ProxyServer/localhost Q ?

Discussion in 'other security issues & news' started by Spanner intheWorks, Apr 9, 2005.

Thread Status:
Not open for further replies.
  1. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
    Hey Spanner! :-*

    Paranoid? :D You've probably done more than you're share of reg hacks, have you looked? Gopher's just an older protocol that for the most part has been replaced by http. Do you access any Gopher sites directly?

    You can disable Gopher by going to the tools menu and accessing "LAN Settings" under "Connections." Open the "Use proxy server for your LAN" box and access the "Advanced Tab." In the Gopher text field enter "localhost" and "1" in the port setting box. Look in dial-up proxy settings while there and a quick once over if you're using a hosts file. With no other references to accompany that HJT readout, and gopher set to localhost...I don't think it's anything to worry about. It might only be a problem if the R1 line had an address unknown to you. ;)

    You can check the registry for the entry "ProxyEnable" (0 to disable, 1 to enable) at this address...
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings.


    GF :ninja:
     
    Last edited: Apr 9, 2005
  2. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
    WHOOOPSIE-DAISY!

    Forgot you're NOT on XP. :p Sorry about that Spanner.

    First of all I believe the correct paper outlining the Gopher protocol can be found in article RFC 1436
    (you get the idea by now I'm sure). Hey...I wasn't suggesting you've been to any *dodgy* sites either. :D

    I caught some of that thread you mentioned about the hidden trojan app, possibly like you said there was an instance of modification surrounding that R1 line from HJT. If you ran it again, would the results still show a registry action as depicted
    in you're first screenie? I'm not an expert, just curious. It's a little confusing sometimes how these various "scanner" type programs parse information, but memory may well have served you here. A thought...maybe it helps to keep an updated notebook of all mods you've employed to reference these surprises when they arise, it helps me.

    That you were unable to adjust proxy settings in the registry shouldn't be a problem, as many times the real settings we have access to in windows do in fact get applied to the registry. If you're locked down in IE options, the registry should reflect it.

    BTW, I just happen to have a spare 98 system :p a friend gave me a while back and am able to confirm the settings are
    the same for those ProtocolDefaults, but had some trouble locating (so far) the exact meaning of their values. Here's the Windows 98 Registry. If you scroll down the page to Table 31.18 TCP/IP registry entries (7/8 or so down the page),
    you'll find most of the default values listed. See if you can make heads or tails from the info provided, OK.

    Thanks for the connection speed. Here's something you might want to play with...Windows 9x/ME Registry Tweaks.
    Two other sites I highly recommend are Windows Networking and PC Support Advisor.

    I'll keep on the hunt for those value def's for you in the meantime, I still gotta git even wid u lol ! :-*


    GF


    PS - Could somebody PRETTY PLEASE resize that first post, mods? :cool:


     
  3. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    It doesn't matter if you are actually using the proxy or not but if you have ever set a proxy and several applictions like mail washer or antiviruses will use a proxy on local host so that entry will appear in a hjt log

    I will almost guarantee that that entry came from you having freeserve on your computer at one time as taht is a standard freserve entry when you install it via their blasted CD

    post your HJT log & I will look at it to confirm that it is due to freeserve or whatever
     
  4. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    You can post HJT logs on request of a staff member

    we don't allow unsolicited logs but when one of us thiunks it might be helpful with a particular problem then it's ok to post on request
     
  5. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    Nothing bad there but I would guess it is one of the multitude of security programs stopping you fixing it

    possibly winsonar or geek superhero
     
  6. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    it was probably put there in the first plce by your ISP install

    who is ISP
     
  7. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    :cool: :eek:
     
  8. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
    Spanner,

    I'd agree with Derek about the ISP placement, but you know I wouldn't confirm anything technical without proof...
    which I don't have! Still on lookout for you on those values. ;) Pssst, Spanner...yeah, really short! :D

    @ Bubba ~ Thank you kind Sir. :-* :D


    GF
     
    Last edited: Apr 11, 2005
Thread Status:
Not open for further replies.