Associated Links

Other websites associated with this blog. ________________________

macOS Localhost:8080 SOCKS Proxy Issue

Proxy Control Center

The Proper Normal Screen

There has been an Issue with my MAC mini with Mojave V. 10.14.5. I am being specific here as I don’t know how universal this issue is.  Some thing (maybe a virus) has been installing a SOCKS proxy server at localhost port 8080. on my Ethernet connection. I haven’t tried a Wifi connection. I want the speed of a wired LAN connection.

What that does, is create many timeouts with the MAC Mail application and blocks access for Safari from reaching the internet. I have searched the internet and found other users experiencing the problem. However, no-one has posted a solution.

One other problem was that at cold or warm boot, the HDMI video would start for a few seconds then permanently blank out to blank (black). Another re-boot was necessary to get HDMI video back and to stay on.

I have deleted the SOCKS proxy many times and it will re-install every time. Not immediately but usually after a reboot or cold start. I have set the auto discover off and tried, unchecked proxy and deleted localhost and the 8080. It always comes  back.

On one internet search I saw a table entry that wasn’t explained. There is an input box in the proxies table. Its labeled “Bypass proxy settings for these Hosts & Domains:” In the box was entered: *.local, 169.254/16

OH! That’s very interesting.

I checked the WiFi setup in my MAC and it also had the “.local, 169.254/16” and there again was the “bad” SOCKS proxy for localhost:8080! 

The 169.254/16 entry is an internal (local) LAN only IP assignment. It does not connect to anything on the Internet. The IP range is used when DHCP can’t be obtained for a local LAN connection like a computer to computer direct connection.

So, I made the same bypass entry and the dirty little SOCKS issue seems to have gone away! I don’t know which table entry solved the problem. 

The real problem is still whatever malware is creating the SOCKS Proxy server.

Here is the path to the entry screen, shown in the lead photo, for making this bypass addition (if missing).

System Preference / Network / Ethernet / Advanced / Proxies

With this bypass configuration, the localhost proxy:8080 seems to be harmless when  it reinstalls, but who knows what else it may be doing (like spyware…)

Now to fix that SOCKS problem.

I had to buy software to fix the dirty SOCKS problem. I purchased a program called Antivirus VK from the Apple App Store. My assumption is such software sold there has been vetted by Apple. This is not a product ENDORSEMENT OR RECOMMENDATION.

The scan found two infections spread out in about eight files / directories that are virus malware. Three directories had to be deleted manually using the admin password. Deeply imbedded from easy or auto removal.

With them all removed, so far there have been no more SOCKS server loaded at boot time.

I think the malware was installed when I attempted to load an Adobe Flash update. It also dumped in a lot of unwanted bloat/option-ware that I think caused my problem.

The update looked like a official Adobe site, but later investigation revealed it had to be a spoofed Adobe website. I went to the real Adobe update site through proper channels and there is no concealed “option-ware” attached to the official Adobe update source.

Lesson re-learned. Pay VERY close attention to what I choose to load on my computer.

2 comments to macOS Localhost:8080 SOCKS Proxy Issue