Browser hijacked (Edge)

[Craig234]

A website popped up in the Edge browser which locked it up. It demands calling a phone number.

Nothing else can be done in the browser. It can only be killed in task manager.

Rebooting made no difference, as soon as Edge is re-opened, the window pops up (with beeping).

So, I ran spybot - no fix.

So, I ran Malwarebytes - no fix.

So, googling I found a guide to run 'Hitman' - no fix.

Now, here.

I saw in the similar thread, to run 'Reason Core Security' - it's running now.

Windows 10 Pro. (Using IE for posting).

Coincidence:

While this is going on I started getting about 6 of those 'Windows Support' scam calls in a row.

 

[Craig234]

Reason Core Security, 3 threats found and fixed.

Problem not fixed.

 

[Craig234]

By clicking on the program I got a second copy of edge to open without the lockout while the lockout runs in the first window. By doing that I was able to clear all the browsing history thinking maybe that would help if it's re-opening the lockout window on startup. It didn't fix it.

Sometimes, starting it has a brief delay while it loads the bad site, so I tried typing something else in the browser window quickly and hitting enter to see if it wouldn't go to the site - didn't fix it.

I could try some sort of rollback but don't think I have saved checkpoints, I'll check on it.

 

[Craig234]

Nope. 'File history' is turned off.

 

[balloonshark]

Have you tried searching bleeping computer for a removal guide? http://www.bleepingcomputer.com/virus-removal/

I can't really help but in order for you to get more help what site do you land on or what does the page say?

 

[Craig234]

Here's a picture of the browser hijack:

http://s1376.photobucket.com/user/Craig2345/media/Browser hijack/hijack_zpscekd3ldb.png.html?sort=3&o=0

 

[Craig234]

I looked at bleeping computers, it's not clear - it has things for various hijacking, none of which are a match.

They have various programs to download, I'm trying the first.

Edit: Oh, it does look like they have a match, trojanhorsexxx.com scam.

I'll look at that.

 

[Craig234]

Looks like it's fixed - the program I ran 'adware' removed a bunch of things. Then Edge popped up the hijack window, but now it was a regular website that could be closed and looked different.

I closed it, cleared browsing history, and restarted Edge - it's gone. Bleeping computers had a longer list to run several things, but that seemed to do it.

 

[balloonshark]

Good to hear you got it fixed. It says it may have been installed by something you recently installed. Any ideas on what they may have been? If so upload the file to virustotal to be scanned and check out the results. In the future if you download anything under 128MB upload it to virustotal before you run it. I go a step further and scan my downloads with hitman pro free and malwarebytes free as well as my AV (which should scan the file automatically regardless).

You may also want to go ahead and finish the bleeping computer procedure to remove any remnants.

 

[Craig234]

Good to hear you got it fixed. It says it may have been installed by something you recently installed. Any ideas on what they may have been? If so upload the file to virustotal to be scanned and check out the results. In the future if you download anything under 128MB upload it to virustotal before you run it. I go a step further and scan my downloads with hitman pro free and malwarebytes free as well as my AV (which should scan the file automatically regardless).

You may also want to go ahead and finish the bleeping computer procedure to remove any remnants.

Thanks. I saw that but don't think I'd installed anything recently - it seemed to be caused by internet browsing. I generally only install safe things.

I was a bit disappointed so many tools didn't fix or even find it until the one that did.

 

[balloonshark]

Check that your add-ons (flash, java, etc.) and all your internet facing apps (pdf readers, itunes, browsers, etc.) are all up to date. I'm assuming your OS is up to date.

The best and fastest malware removal tool is a recent and malware free system image.

 

[Dude111]

Im glad ya got it corrected Craig

 

[Elixer]

I haven't heard of that particular malware coming from anything but installing something else, and that was injected into it.
I suppose it could be another flash exploit though, and that is how it got installed.

 

[mikeymikec]

There's a powershell script for reinstating Edge (as well as an appdata folder you can nuke), have you done that?

 

[JEDIYoda]

I disabled Edge because it kept getting hijacked! Don`t need Edge!

 

[Craig234]

Thanks 111. No, I haven't 'reinstated Edge', but that problem has been fixed. There's a new one though, might make a thread about it.

 

[Ns1]

Uncle, is that you?

https://forums.anandtech.com/thread...ecurity-loadout-for-a-new-windows-pc.2476957/