I get called upon to fix a lot of computer systems for people that I know. Of course, people hate to be a bother, and they only call me when things are already a disaster. Anyway, I get to see some very interesting things with malware, and sometimes I get an advanced look at the latest and greatest of this modern affliction.

A recent case was prompted by someone whose computer could no longer "get the Internet". Whatever Antivirus program that they were running was just not able to clear out what was ailing it, and they needed it fixed.

There was a time when the most common way to get a computer virus infection was to visit porn sites or download copies of unlicensed software. For a short while it was sufficient to keep your antivirus software up to date, and to be judicious in your web surfing habits, and you could be fairly confident that you would be safe from getting a virus.

Sadly, those days are over. The porn and warez sites were just the incubator, or kindergarten, if you will, for the rapidly maturing malware industry. There's big money in malware, and there is big criminal involvement that is backing it.

I knew that the halcion days were over about 2 years ago when I clicked on a link for a news article from the Google main page. The link was to a site that was reputable, but it was not safe. I was greeted with a popup that warned me about the site wanting to run a piece of software. Now I run Ubuntu Linux on my desktop computer. LInux computers don't run Windows programs natively, so when this Windows program, the virus, tried to run on my computer, I got a warning asking me if I really wanted to try to run it. Even if I had, I would have been safe because a Linux based pc doesn't have the same resources for the virus to afflict. But I knew at that moment that bad stuff was going to happen, and that no Windows based pc would be safe.

Since then I've removed all sorts of crud from many computers. Thankfully, there are some absolutely terrific resources available, and many of them are free. As a matter of fact, the best virus fighting resources that I've seen are free. We all owe a lot to those that donate their time and effort to ridding the world of malware.

The point of this article is to describe what happened after I used the free tools available to eradicate the malware from my friend's computer. I was sure it was clean. All the dll files that had been installed were removed from the system32 directory. all the dat and tmp files harboring hidden javascript. Yet, when you tried accessing the Web through either Internet Explorer or Firefox, the browser reported that it could not access the requested page.

I checked the network connection with ifconfig, and the network connection was good. I could also ping a know good ip address that was outside the local lan. And I could also ping a site like google.com or yahoo.com. Yet, the browser wouldn't access the Internet.

I thought perhaps a system file was corrupted, so I ran the system file checker utility (sfc). That ran through but afterward there was still no joy as far as web browsing was concerned. It then occurred to me that the malware must have set up a local web proxy, and now that it was removed, there was still a problem.

I've since learned that that this type of exploit is called a Layered Service Provider. There is a free utility to fix it called LSPfix, and you can find it here at Bleeping Computer, which is a great resource.

To fix this problem on this computer, I had to check on the advanced settings in Internet Explorer and Firefox. Both were set to look to the computer itself as the web proxy. They were both set to 127.0.0.1 as the proxy server, and that ip address always means the local machine.

In Intenet Explorer, from the menu choose tools -> intenet options. Go to the /connections\ tab, and check both the [settings] and [lan settings] buttons. If the proxy server address is filled in with a number like 127.0.0.1, I suggest clearing out that number before unchecking the box that says to use a proxy server.

In Firefox, go to the menu item marked tools -> options.... Choose [Advanced] at the top, and choose the /network\ tab. Click on the [settings] button and clear the values in the proxy server box before selecting the direct connection to the Internet radio button.

I also suggest looking into what's in your hosts and lmhosts files. If some malware bungs up these files, you could end up going to a fake site and putting in your username and password thinking that you are accessing your bank account.