Tech Home The Bacon

Cowboy IT | Technologist

Mac OS X Sock Proxy Enabled After Every Reboot

Problem:

Operating System: Mac OS X 10.14.4

The end user was experiencing internet connectivity outages randomly with Mail and Safari apps. Using the terminal I was able to ping google.com while other apps like Safari wouldn’t load any websites.

I noticed in the network settings that a Sock Proxy was enabled with localhost withport 8080. I knew this had to be the reason for the internet connectivity problem so I removed the setting and immediately was able to surf the internet again and receive email on the Mail app.

Just out of curiosity I reboot the Mac and the Sock Proxy settings came right back. I rebooted the Mac several more times and the Sock Proxy would re-enable itself every single time.

Google searches turned up questions about a Sock Proxy on Mac that would return after every reboot, but no real solutions.

Solution:

Something was controlling a proxy on the machine and I knew it was coming from somewhere. After searching the file system I finally found it here /var/root/.mitmproxy

After removing this entire directory I was able to surf the internet and use the Mac Mail app without the network connectivity dropping.

I reboot the Mac several times after that and the Sock Proxy settings did NOT return.

Edit: An easier solution is to run Malwarebytes for Mac. It will detect and remove the adware for you.

4 Comments

  1. Hello Jacob, do you – by any chance – know which malware or app installs this MITM proxy? Some of our users had the same problem, and I’m curious what they did (they deny everything)…

  2. Follow up to my first post. It was installed along side an obituary search application.

Leave a Reply

Your email address will not be published. Required fields are marked *

© 2019 Tech Home The Bacon

Theme by Anders NorenUp ↑