Edge Browser hijack scam


  1. Jeddie
    Posts : 175
    Windows 10 Home ver 2004
       New #1

    Edge Browser hijack scam


    Last night I got the scam where the Browser (Edge) is locked and a message pops up saying to call a number. There is a computerised voice telling me I have a problem.

    I can open Explorer ok and am using it to type this. I ran AV (Defender & MBAM) but nothing came up.
    I disconnected my router and went back to Edge and I seemed to be able to clear that scam page. But did not connect the modem.

    Today
    Connected modem & downloaded ADwcleaner. It found nothing except for the following;

    Is it ok to delete this registry stuff?
    ***** [ Registry ] *****
    Key Found: HKLM\SOFTWARE\Classes\protector_dll.Protector
    Key Found: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
    Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
    Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
    Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
    Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
    Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector
    Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1
    Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
    Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
    Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
    Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
    Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C168639F-5810-4EC8-B1E8-0251AA8A771C}

    ***** [ Web browsers ] *****
    No malicious Firefox based browser items found.
    No malicious Chromium based browser items found.
      My Computer
    Quote Quote

  3. simrick
    Posts : 16,325
    W10Prox64
       New #2

    Jeddie said:
    Last night I got the scam where the Browser (Edge) is locked and a message pops up saying to call a number. There is a computerised voice telling me I have a problem.

    I can open Explorer ok and am using it to type this. I ran AV (Defender & MBAM) but nothing came up.
    I disconnected my router and went back to Edge and I seemed to be able to clear that scam page. But did not connect the modem.

    Today
    Connected modem & downloaded ADwcleaner. It found nothing except for the following;

    Is it ok to delete this registry stuff?
    ***** [ Registry ] *****
    Key Found: HKLM\SOFTWARE\Classes\protector_dll.Protector
    Key Found: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
    Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
    Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
    Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
    Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
    Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector
    Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1
    Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
    Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
    Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
    Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
    Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C168639F-5810-4EC8-B1E8-0251AA8A771C}

    ***** [ Web browsers ] *****
    No malicious Firefox based browser items found.
    No malicious Chromium based browser items found.

    Yep - get rid of that stuff.
      My Computer
    Quote Quote

  4. Jeddie
    Posts : 175
    Windows 10 Home ver 2004
    Thread Starter
       New #3

    simrick said:
    Yep - get rid of that stuff.
    Thanks Simrick.

    I just cleaned it. Went back to Edge and it opens ok. The hijack crap is gone.

    Anything else I need to do?
      My Computer
    Quote Quote

  6. simrick
    Posts : 16,325
    W10Prox64
       New #4

    Jeddie said:
    Thanks Simrick.

    I just cleaned it. Went back to Edge and it opens ok. The hijack crap is gone.

    Anything else I need to do?
    You're welcome Jeddie.
    A full (custom) scan with Malwarebytes AntiMalware Free (be sure to check the box for rootkits) wouldn't hurt.
    Also might want to use OpenDNS servers on your NIC and Malwarebytes AntiExploit (free) to help in the future.
    Cheers!
      My Computer
    Quote Quote

  7. Mystere
    Posts : 3,257
    Windows 10 Pro
       New #5

    Jeddie said:
    ***** [ Web browsers ] *****
    No malicious Firefox based browser items found.
    No malicious Chromium based browser items found.
    That's because what you were experiencing wasn't actually a virus, or malware per se. It was just a web page that makes clever use of javascript to prevent you from navigating away. Of course, when you kill the browser, it just reopens the same page and you're back to where you were.

    What you did is exactly the correct thing, disconnect the computer from the internet, kill the browser, then reopen it. Since it can't now reach the page, it just gives you an error and no javascript executes, so you can close it out and you're good after that. No viruses, no malware.

    While It looks like you had some other malware on there, they weren't related to the page you saw. That's strictly an annoying page. FYI, there exists similar hijack pages for most (if not all) of the major browsers.
      My Computer
    Quote Quote

  8. cottonball
    Posts : 579
    Windows 10 Home
       New #6

    Jeddie,

    One more program for you, it complments ADWCleaner, which you already ran.

    Please proceed to:
    Downloading Junkware Removal Tool
    Save it to the Desktop

    Temporarily shutdown your antivirus to avoid any conflicts.

    Right-click on JRT.exe and select: Run as Administrator
    Press any key to launch the scan, and let it finish.

    Once the scan completes, a report called JTR.txt opens on the Desktop.

    Please copy/paste the content of the JTR.txt in your reply.
      My Computer
    Quote Quote

 

  Related Discussions
Hijack Browser "Ask"
in AntiVirus, Firewalls and System Security

Using Windows 10 current version. Will someone please help me to get rid of a hijack browser "Ask" which attached itself to my Google Chrome. I have tried several methods all of which have failed. I deleted Google Chrome and re installed it but...
w 10 notepad hijack
in Software and Apps

Hi All, every time i try to download a pdf or any other info file, it comes out in notepad, which just shows a page of code. its my fault for selecting notepad at some stage, but now i cannot change it back to Adobe or just get my system to...
Red Scam Warning in Browser
in AntiVirus, Firewalls and System Security

A little while ago, shortly after booting the computer and launching Chrome, the Yahoo! home page got replaced with a red page about some sort of malware attack on my computer, complete with recorded voice warning. Considering that Avast and...
Got hit with a drive by browser hijack which has set my Edge start page to Yahoo Search - Web Search It also disabled the Home button and changed my default search from Google to Yahoo. I tried the Edge reset powershell script. That failed....
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 18:02.
Find Us




Windows 10 Forums