ItsGeekToMe.co

Q: As a devoted reader, I greatly appreciate all the excellent information that you so well provide.  After reading today’s column thought I’d give a shot on my own problem.

I have Win 10, running Avast Free Antivirus and for nearly a year have received an Avast Warning Threat Popup for wpad.dat and the indication I should upgrade my program. Avast Smart Scan detects no problems nor Malwarebytes and all the other free programs that supposedly detect problems. Have checked the internet and tried all the suggestions found except for signing up for paid service. Thought the problem was associated with Avast so uninstalled, reloaded a new copy and tried again with same results. I do not use dpad, do note there is a registry key with that information, wonder if I can eliminate the popup with deleting the appropriate registry key or do you have any other suggestions to resolve my problem of harassment from constant popups.

– Corwin D.
Mary Esther, Florida

A:  The item you cited – WPAD – isn’t necessarily a program.  WPAD is an acronym that stands for Web Proxy Auto-Discovery, and it is a protocol that is used to locate a file that contains proxy information for specific URLs.  I won’t go any farther than that except to say if you’re geeky enough to want to read about the WPAD Protocol, either you probably already know what it is, or you should go Google it, because even I find the topic to be a bit over-the-top for my column.  What is important though, is that this file can be used as a malware attack vector on your PC, to redirect certain browser activity to a site you don’t intend.  This can be used to do anything from simply delivering ads when you’re trying to browse, to accomplishing a drive-by download of additional malware, or a man-in-the-middle attack on your PC.

Since you are getting those pop-up messages, it seems like the malware has been detected and at least partially disabled.  As I’ve mentioned in recent columns, some scanners are pretty good at breaking malware, but not necessarily at cleaning up all of what it did to your machine.  This results in errors such as what you’re getting.

One scanner that I didn’t see you mention, but which I have heard good things about as far as cleanly removing such malware is AdwCleaner.  You can get a copy of this free tool by visiting tinyurl.com/IGTM-0498. Another potential fix for this problem (if you’re using Firefox as a browser) is to remove it and re-install it to re-establish the proper registry key entries.  If you’re using Internet Explorer or Microsoft Edge, you should make sure there are no proxy servers redirecting your browser activity.  There are probably a dozen ways to get to the place in Windows where you do this configuration, but here’s one that should work for everybody, regardless of which version of Windows you run, or what browser you use: On your keyboard, press the key combination WinKey+R to bring up the “Run” dialog.  In the “Open” field, type “inetcpl.cpl” and click “Ok”.  In the “Internet Properties” dialog that appears, click the “Connections” tab, then click on “LAN Settings”.  In almost all cases for home users, the “Automatically detect settings” box should be checked, and the “Use automatic configuration script” box should be unchecked.  Under “Proxy Server” the “Use a proxy server for your LAN” should NOT be checked.  Unless your system is professionally administered (i.e. – is a company-owned asset, either at work or home) or you have some kind of security-oriented software such as a VPN, or you use some other kind of proxy service, your settings should match what I described above.  If you have any doubts, be sure and carefully write down your settings before making any changes, so you can restore them in case you accidentally break something.