{"id":5103,"date":"2019-07-15T14:52:45","date_gmt":"2019-07-15T20:52:45","guid":{"rendered":"https:\/\/ramblindan.org\/?p=5103"},"modified":"2019-07-15T19:43:43","modified_gmt":"2019-07-16T01:43:43","slug":"macos-localhost8080-socks-proxy-issue","status":"publish","type":"post","link":"https:\/\/ramblindan.org\/?p=5103","title":{"rendered":"macOS Localhost:8080 SOCKS Proxy Issue"},"content":{"rendered":"
\"Proxy<\/a>

The Proper Normal Screen<\/p><\/div>\n

There has been an Issue with my MAC mini with Mojave V. 10.14.5. I am being specific here as I don\u2019t know how universal this issue is.  <\/span>Some thing (maybe a virus) has been installing a SOCKS proxy server at localhost port 8080. on my Ethernet connection. I haven\u2019t tried a Wifi connection. I want the speed of a wired LAN connection.<\/p>\n

What that does, is create many timeouts with the MAC Mail application and blocks access for Safari from reaching the internet. I have searched the internet and found other users experiencing the problem. However, no-one has posted a solution.<\/p>\n

One other problem was that at cold or warm boot, the HDMI video would start for a few seconds then permanently blank out to blank (black). Another re-boot was necessary to get HDMI video back and to stay on.<\/p>\n

I have deleted the SOCKS proxy many times and it will re-install every time. Not immediately but usually after a reboot or cold start. I have set the auto discover off and tried, unchecked proxy and deleted localhost and the 8080. It always comes  back.<\/p>\n

On one internet search I saw a table entry that wasn\u2019t explained. There is an input box in the proxies table. Its labeled \u201cBypass proxy settings for these Hosts & Domains:<\/b>\u201d In the box was entered: *.loca<\/b>l, 169.254\/16<\/b><\/p>\n

OH! That\u2019s very interesting.<\/h3>\n

I checked the WiFi setup in my MAC and it also had the \u201c.local, 169.254\/16\u201d and there again was the <\/span>\u201cbad\u201d SOCKS proxy for localhost:8080! <\/span><\/p>\n

The 169.254\/16 entry is an internal (local) LAN only IP assignment. It does not connect to anything on the Internet. The IP range is used when DHCP can\u2019t be obtained for a local LAN connection like a computer to computer direct connection.<\/p>\n

So, I made the same bypass entry and the dirty little SOCKS issue seems to have gone away! I don\u2019t know which table entry solved the problem. <\/span><\/p>\n

The real problem is still whatever malware is creating the SOCKS Proxy server.<\/p>\n

Here is the path to the entry screen, shown in the lead photo, for making this bypass addition (if missing).<\/p>\n

System Preference \/ Network \/ Ethernet \/ Advanced \/ Proxies<\/p>\n

With this bypass configuration, the localhost proxy:8080 seems to be harmless when  <\/span>it reinstalls, but who knows what else it may be doing (like spyware…)<\/p>\n

Now to fix that SOCKS problem.<\/h3>\n

I had to buy software to fix the dirty SOCKS problem. I purchased a program called Antivirus VK<\/b> from the Apple App Store. My assumption is such software sold there has been vetted by Apple. This is not a product ENDORSEMENT OR RECOMMENDATION.<\/p>\n

The scan found two infections spread out in about eight files \/ directories that are virus malware. Three directories had to be deleted manually using the admin password. Deeply imbedded from easy or auto removal.<\/p>\n

With them all removed, so far there have been no more<\/span> SOCKS server loaded at boot time.<\/p>\n

I think the malware was installed when I attempted to load an Adobe Flash<\/strong> update. It also dumped in a lot of unwanted bloat\/option-ware that I think caused my problem.<\/p>\n

The update looked like a official Adobe site, but later investigation revealed it had to be a spoofed Adobe website. I went to the real Adobe update site through proper channels and there is no concealed \u201coption-ware\u201d attached to the official Adobe update source.<\/p>\n

Lesson re-learned. Pay VERY close attention to what I choose to load on my computer.<\/p>\n","protected":false},"excerpt":{"rendered":"

There has been an Issue with my MAC mini with Mojave V. 10.14.5. I am being specific here as I don\u2019t know how universal this issue is.  Some thing (maybe a virus) has been installing a SOCKS proxy server at localhost port 8080. on my Ethernet connection. I haven\u2019t tried a Wifi connection. I want the speed of a wired LAN connection. What that does, is create many timeouts with the MAC Mail application and...<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ngg_post_thumbnail":0,"footnotes":""},"categories":[38],"tags":[202,203,206,207],"class_list":["post-5103","post","type-post","status-publish","format-standard","hentry","category-computersoftware","tag-email","tag-mac","tag-macos","tag-socks"],"_links":{"self":[{"href":"https:\/\/ramblindan.org\/index.php?rest_route=\/wp\/v2\/posts\/5103","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ramblindan.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ramblindan.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ramblindan.org\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ramblindan.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5103"}],"version-history":[{"count":0,"href":"https:\/\/ramblindan.org\/index.php?rest_route=\/wp\/v2\/posts\/5103\/revisions"}],"wp:attachment":[{"href":"https:\/\/ramblindan.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5103"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ramblindan.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5103"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ramblindan.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5103"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}