Yesterday I decided to update all of my 'cleaning' programs and scan the system, something I hadn't done on this system in several months. I use Spybot, Malwarebytes and CCleaner. For Spybot, I upgraded from v1.6 to v2.x. That was a fairly major change, and I think the program now has more functionality than it did before...
Malwarebytes seemed like just a database update.
CCleaner was an update from v3.x to v4.x, but the program still seems the same.
After installing various Windows Update critical updates and scanning with all three of the aforementioned cleaning programs, I could no longer access the internet. Turns out the culprit was my LAN settings - they were set to use a proxy server, which is something I never use. Specifically, they were set to use:
Address: localhost Port: 21320
Could one of those three cleaning programs have changed this setting? If not, what program would change this on its own? I know for a fact that I didn't change it and nobody else uses this machine... All scanning came up clean, so I'm fairly certain I don't have any problems with the machine.
What would be the purpose of setting the proxy address to localhost (which I believe is the same as 127.0.0.1, and is also what Spybot puts in the hosts file when it runs immunization)? What is the significance of port 21320?
Users like you can add images, links and other relevant information about this topic.
posted: May. 25, 2013 @ 9:50p
Click to copy code and go to .
Thanks for visiting FatWallet.com. Join for free to remove this ad.
Senior Member - 5K
posted: May. 26, 2013 @ 7:23a
Lots of malware make changes to the proxy settings, but so do some good programs. By pushing everything through their own internal proxy they gain control of things to allow scanning and pushing you to their own sites. Spybot immunizes to 127 because that address is a loopback, so anything going there will go nowhere, stopping bad sites from being accessed.
There are some ports that are used for specific things, like 25 is SMTP, 21 is FTP, etc... but it's a fairly short list. All the other numbers are open and can be used for pretty much anything. 21320 isn't anything in and of itself, it's just the port that some program on your PC decided to use.
localhost port 80 would go nowhere because it's just a loopback, but when you set it to another port it could be intercepted by another program.
Senior Member - 3K
posted: May. 28, 2013 @ 11:14a
minidrag said: localhost port 80 would go nowhere because it's just a loopback... localhost/127.0.0.1 port 80 goes nowhere, unless you have a web server running on your machine. Then it loops back to that web server. The random high-numbered port was likely picked so it didn't interfere with any existing software.
It sounds very much like some malware installed a local proxy, and was routing all your web traffic through it. This may have been done simply to insert ads into all of the pages you visit. Or it could've monitored all your web traffic. Somehow the malicious proxy got removed, but the proxy setting stayed.
Are you certain all the scans you ran came up clean? I'd check the logs to see if one of the cleaners hadn't cleaned something up automatically. Another option is that one of the scanners read a file and triggered your real-time AV program, which then cleaned the file itself. You do have a real-time AV program always running, right?
posted: May. 28, 2013 @ 8:13p
From what I can tell, it's a function of the new Spybot version 2. I performed the same tasks on another machine (updating the cleaning utilities and running them) and saw the same thing. I went into the settings of Spybot and told it not to use "Spybot's" proxy and it fixed itself.
I just don't understand how it was supposed to work. With the first machine, when the proxy was enabled (localhost / 21320) I had no internet connection. Maybe I disabled something in Spybot that caused the proxy functionality to quit working without disabling it. That's definitely something I'd do as I'm always stripping programs and their functions down to a minimal level.
At any rate, all is well, no malware or spyware, I was just curious about the feature and what it was supposed to be doing.
Disclaimer: By providing links to other sites, FatWallet.com does not guarantee, approve or endorse the information or products available at these sites, nor does a link indicate any association with or endorsement by the linked site to FatWallet.com.
Members of our community may attach files to a post in accordance with the User Agreement. FatWallet is not responsible for the content, accuracy, completeness or validity of any information contained in any attached file. Files have *not* been scanned for viruses. Be especially wary of Excel files which may contain malicious content.
Earn Cash Back while you shop - just 3 simple steps.
1. Sign Up so we know who to pay! (It's FREE.)
2. Shop through FatWallet for deals from your favorite stores. Your online purchases earn Cash Back that builds in your FatWallet account.
3. Get Paid by requesting a payment via check or PayPal.
FatWallet coupons help you save more when shopping online. Use our Coupons Search to browse coupons and offers from thousands of stores, gathered into one convenient location.
As part of our FatWallet Community, you can share deals with almost a million shoppers in our forums. Forum content is generated by consumers for consumers. Share deals, money-saving tips, and more. It's FREE, fun, and addicting.
Our customer experience team is here around the clock - real people ready to assist.