Working Again

Conclusion

We spent about 4 hours on trying all those methods and programs to fix the problem. It was a real pain. Next time we will directly use Malwarebytes to save time.

And we recommend Malwarebytes for all our users. The free version is a manual scanner. The paid (Premium) version provides real-time protection against malware, ransomware and malicious websites. Either one is a great tool to keep threats off your system.