I just worked through troubleshooting a network issue for my mother-in-law. Her symptoms were that after rebooting her Mac she could get to one website through Safari, then no other requests complete. I was able to start a screen sharing connection and I could then ping and use curl to access other sites from her machine, but all browser traffic would fail. I found a SOCKS proxy enabled that was redirecting all web traffic to localhost:8080. There was an exclusion for 169.254/16, but that looks like it's a default. I disabled the proxy and web traffic resumed. There was also a Profile installed on March 15th that was titled "LeadingChannelSearch". I'm kicking myself because I didn't copy down the info that was listed, which did include an update web address.
She then informed me that this all started around the 15th when she was at a restaurant. She was using the WiFi and a bunch of windows started popping up so she shut everything down.
So, I'm assuming that she connected to a malicious hotspot that prompted her to install the profile and changed her proxy settings. I'm guessing that there may be a proxy server still running on her machine.
Does anyone have any tips on where to search next or where I can look for more info on this. "LeadingChannelSearch" has zero hits, so I'm guessing that is a random title.
Any suggestions or ideas where else to look?
She then informed me that this all started around the 15th when she was at a restaurant. She was using the WiFi and a bunch of windows started popping up so she shut everything down.
So, I'm assuming that she connected to a malicious hotspot that prompted her to install the profile and changed her proxy settings. I'm guessing that there may be a proxy server still running on her machine.
Does anyone have any tips on where to search next or where I can look for more info on this. "LeadingChannelSearch" has zero hits, so I'm guessing that is a random title.
Any suggestions or ideas where else to look?
