How do I permanently remove the MSR Privoxy?

2

So recently I got this "virus" from downloading something. This virus keeps on spamming ads and underlining text on a web page to cause you to click a link that will pop-up a new tab. It usually links me to adsdelivery1.com. Monkeytize is what I'm seeing on the bottom of the page. Media Player is telling me to download it as well.

It only occurs on Google Chrome. It doesn't occur on Firefox but I still want to make sure it's gone off my computer in case it infects Firefox.

Here is an example of how it looks like: enter image description here

I've tried to check what extensions and programs are causing this but they were uninstalled before I found out about this. I thought that if I uninstalled them, so would the ad virus pop-ups.

The directory of my file is C:\Program Files (x86)\MSR\Privoxy

It also seems to automatically check the Google Chrome LAN setting for using a Proxy Server.

Here is also what I've tried doing so far:

  1. Manually deleting it but it was locked. Checked the Add or Remove Programs but it wasn't listed there.

  2. Deleting and restarting my computer using the following. Every time I deleted this, it would recreate the folder with all the files again, making it impossible to delete.

    • MalwareBytes Anti-Malware. It restarted the computer thinking it was deleted but regenerated.
    • LockHunter. It told me what was locking it and it was the program itself. However, I checked the Task Manager but there was nothing on that so it most likely wasn't me that was opening it.
    • ADW Cleaner. Same as Malware Bytes

  3. Command Line Delete.

  4. I also tried using the Registry Editor and erased all the registries for Privoxy. It still didn't work.

  5. I tried using the Perfect Uninstaller and ended the process from the "Other Processes" menu then deleted it. After restarting the computer it automatically recreated itself again.

  6. I tried uninstalling it by clicking the Uninstall package file but it got rid of all but mgwz.dll, Privoxy.exe and privoxy.txt

Here is the result for Command line.

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Program Files (x86)\MSR>del Privoxy
C:\Program Files (x86)\MSR\Privoxy\*, Are you sure (Y/N)? y
C:\Program Files (x86)\MSR\Privoxy\mgwz.dll
Access is denied.
C:\Program Files (x86)\MSR\Privoxy\privoxy.exe
Access is denied.
C:\Program Files (x86)\MSR\Privoxy\privoxy.log
The process cannot access the file because it is being used by another process.

ADW Logs

Lock Hunter Logs

So how do I get rid of this indestructible program? Overall, it seems like whenever I have the chance to delete it, it keeps coming back.

puretppc

Posted 2014-06-15T04:41:10.313

Reputation: 265

Privoxy is a legit program (which may be being misused by your malware) so have you tried simple stuff like checking Appwiz.cpl? unfourtunately if you have hacked and slashed your registry it probably won't appear any longer. check services.msc to see if you see it there, and if not, check your task scheduler to make sure its not being started and restarted there. look in the privoxy folder for a file called unins000.exe or uninstall.exe and if present, run it. failing all else, you could download privoxy from the tor foundation, install it as a repair, and then remove it. – Frank Thomas – 2014-06-15T05:12:35.240

Where would Appwiz.cpl be located? Also, what about services.msc? Yeah I think I did get caught into a Malware but I cant find out what's causing this. I did do the uninstall folder but didn't fully work either. – puretppc – 2014-06-15T05:23:10.777

just type them into the run bar, or go to the control panel . appwiz is the add remove programs applet, and services.msc is the Administrator Tools -> Services applet. – Frank Thomas – 2014-06-15T05:24:43.710

Well the Add/Remove programs didn't list Privoxy for some reason.That means appwiz.cpl didn't work. Services.msc didn't list privoxy either. – puretppc – 2014-06-15T05:28:43.943

I assume you've tried to stop the process using somthing like process explorer, and it is restarting after you kill it? if so, check your task scheduler. if not, kill the privoxy process before attempting to delete. if its not in the task scheduler, pull down sysinternal's autoruns and see if you can find out how its started and disable it from there. then reboot and try again. – Frank Thomas – 2014-06-15T05:41:19.057

1Actually somehow it worked. I downloaded a program called "activeris antimalware" and it just removed it. I even restarted it many times and never saw it returning. Well thanks for your help anyways! – puretppc – 2014-06-16T18:26:28.557

Answers

4

Activeris Antimalware is in itself a malware program. It has some redeeming features in that it can actually remove things - its competitors. However it is a 'potentially unwanted' program and is considered malware as it is a web browser extension that induces ads and pop-ups. It is less difficult to remove than some of the others.

kaz

Posted 2014-06-15T04:41:10.313

Reputation: 41

Malware Tips lists instructions for removing the rogue antivirus program at How to remove Activeris AntiMalware (Virus Removal Guide) – moonpoint – 2015-07-18T03:03:34.627

2

It is actually really easy to uninstall it:

  1. Go to C:\Program Files (x86, or whatever, you want), alphasystem memory (not sure if I spelled it right) and delete the entire folder along with other program folder you don't recognize (google if you can delete the suspicious folder as well); give admin permission.
  2. You are GOING TO RUN INTO some narsty issues of "program.dll" already running. Therefore, go to administrator tools in your control panel and select "services"; from there, stop any privoxy service.
  3. Finally, go to control panel, and search up "Proxy settings"-you will see "internet options, configure proxy server". Click that, and go to LAN settings-from there, uncheck the "use proxy server for lan". Congratulations, you are free to either download privoxy again or not live with it forever. (If you want to download again, make sure you get it from a good download site such as CNET, and check the "use proxy server for LAN" again.) There you go.

user470601

Posted 2014-06-15T04:41:10.313

Reputation: 21

0

I just fixed this on my system, suffering the exact same things you were.
I opened the task manager (Ctrl+Alt+Delete) and moved it to one side. You won't see privoxy under the processes or applications tabs because it's a "service". Here's how I killed it.

Under the task manager, click the services tab, scroll down until you find the privoxy service. Now open your c:\Program Files(x86)\Softcomp Software\ folder. In here are where all the hacked .exe files were that were running off of privoxy. Click the task manager window, and bottom right hit the button with the Shield icon that says Services, in the new window, scroll down until you find privoxy, and click stop service. Close that window, now go into the folder you opened and delete the contents. All of it.

Empty the recycle bin.

Now open your web browser, and likely, it won't load your homepage. Go into the settings and connection tabs in the browser, click on LAN settings, and Un-click the Use Proxy Service box. Close, Save, exit the browser. Restart the browser, and voila, internet is back, no ads.

This service was sneaking past Kaspersky Antivirus as well as a different AV program I had installed. Infuriating.

Hope this helps.

Jason

Posted 2014-06-15T04:41:10.313

Reputation: 1

0

Just fixed this on a friend's PC, this fixed it for them:

  • Pull up a Run box (Windows + R) and type compmgmt.msc and hit enter
  • Go to services
  • Find the Privoxy service and open its properties
  • Stop the service and change it from Automatic (or whatever it's set to) to Disabled
  • Look in that same window and it will tell you where the Privoxy exe is. In my case it was in C:\Program Files (x86)\IT Viewer
  • Go to Start, type cmd, then right click and choose Run as Administrator

  • type the following (adjusting the IT Viewer part as necessary per whatever the Service Properties window showed the folder path as being:

    rd /s /q "C:\Program Files (x86)\IT Viewer"

That did it for me.

superbeef150

Posted 2014-06-15T04:41:10.313

Reputation: 1

0

Use your registry editor its under wow64node. kill it and make sure your Wi-Fi is gone. Then search for the Hosts file on windows explorer and kill anything in it that looks suspicious, and before this kill the process in task manager. That worked for me after malwarebytes failed.

asdf

Posted 2014-06-15T04:41:10.313

Reputation: 1

An Anon User suggests: "Get the freeware unlocker (be careful when downloading) and delete the virus. Unlocker allows you to delete the file by ending all processes related to it and its very simple to use (right click and you'll see it. Also, when doing this turn off your wifi so the virus can't re download and put your settings to automatic detect settings. It should be gone but remember you have to delete 3 different folders (forgot which) to get rid of it." – Psycogeek – 2014-07-28T01:20:00.330

Asked: 2014-06-15T04:41:10.313

Viewed: 18 758 times

Active: 2016-05-27T15:46:20.583