Proxy settings are set to 127.0.0.1:5050 on Windows 7 Machine

Problem: 
The proxy settings in Internet Explorer are set to 127.0.0.1:5050 and when I uncheck it, the settings eventually come back.  The symptoms that made me check the proxy settings were the following:

  Within Chrome I was getting certificate errors on normally trusted website like google and Facebook.
  I was unable to get to any site on the internet using chrome or Internet Explorer at times
  Ran ESET online scan and it would crash
  ESET would freeze after some time and I would have to reset after unchecking the proxy settings

Solution:
I unchecked the proxy settings and used ESET online scan and Sophos in tandem.    ESET would scan a file and Sophos active scan would catch it.  I then checked the quarantine in Sophos to find where the offending file was.   Turns out the problem was called Node.exe and it hid itself in the following directories:

C:\program files (x86)\Commonfiles\DealAlly
C:\program files (x86)\Commonfiles\Diagnostics
C:\program files (x86)\Commonfiles\HoistSearch
C:\program files (x86)\Commonfiles\CacheUtility
C:\program files (x86)\Commonfiles\Display Settings

There was a directory called “Node” in each of these but the only one that was active was was in the “Display Settings” directory.  I couldn’t close down the Node.exe executable in task manager which means I couldn’t delete it.  So I booted up in Safe Mode and deleted the offending directories.   All is well and I gave my end user a stern talking to; all in good fun of course.

Leave a comment

Your email address will not be published. Required fields are marked *