Windows 10: Edge Browser hijack scam

  1.    20 Oct 2016 #1

    Edge Browser hijack scam


    Last night I got the scam where the Browser (Edge) is locked and a message pops up saying to call a number. There is a computerised voice telling me I have a problem.

    I can open Explorer ok and am using it to type this. I ran AV (Defender & MBAM) but nothing came up.
    I disconnected my router and went back to Edge and I seemed to be able to clear that scam page. But did not connect the modem.

    Today
    Connected modem & downloaded ADwcleaner. It found nothing except for the following;

    Is it ok to delete this registry stuff?
    ***** [ Registry ] *****
    Key Found: HKLM\SOFTWARE\Classes\protector_dll.Protector
    Key Found: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
    Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
    Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
    Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
    Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
    Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector
    Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1
    Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
    Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
    Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
    Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
    Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C168639F-5810-4EC8-B1E8-0251AA8A771C}

    ***** [ Web browsers ] *****
    No malicious Firefox based browser items found.
    No malicious Chromium based browser items found.
      My ComputerSystem Spec


  2. Posts : 12,199
    W10Prox64
       20 Oct 2016 #2

    Jeddie said: View Post
    Last night I got the scam where the Browser (Edge) is locked and a message pops up saying to call a number. There is a computerised voice telling me I have a problem.

    I can open Explorer ok and am using it to type this. I ran AV (Defender & MBAM) but nothing came up.
    I disconnected my router and went back to Edge and I seemed to be able to clear that scam page. But did not connect the modem.

    Today
    Connected modem & downloaded ADwcleaner. It found nothing except for the following;

    Is it ok to delete this registry stuff?
    ***** [ Registry ] *****
    Key Found: HKLM\SOFTWARE\Classes\protector_dll.Protector
    Key Found: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
    Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
    Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
    Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
    Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
    Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector
    Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1
    Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
    Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
    Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
    Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
    Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C168639F-5810-4EC8-B1E8-0251AA8A771C}

    ***** [ Web browsers ] *****
    No malicious Firefox based browser items found.
    No malicious Chromium based browser items found.

    Yep - get rid of that stuff.
      My ComputerSystem Spec

  3.    21 Oct 2016 #3

    simrick said: View Post
    Yep - get rid of that stuff.
    Thanks Simrick.

    I just cleaned it. Went back to Edge and it opens ok. The hijack crap is gone.

    Anything else I need to do?
      My ComputerSystem Spec


  4. Posts : 12,199
    W10Prox64
       21 Oct 2016 #4

    Jeddie said: View Post
    Thanks Simrick.

    I just cleaned it. Went back to Edge and it opens ok. The hijack crap is gone.

    Anything else I need to do?
    You're welcome Jeddie.
    A full (custom) scan with Malwarebytes AntiMalware Free (be sure to check the box for rootkits) wouldn't hurt.
    Also might want to use OpenDNS servers on your NIC and Malwarebytes AntiExploit (free) to help in the future.
    Cheers!
      My ComputerSystem Spec

  5.    21 Oct 2016 #5

    Jeddie said: View Post
    ***** [ Web browsers ] *****
    No malicious Firefox based browser items found.
    No malicious Chromium based browser items found.
    That's because what you were experiencing wasn't actually a virus, or malware per se. It was just a web page that makes clever use of javascript to prevent you from navigating away. Of course, when you kill the browser, it just reopens the same page and you're back to where you were.

    What you did is exactly the correct thing, disconnect the computer from the internet, kill the browser, then reopen it. Since it can't now reach the page, it just gives you an error and no javascript executes, so you can close it out and you're good after that. No viruses, no malware.

    While It looks like you had some other malware on there, they weren't related to the page you saw. That's strictly an annoying page. FYI, there exists similar hijack pages for most (if not all) of the major browsers.
      My ComputerSystem Spec


  6. Posts : 532
    Windows 10 Home
       21 Oct 2016 #6

    Jeddie,

    One more program for you, it complments ADWCleaner, which you already ran.

    Please proceed to:
    Downloading Junkware Removal Tool
    Save it to the Desktop

    Temporarily shutdown your antivirus to avoid any conflicts.

    Right-click on JRT.exe and select: Run as Administrator
    Press any key to launch the scan, and let it finish.

    Once the scan completes, a report called JTR.txt opens on the Desktop.

    Please copy/paste the content of the JTR.txt in your reply.
      My ComputerSystem Spec


 

Related Threads
Got hit with a drive by browser hijack which has set my Edge start page to Yahoo Search - Web Search It also disabled the Home button and changed my default search from Google to Yahoo. I tried the Edge reset powershell script. That failed....
Ms Edge Browser. in Browsers and Email
I am running windows 10 preview 14393.5. I have the following questions. 1. In ms edge the cast to device is greyed out, is this normal? 2. Will cast to device work with 1st generation google cast device? Henry
ms new edge browser in Browsers and Email
anyone know when ms plans to allow plugins to work with edge ? is kinda a useless browser without them
Add-ons For Edge Browser in Browsers and Email
Hi :party: from where I can download Add-ons For Edge Browser ?
Solved Edge Browser in Browsers and Email
How do I download & install the Edge Browser? Tully
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 05:32.
Find Us