1. Joined : Aug 2016
    Posts : 28
    windows 10 Home
       20 Oct 2016 #1

    Edge Browser hijack scam


    Last night I got the scam where the Browser (Edge) is locked and a message pops up saying to call a number. There is a computerised voice telling me I have a problem.

    I can open Explorer ok and am using it to type this. I ran AV (Defender & MBAM) but nothing came up.
    I disconnected my router and went back to Edge and I seemed to be able to clear that scam page. But did not connect the modem.

    Today
    Connected modem & downloaded ADwcleaner. It found nothing except for the following;

    Is it ok to delete this registry stuff?
    ***** [ Registry ] *****
    Key Found: HKLM\SOFTWARE\Classes\protector_dll.Protector
    Key Found: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
    Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
    Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
    Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
    Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
    Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector
    Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1
    Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
    Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
    Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
    Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
    Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C168639F-5810-4EC8-B1E8-0251AA8A771C}

    ***** [ Web browsers ] *****
    No malicious Firefox based browser items found.
    No malicious Chromium based browser items found.
      My System SpecsSystem Spec


  2. Joined : Apr 2015
    Posts : 9,115
    W10Prox64
       20 Oct 2016 #2

    Jeddie said: View Post
    Last night I got the scam where the Browser (Edge) is locked and a message pops up saying to call a number. There is a computerised voice telling me I have a problem.

    I can open Explorer ok and am using it to type this. I ran AV (Defender & MBAM) but nothing came up.
    I disconnected my router and went back to Edge and I seemed to be able to clear that scam page. But did not connect the modem.

    Today
    Connected modem & downloaded ADwcleaner. It found nothing except for the following;

    Is it ok to delete this registry stuff?
    ***** [ Registry ] *****
    Key Found: HKLM\SOFTWARE\Classes\protector_dll.Protector
    Key Found: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
    Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
    Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
    Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
    Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
    Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector
    Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1
    Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
    Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
    Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
    Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
    Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C168639F-5810-4EC8-B1E8-0251AA8A771C}

    ***** [ Web browsers ] *****
    No malicious Firefox based browser items found.
    No malicious Chromium based browser items found.

    Yep - get rid of that stuff.
      My System SpecsSystem Spec


  3. Joined : Aug 2016
    Posts : 28
    windows 10 Home
       21 Oct 2016 #3

    simrick said: View Post
    Yep - get rid of that stuff.
    Thanks Simrick.

    I just cleaned it. Went back to Edge and it opens ok. The hijack crap is gone.

    Anything else I need to do?
      My System SpecsSystem Spec


  4. Joined : Apr 2015
    Posts : 9,115
    W10Prox64
       21 Oct 2016 #4

    Jeddie said: View Post
    Thanks Simrick.

    I just cleaned it. Went back to Edge and it opens ok. The hijack crap is gone.

    Anything else I need to do?
    You're welcome Jeddie.
    A full (custom) scan with Malwarebytes AntiMalware Free (be sure to check the box for rootkits) wouldn't hurt.
    Also might want to use OpenDNS servers on your NIC and Malwarebytes AntiExploit (free) to help in the future.
    Cheers!
      My System SpecsSystem Spec


  5. Joined : Sep 2014
    Posts : 2,914
    Windows 10 Pro
       21 Oct 2016 #5

    Jeddie said: View Post
    ***** [ Web browsers ] *****
    No malicious Firefox based browser items found.
    No malicious Chromium based browser items found.
    That's because what you were experiencing wasn't actually a virus, or malware per se. It was just a web page that makes clever use of javascript to prevent you from navigating away. Of course, when you kill the browser, it just reopens the same page and you're back to where you were.

    What you did is exactly the correct thing, disconnect the computer from the internet, kill the browser, then reopen it. Since it can't now reach the page, it just gives you an error and no javascript executes, so you can close it out and you're good after that. No viruses, no malware.

    While It looks like you had some other malware on there, they weren't related to the page you saw. That's strictly an annoying page. FYI, there exists similar hijack pages for most (if not all) of the major browsers.
      My System SpecsSystem Spec


  6. Joined : Aug 2016
    Posts : 270
    Windows 10 Home
       21 Oct 2016 #6

    Jeddie,

    One more program for you, it complments ADWCleaner, which you already ran.

    Please proceed to:
    Downloading Junkware Removal Tool
    Save it to the Desktop

    Temporarily shutdown your antivirus to avoid any conflicts.

    Right-click on JRT.exe and select: Run as Administrator
    Press any key to launch the scan, and let it finish.

    Once the scan completes, a report called JTR.txt opens on the Desktop.

    Please copy/paste the content of the JTR.txt in your reply.
      My System SpecsSystem Spec


 


Similar Threads
Thread Forum
Solved Can't get rid of browser hijack in Edge.
Got hit with a drive by browser hijack which has set my Edge start page to Yahoo Search - Web Search It also disabled the Home button and changed my default search from Google to Yahoo. I tried the Edge reset powershell script. That failed....
Browsers and Email
Ms Edge Browser.
I am running windows 10 preview 14393.5. I have the following questions. 1. In ms edge the cast to device is greyed out, is this normal? 2. Will cast to device work with 1st generation google cast device? Henry
Browsers and Email
ms new edge browser
anyone know when ms plans to allow plugins to work with edge ? is kinda a useless browser without them
Browsers and Email
Add-ons For Edge Browser
Hi :party: from where I can download Add-ons For Edge Browser ?
Browsers and Email
Solved Edge Browser
How do I download & install the Edge Browser? Tully
Browsers and Email
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 23:00.
Find Us
Twitter Facebook Google+



Windows 10 Forums