What keeps resetting my proxy settings?

I run Privoxy (currently version 3.0.8) under Windows 10 Creators Update 1703/15063.608 (which helps to stop malware reaching my machine by preventing websites from serving un-vetted 3-party advertising/etc for random places on the web w/o my knowledge or consent. I disable it temporarily when it interferes with some web page/application's operation.

For this to work, however, I have to configure it as a proxy, under Windows "Control Panel>Internet Options>Connections (tab)>Lan Settings". I check "Use a proxy server..." and "Bypass proxy server...", and either fill in the Address/Port with 127.0.0.1:8118 (which is where Privoxy listens), or I drill down to "Advanced" and fill in 127.0.0.1:8118 for all of HTTP/Secure/FTP/Socks, with or without checking "Use the same protocol...".

Invariably, some random time later, all of this configuration is erased, blanked out. I have to re-enter it all again. This happens several times a day.

I run Chrome (60.0.3112.113 64-bit) and Firefox (55.0.3 64-bit).

Under the assumption I have some sort of malware running amok, I have been scanning daily with AVG Free and MalwareBytes. Neither of these find anything.

Any suggestions? This only started a few weeks ago, after installing Creators Update. I did not notice it immediately, so tracking down when I might have installed some application that might be the culprit could be difficult.

Thanks.

 

Question Info


Last updated November 18, 2019 Views 12,185 Applies to:

Hi,


Your Windows 10 not saving your Proxy settings might be due to a variety of reasons. One of which is due to Internet Explorer settings.

Is your Windows 10 updated? If not, it would be best that you keep it up-to-date as an outdated operating system also affects the Proxy settings.

Let's run the Internet Connections Troubleshooter to find and repair problems with connecting to the Internet or to websites.

  1. Right-click the Start icon, then select Control Panel.
  2. Choose the Large icons option from the View by drop down list found on the upper-right part of the Control Panel window.
  3. Locate then select Troubleshooting.
  4. Click View all from the left pane.
  5. Locate and click Internet Connections to run the troubleshooter then follow the next steps.

Resetting your Internet Explorer may also help in troubleshooting the Proxy issue you're experiencing. Just follow the steps under "Reset Internet Explorer settings" from here.
Disclaimer: The Reset Internet Explorer Settings feature might reset security settings or privacy settings that you added to the list of Trusted Sites. The Reset Internet Explorer Settings feature. Also re-enable the add-ons.

Let us know what happens next.


Regards.

2 people were helped by this reply

·

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Thanks, but internet connectivity is not the issue. As indicated in my original post, I am trying to track down malware covertly doing things to my proxy configuration. I doubt running Microsoft's static troubleshooter is going to show me much about what might dynamically be messing with system. My internet connection functions just fine.

Right now, my prime suspect is the "Microsoft Solitaire Collection". Yes, the online card game application.

"Solitaire Collection" does not function "properly" using my proxy settings and Privoxy configuration. Apparently "Solitaire Collection" wants to connect to the internet, for purposes I cannot find clearly documented anywhere, in a way that Privoxy is configured to block. Under normal circumstances, in order for this to function "properly", I would have to dig into the diagnostics Privoxy generates at runtime to figure out what the "Solitaire Collection" is trying to do, who/what it is trying to reach, and explicitly configure Privoxy to permit it.

My suspicion is that when it fails to reach the internet, the "Solitaire Collection" is silently, without my knowledge or consent, blanking out my proxy configuration. Perhaps "Solitaire Collection" wants to serve (potentially un-vetted) third-party advertising? If so, Privoxy is doing exactly what I want it to do (i.e. blocking "Solitaire Collection"). And if in fact "Solitaire Collection" is blanking out my proxy configuration to circumvent my security (i.e. Privoxy), IMO that would constitute a malware exploit (and would put Microsoft in the business of producing malware, bundling it into their product offerings without disclosure, etc).

I have re-entered my proxy configuration, will refrain from using "Solitaire Collection" for several days, and observe what happens. Then I will resume using the "Solitaire Collection" and observe what happens.

Another update in a couple of days.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Since you've mentioned that it looks like a malware activity you're having on your Proxy issue, our Answer Desk can further assist you in terms of your security concerns.

You may share with us how you will get to resolve the issue you're experiencing to also help those who might be having the same issue as yours.


Best.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

So, it doesn't appear that "Solitaire Collection" is the culprit, nor in fact does there appear to be any malware on my system.

My new hypothesis:

There are two basic paths for manually configuring proxy settings: via "Control Panel>Internet Options>Connections>LAN Settings", and via "Settings>Network & Internet>Proxy>Manual proxy setup" (i.e. "old school" control panel and "new school" control panel).

These two control panels are SUPPOSED to operate as different access methods for the same underlying mechanism (the underlying mechanism resides in the Windows Registry), and most of the time this works properly. However, intermittently and at random, it appears this does not work properly.

When I configure proxy settings via the "old school" control panel, the configuration appears to take force and function, but can somehow get "blanked", at a frequency of several times a day. When I configure proxy settings via the "new school" control panel, the settings are much more reliable. The settings can occasionally end up blanked, but at a frequency of a couple incidents a week (it is still not clear what is causing this blanking). My guess is that while there is Registry "overlap", the "old school" and "new school" control panels do not use exactly the same set of Registry variables, both control panels want to be "the" authority, and can end up walking on each other's Registry variables.

So, I am configuring proxy settings exclusively via the "new school" control panel, and checking them the same way several times a day. I avoid even examining them (much less trying to modify them) via the "old school" control panel. The configuration functions properly and has remained stable for about a week now (with exactly two incidents of blanking, cause unknown).

BTW, the free evaluation version of Malwarebytes wants to control these settings as well, and will quarantine and blank the relevant Registry values when it scans. And while Malwarebytes supposedly provides a way for the user to control/(re)establish these settings via Malwarebytes, the free evaluation version apparently ignores its own configuration. It just quarantines and blanks these settings no matter how you configure Malwarebytes to control them. So, I have uninstalled Malwarebytes.

5 people were helped by this reply

·

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

I have the same issue, and it's been running since about mid-September - when I got the Creators' Update for my copy of Windows 10.

Avast found nothing; Malwarebytes finds the same "Proxy hijacker" tools in the registry every time I switch the computer back on despite removing them the previous session - and sometimes the hijacking entries reappear during the day if I have my laptop on for any length of time.

My next attempt to fix things will be taken from this thread (http://www.tomshardware.co.uk/answers/id-3125743/proxy-settings-resetting.html) - note the detective work done by Yogi6969, who says "The program that cause this chaos is isupdate.exe and can be found here: C:\Program Files (x86)\InstallShield".

The next time I can check to see if this works on reboot will be over the weekend, but I'll try to pop back to provide an update.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.