Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!
Member
So. After I sent those logs just now.
I removed all those unknown accounts in permissions under the security tab for msedge.exe (Ty for info on needing to remove inheritance)
Does not redirect now!
I tried restarting to see
Still fixed and not redirecting
How did those bogus permissions get in there I wonder.
And what malware is left is the question now.
So that's a thing.
Malware Expert
Very strange. Since the permissions were inherited can you look at the C:\ Properties and see if the unknown stuff is there too?
Also search for
regedit
hit Enter
That should open the Registry Editor. Look for HKEY_USERS and click on the arrow in front of it to open it up. Take a screen shot and post it. I'm curious if any of the unknown accounts show up there.
Member
well well... look at that. good call.
those users reg folders are chuck full of stuff thats not in my default one
special permissions for stuff
this seems pretty aggressive no?
Should I remove all the permissions at the base level? or something else. scorched earth?
Edit: Yeah, its everywhere.
Edit 2: i went to sign in to microsoft.com in edge (just to check) when i did the old issue came back and the browser started redirecting again. when i signed out and restarted edge it went back to being fixed. is my Microsoft account compromised and being logged in gives it access?.i logged out of my google account on edge before we started troubleshooting. do you think it got into there as well?
i dont have any particular sensitive data on this machine. the only bank account that was in there is secured, and also not a main account of mine, theres nothing in it. its a debit. msoft and google accounts being compromised would not be fun though.
Edited by Ghoulartist, Yesterday, 01:16 AM.
Malware Expert
If a reset is an option that might be the way to go. Might save time in the long run. You can try the built in reset option in Settings, Update & Security, Recovery. Supposedly you can save your data tho I don't think I would trust it to save the data.
If you really want to scorch earth it, download Win 10 from:
https://www.microsof...nload/windows10
scroll down to
Create Windows 10 installation media
and click on Download Now.
Follow the instructions
Using the tool to create installation media (USB flash drive, DVD, or ISO file) to install Windows 10 on a different PC (click to show more or less information)
You will need a USB drive 8GB or bigger. (DVD will not work as the file is too big)
Then boot from the USB drive. Before it installs it will show you the existing partitions. Delete (red x) each partition. Then let it install.
You can tell it to Skip when it asks for the license. It should pick it up automatically.
Once it finishes and reboots pull the USB drive so it doesn't try to start over.
It will need a lot of updates when done. Settings, Updates & Security, Check for Updates. Also View optional updates, Driver Updates.
The Windows update that ends in 441 will fail. The fix is to resize the recovery partition using this procedure.
https://support.micr...a9-24c8229763bf
Alternatively you can try clearing the cache in Edge to see if that helps with the redirects.
https://www.microsof...ies?form=MA13I2
There is also a reset Edge option.
https://www.bulldogt...t-edge-browser/
Member
Yeah I'm going scorched earth. It's pervasive and aggressive. It won't even let me delete the regkeys.
It has security access to everything. and when I get down and dirty with removing permissions and stuff on a high level it just comes back. Among other things.
So I started the process last night. Did a Windows reset where it keeps your files just to see if the malware would hang around. Sure enough it sticks around with that reset. Which is what I was expecting.
Now to reformat for real.
Is there a reason I should do scorched earth with win10 instead of win11 boot?
Member
I have a very serious problem. I went scorched earth and formatted windows with a completely fresh install booted from a USB key. Formatted it and everything.
It's STILL there...
Is my microsoft account affected?
Is this one of those malware attacks that gets into the BIOS? Or maybe it hung around in another partition it made?
I'm officially out of my depth. How can I proper format this thing and rid myself of this?
Malware Expert
Could be your router is infected. Try logging on to it and doing a reset to factory.
Member
Ok. So apparently (please confirm or correct me. I have more research to do myself) those unknown accounts (s-1-25...etc)
Are how windows displays old users and permissions for certain apps.
However I have 4-5 of them. You can see them In reg edit just like the above pic. Which from what I'm looking up is unusual
But Edge is no longer redirecting.
It's possible I went on a wild goose chase with the unknown accounts. Maybe not. I'm going to try to find out. This was not a thing when I used to troubleshoot more back in the day with win 7,8,10.
However. The unknown accounts seem (to me) a huge security risk, and there's people on Microsoft forms that agree (who knows if they're right) It's possibly even how the hijack got in. I don't know.
What i do know, is I'm going to go scorched earth again. And when win11 comes up to connect I'm going to disconnect it and put it airplane mode.
Let's see if it's the same deal.
I've had this machine refurbished via msoft warranty on it.
So Its possible that the 3-4 old user account are on there from that...And the resets it's had. i'm not sure.
Are you familiar with this stuff?
0 members, 20 guests, 0 anonymous users
Community Forum Software by IP.Board
Licensed to: Geeks to Go, Inc.
Sign In
Create Account
