What is this "ProxyBypass" thing that keeps popping up?

Discussion in 'other anti-virus software' started by subferno, May 11, 2011.

Thread Status:
Not open for further replies.
  1. subferno

    subferno Registered Member

    Joined:
    Oct 3, 2004
    Posts:
    87
    I am using Windows 7 64 with Outpost Security Pro.

    Just in the last several days, I keep getting a popup window from Outpost saying that certain processes are trying to modify registry entry "...\InternetSettings\ZoneMap\ProxyBypass". The process that it claims triggered it are identified as legitimate but I don't know why this thing has been spamming me like crazy lately.

    Whats the deal with this?
     
  2. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    It "may" be Malware. I am not sure that it is Malware related. See this (Click on "Characteristics".):

    http://www.mcafee.com/threat-intelligence/malware/default.aspx?id=143656

    Are the Malware signatures of Outpost Pro up-to-date and is Outpost Pro's Antivirus functioning properly?

    I would run a scan (in Windows "Safe Mode") with one or more of the following Anti-Malware scanners:

    1. SuperAntiSpyware Portable
    2. Malwarebytes Anti-Malware
    3. Dr.Web Cureit

    If anything tries to hinder running the above, I would scan/clean with the Avira Rescue System CD and then follow up with one or more of the above Anti-Malware scanners.
     
    Last edited: May 11, 2011
  3. subferno

    subferno Registered Member

    Joined:
    Oct 3, 2004
    Posts:
    87
    I am using Avira. I have done a scan in normal mode but found nothing. I will try it in safe mode and see what shows up.
     
  4. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    Are you using both Antivirus products (Avira & Outpost Pro) with "active" protection? Only one Antivirus product should have active protection to avoid conflicts between the two Antivirus products.
     
  5. subferno

    subferno Registered Member

    Joined:
    Oct 3, 2004
    Posts:
    87
    Avira is the only active AV, I have disabled the AV in Outpost.
     
  6. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    It is always a good idea to scan with "at least" one more Anti-Malware scanner. SuperAntiSpyware Portable has good scan speeds. I would also be sure to scan with Malwarebytes Anti-Malware.
     
  7. subferno

    subferno Registered Member

    Joined:
    Oct 3, 2004
    Posts:
    87
    Just finished a scan with Avira, Malware Anti, and Super in safe mode. Nothing suspicious came up.
     
  8. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    What are those certain processes? Upload the to VirusTotal and Comodo CIMA
     
  9. subferno

    subferno Registered Member

    Joined:
    Oct 3, 2004
    Posts:
    87
    Those processes include things like Admuncher, Firefox plugin container, Adobe Updater, etc, things that I recognize as legit.
     
  10. avenison

    avenison Registered Member

    Joined:
    May 12, 2011
    Posts:
    1
    Hi, I'm having the same issue. I too ran Malwarebytes and it didn't find anything. The full registry key names are:
    • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
    • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass

    The executables on my system which have requested the changes are: Chrome updater, a layout manager for a game controller, an income tax program, Java's update checker, the Java runtime itself, RUNONCE.EXE (who knows what these were for), and the settings manager for my mouse.

    According to Outpost's logs in Event Viewer > System Guard (which date back to January) the first instance of these attempted changes was May 10, 2011 around 9AM EST. I have Windows Updates from that date, but they weren't installed until ~3PM. The ones before that were from April 29, and since the issue occurs on startup it should have happened sooner if the updates were the cause. I've also checked Windows Event Viewer, skimmed through any files modified around that time, looked through Programs and Features to see if I installed anything, but nothing stands out.

    If you check Outpost's Event Viewer > Product Internal Events, there are at least two updates released on May 10 between 4:00AM and 6:30AM. For the moment, I am guessing that Agnitum just added these two registry values to its protection list(s), so any programs already using it are now being flagged. I couldn't find the keys in any of the protection lists (Settings > Proactive Protection > System Guard > Settings...) but the log shows them as being part of the Internet Settings category. The dialogue window is not wide enough to get a good look, and it can't be resized. :mad: Outpost's interface has sure gone downhill since the version 4 era...

    It may be worth noting that I have application protection turned on for Chrome, so the updater "should" be protected as well. I did find one virus that messes with these settings, but it's from 2006. Additionally, these registry keys don't even exist on my system... possibly because I don't have a proxy defined, but it could also be that they are deprecated. Let me know if you find out anything else.
     
  11. subferno

    subferno Registered Member

    Joined:
    Oct 3, 2004
    Posts:
    87
    I just reinstalled my OS.

    I installed Outpost then all the Windows updates. I then installed Firefox. Launching Firefox, BAM!!!, the same warning pop ups start again. THIS IS ON A CLEAN SYSTEM (assuming that the malware didn't infect my backup drive and found its way back on my system partition again).
     
  12. Nevis

    Nevis Registered Member

    Joined:
    Aug 28, 2010
    Posts:
    786
    Location:
    255.255.255.255
    did u reinstall from a backup image or dvd ?
     
  13. subferno

    subferno Registered Member

    Joined:
    Oct 3, 2004
    Posts:
    87
    Retail DVD.
     
  14. gebruiker116

    gebruiker116 Registered Member

    Joined:
    May 13, 2011
    Posts:
    1
    Hi, I'm having the same problem about one week,
    Also using Outpost (free) and NOD32
    Scaned with MalwareBytes, no problems
    Do you block those enterys ? I do, it doesn't effect my computer ...
    Are you using Jdownloader or something similar ?
    I've having this problem since I installed this, in this program is a function to ask for a new IP or reset you're internet connection, maybe this is triggering it ?
    I don't use that option but maybe related ?
    I'm not sure about thisc, anyone have some experience with it ?
     
  15. subferno

    subferno Registered Member

    Joined:
    Oct 3, 2004
    Posts:
    87
    I click "Block" but its really frustrating because almost everything will trigger this popup.

    I don't have JDownloader but I do use Flashget (the old clean version) for years.
     
Loading...
Thread Status:
Not open for further replies.