Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Edge browser highjacked w/ redirects to horoscope.com and kosearch.com

Started by Ghoulartist , Apr 12 2024 02:25 AM

  • Please log in to reply

#16
Ghoulartist
Posted Yesterday, 04:28 PM

Ghoulartist

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

So. After I sent those logs just now. 

 

I  removed all those unknown accounts in permissions under the security tab for msedge.exe (Ty for info on needing to remove inheritance) 

 

Does not redirect now!

I tried restarting to see 

Still fixed and not redirecting

 

How did those bogus permissions get in there I wonder. 

 

And what malware is left is the question now. 

 

 

So that's a thing. 


  • 0

Advertisements

#17
RKinner
Posted Yesterday, 10:02 PM

RKinner

    Malware Expert

  • Expert
  • 24,622 posts
  • MVP

Very strange.  Since the permissions were inherited can you look at the C:\ Properties and see if the unknown stuff is there too?

 

Also search for

regedit

hit Enter

 

That should open the Registry Editor.  Look for HKEY_USERS and click on the arrow in front of it to open it up.  Take a screen shot and post it.  I'm curious if any of the unknown accounts show up there.


  • 0

#18
Ghoulartist
Posted Yesterday, 10:26 PM

Ghoulartist

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

well well... look at that. good call. 

 

those users reg folders are chuck full of stuff thats not in my default one

 

special permissions for stuff

 

this seems pretty aggressive no?

Should I remove all the permissions at the base level? or something else. scorched earth?

 

 

Edit: Yeah, its everywhere.  

 

Edit 2: i went to sign in to microsoft.com in edge (just to check) when i did the old issue came back and the browser started redirecting again. when i signed out and restarted edge it went back to being fixed. is my Microsoft account compromised and being logged in gives it access?.i logged out of my google account on edge before we started troubleshooting. do you think it got into there as well?

 

i dont have any particular sensitive data on this machine. the only bank account that was in there is secured, and also not a main account of mine, theres nothing in it. its a debit. msoft and google accounts being compromised would not be fun though.

Attached Thumbnails

  • Screenshot 2024-04-15 002236.png
  • Screenshot 2024-04-15 002441.png

Edited by Ghoulartist, Today, 01:16 AM.

  • 0

#19
RKinner
Posted Today, 09:12 AM

RKinner

    Malware Expert

  • Expert
  • 24,622 posts
  • MVP

If a reset is an option that might be the way to go.  Might save time in the long run.  You can try the built in reset option in Settings, Update & Security, Recovery.  Supposedly you can save your data tho I don't think I would trust it to save the data.  

 

If you really want to scorch earth it, download Win 10 from:

https://www.microsof...nload/windows10

scroll down to 

Create Windows 10 installation media

and click on Download Now.

Follow the instructions 

Using the tool to create installation media (USB flash drive, DVD, or ISO file) to install Windows 10 on a different PC (click to show more or less information)

You will need a USB drive 8GB or bigger. (DVD will not work as the file is too big)

 

Then boot from the USB drive.  Before it installs it will show you the existing partitions.  Delete (red x) each partition.  Then let it install.

You can tell it to Skip when it asks for the license.  It should pick it up automatically.

Once it finishes and reboots pull the USB drive so it doesn't try to start over.

It will need a lot of updates when done.  Settings, Updates & Security, Check for Updates.  Also View optional updates, Driver Updates.

 

The Windows update that ends in 441 will fail.  The fix is to resize the recovery partition using this procedure.

https://support.micr...a9-24c8229763bf

 

 

Alternatively you can try clearing the cache in Edge to see if that helps with the redirects.

https://www.microsof...ies?form=MA13I2

 

There is also a reset Edge option.

https://www.bulldogt...t-edge-browser/


  • 0

#20
Ghoulartist
Posted Today, 03:20 PM

Ghoulartist

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Yeah I'm going scorched earth. It's pervasive and aggressive. It won't even let me delete the regkeys.

 It has security access to everything. and when I get down and dirty with removing permissions and stuff on a high level it just comes back. Among other things. 

 

So I started the process last night. Did a Windows reset where it keeps your files just to see if the malware would hang around. Sure enough it sticks around with that reset. Which is what I was expecting. 

 

Now to reformat for real. 

 

Is there a reason I should do scorched earth with win10 instead of  win11 boot? 


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

9 user(s) are reading this topic

0 members, 9 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP