I am running IE8 & Firefox 3.0.12 on an XP SP3 PC at work. I think some program is overwriting my proxy settings. How do I figure out what that program is?
I set the proxy settings to :
proxy.domain.com port 8080
This will be overwritten at some later stage to :
localhost 8888
This problem is particularly bad for Firefox. Every time I open it the settings have been changed.
Best Answer
That sounds like malware behavior. Try to figure out how long it takes for the settings to be overwritten. Once you know how big the window is for it to change. Then you know how long it should take to happen again. Run process explorer and then kill processes that look suspicious until the behavior stops. When it stops, you likely have enough information to proceed.
I would pay especially close attention to "rundll" and "svchost" processes as these are methods which are especially convenient to hide malware on your system.
Get Process Explorer Here