Tech Home The Bacon

Cowboy IT | Technology Blog

Mac OS X Sock Proxy Enabled After Every Reboot

Problem:

Operating System: Mac OS X 10.14.4

The end user was experiencing internet connectivity outages randomly with Mail and Safari apps. Using the terminal I was able to ping google.com while other apps like Safari wouldn’t load any websites.

I noticed in the network settings that a Sock Proxy was enabled with localhost withport 8080. I knew this had to be the reason for the internet connectivity problem so I removed the setting and immediately was able to surf the internet again and receive email on the Mail app.

Just out of curiosity I reboot the Mac and the Sock Proxy settings came right back. I rebooted the Mac several more times and the Sock Proxy would re-enable itself every single time.

Google searches turned up questions about a Sock Proxy on Mac that would return after every reboot, but no real solutions.

Solution:

Something was controlling a proxy on the machine and I knew it was coming from somewhere. After searching the file system I finally found it here /var/root/.mitmproxy

After removing this entire directory I was able to surf the internet and use the Mac Mail app without the network connectivity dropping.

I reboot the Mac several times after that and the Sock Proxy settings did NOT return.

Edit: An easier solution is to run Malwarebytes for Mac. It will detect and remove the adware for you.

2 Comments

  1. Hello Jacob, do you – by any chance – know which malware or app installs this MITM proxy? Some of our users had the same problem, and I’m curious what they did (they deny everything)…

Leave a Reply

Your email address will not be published. Required fields are marked *

© 2019 Tech Home The Bacon

Theme by Anders NorenUp ↑