PUM.Optional.ProxyHijacker

Short Bio

This detection is for potentially unwanted modifications (PUM) in the registry where proxy settings are changed on the affected system. Such changes are usually done by adware to intercept and alter web content.

System Modifications

The following registry value data are modified:

Under
HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Internet Settings

From:
ProxyServer={user-defined server IP}:{user-defined port number}

To:
ProxyServer=127.0.0.1:{random port number}

Under
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Internet Settings

From:
ProxyServer={user-defined server IP}:{user-defined port number}

To:
ProxyServer=127.0.0.1:{random port number}

Under
HKEY_CURRENT_USER\System\CurrentControlSet\Services\
NlaSvc\Parameters\Internet\ManualProxies

From:
ProxyServer={user-defined server IP}:{user-defined port number}

To:
ProxyServer=127.0.0.1:{random port number}

Under
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
NlaSvc\Parameters\Internet\ManualProxies

From:
ProxyServer={user-defined server IP}:{user-defined port number}

To:
ProxyServer=127.0.0.1:{random port number}

Remediation

Malwarebytes can modify these registry value data back to their Windows default settings without user interaction.

Also, we advise users to do a full system scan as PUM.Optional.ProxyHijacker could have been added to the system by malware or a PUP.

Cybersecurity info you can’t do without

Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats.

Select your language