The proxy settings in Internet Explorer are set to 127.0.0.1:5050 and when I uncheck it, the settings eventually come back. The symptoms that made me check the proxy settings were the following:
– Within Chrome I was getting certificate errors on normally trusted website like google and Facebook.
– I was unable to get to any site on the internet using chrome or Internet Explorer at times
– Ran ESET online scan and it would crash
– ESET would freeze after some time and I would have to reset after unchecking the proxy settings
I unchecked the proxy settings and used ESET online scan and Sophos in tandem. ESET would scan a file and Sophos active scan would catch it. I then checked the quarantine in Sophos to find where the offending file was. Turns out the problem was called Node.exe and it hid itself in the following directories:
C:\program files (x86)\Commonfiles\DealAlly
C:\program files (x86)\Commonfiles\Diagnostics
C:\program files (x86)\Commonfiles\HoistSearch
C:\program files (x86)\Commonfiles\CacheUtility
C:\program files (x86)\Commonfiles\Display Settings
There was a directory called “Node” in each of these but the only one that was active was was in the “Display Settings” directory. I couldn’t close down the Node.exe executable in task manager which means I couldn’t delete it. So I booted up in Safe Mode and deleted the offending directories. All is well and I gave my end user a stern talking to; all in good fun of course.