ask for help: a worm/virus makes fake proxy

I have a worm or virus (?) that changes my internet options:
it force the browsers to use a proxy: 125.75.235.127
i’ve reinstalled firefox and avast
what can i do?

https://forum.avast.com/index.php?topic=53253.0

Monitoring.

This is a socks proxy, does not work now via port 1080 abused in spam activity on pop.3d
Re: http://multirbl.valli.org/lookup/125.75.235.127.html
http://myip.ms/view/comp_ip/2102127487/125.75.235.127
It is blacklisted: https://www.megarbl.net/check/125.75.235.127
This IP is part of AS4134 ( CHINANET-BACKBONE No.31,Jin-rong Street )
If you are a representative of AS4134, please also check IPs listed on AS4134

SPAM was sent from this IP address.
This IP is listed since : 2013-05-13 16:20 GMT+1
See: http://www.reputationauthority.org/lookup.php?ip=125.75.235.127&d=delfi.lvsaw

We saw attacks: List of attacks for this IP: 125.75.235.127
See list of: http://greensnow.co/view/92.143.103.172#listeAttaques

Hours 2014-02-13 22:59:02
Attack smtp
Server nova.planethoster dot net

See: http://myip.ms/view/comp_ip/2102127487/125.75.235.127

Two threat categories found: Proxy found Network found

polonus

Some more particulars or blocking reasons: SORBS results:

Problem Entries, (listings will cause email problems.)
109 “Hacked” entries [20:21:25 18 Mar 2014 GMT+00].
125.75.235.127 - 109 entries [20:21:25 18 Mar 2014 GMT+00].
2574 “Spam” entries [16:09:13 20 Apr 2014 GMT+00].
125.75.235.127 - 2574 entries [16:09:13 20 Apr 2014 GMT+00].

Usage classification (only important if you run your own mailserver.)
1 “DUHL” entries [20:27:17 16 Mar 2008 GMT+00].
125.75.224.0/19 - 1 entries [20:27:17 16 Mar 2008 GMT+00].
Note: Active “exDUHL” entries mean that the IP/Network has been unblocked for some or all IPs from the DUHL.

Problem hostnames/domains (could cause email problems.)
89 “Spamvertised” entries [18:49:55 21 Mar 2014 GMT+00].
125.75.235.127 - 89 entries [18:49:55 21 Mar 2014 GMT+00].
Note:These entries are for URLs or email domains, the IPs that may show up as ‘spamvertised’ only indicate where the URL/Host was seen being sent from. Listings for IPs that are ‘spamvertised’ will not usually cause blocking problems unless the email contains the IP address as a URL
Note: For a more detailed view you have to be registered and logged in.

Current Listings (active)
Historical Listings (inactive)
Current Listing with an active exception
Current Listing however, listings of these types can help mail delivery rather than cause blocking.


Quote taken from: SORBS Data Page Listing Page results

polonus