Can't get rid of browser hijack in Edge.

Page 2 of 2 FirstFirst 12

  1. Posts : 153
    Windows 10
    Thread Starter
       #11

    Here's what Agent Ransack found. I copied them out and saved the paths to the files before deleting them https://dl.dropboxusercontent.com/u/...age-hijack.zip

    Feel free to share those files with people who can get them put into malware remover detection databases.

    For the one in Edge's cache I just went into each subfolder there and deleted everything. Apparently CCleaner wasn't fully emptying it. For the file in Recovery\Active I had to use Unlocker to delete because despite Edge not running, Windows claimed the file was in use.

    Now to reboot and see if Edge launches to the regular Yahoo page. If it's still hijacked, then I don't know what to try next.

    Edit: Rebooted, launched Edge and right back to that same page. The same file re-appeared in the \Windows\Caches

    Whomever created this hijack has buried something very well to ensure that Edge will always be going to that one site.

    I'm scanning all of \AppData under my Username looking for fines containing text string with spigot to see if I missed anything. I stopped Agent Ransack at about 50% (I have a lot of files on C: ) because it had found those files which looked very suspicious due to their locations.
    Last edited by Galane; 16 Aug 2016 at 02:00.
      My Computer


  2. Posts : 153
    Windows 10
    Thread Starter
       #12

    Finally found it. The .lnk file in the taskbar had the URL in it. What's the default in it? I tried deleting the URL but then I couldn't go to any sites with Edge, so for now I changed it to the regular Yahoo page.

    C:\Windows\explorer.exe microsoft-edge:"https://search.yahoo.com/?type=994519&fr=spigot_edge_hp" <-What should the default be so Edge will go to the proper Start page?

    C:\Users\Username\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\MicrosoftEdge.lnk
      My Computer


  3. Posts : 222
    Windows 10
       #13

    Hey,

    Thanks for the file, I've send it to some AV companies.

    It seems that something is wrong in Edge, even as cleaned a lot what is good. I found a way to delete and re-install the Edge browser, can you give it a try and tell me if it works?
      My Computer


  4. Posts : 153
    Windows 10
    Thread Starter
       #14

    That didn't fix the Edge shortcut on the taskbar. Same as it was so I'm deleting all the quick launch shortcuts and re-pinning what I want there.
      My Computer


  5. Posts : 222
    Windows 10
       #15

    Hmm, I think that is the only solution for it, but your browser is working fine again?
      My Computer


  6. Posts : 1,104
    win 10 pro x64 os build 20H2
       #16

    Wow this sounded very nasty thank god i never use edge google chrome is my friend :)
      My Computer

  7. Mystere's Avatar
    Posts : 3,257
    Windows 10 Pro
       #17

    Galane said:
    That didn't fix the Edge shortcut on the taskbar. Same as it was so I'm deleting all the quick launch shortcuts and re-pinning what I want there.
    You can try using the Edge Favorites editor Manage Edge Favorites
      My Computer

  8. jimbo45's Avatar
    Posts : 10,489
    Windows / Linux : Arch Linux
       #18

    Hi there

    I always say with these things --if you have a decent backup image - just restore it.
    Provided you keep Windows + apps on their own partition a backup shouldn't take more than around 10 - 15 mins on modern hardware if that -- and a restore about the same time.

    On my laptop with 250GB Samsung SSD backed up to external SSD via USB 3 port --6 mins !! Use something like free macrium.

    I often wonder if someone would count up the nr of hours spent on running Virus and Malware removal software on an infected computer as opposed to regular backups and restores I know who would win HANDS DOWN.

    I've nothing against this type of software (note I'm not complaining about AV software -- although in this case it obviously didn't do its job properly) - it's just the philosophy --it's like trying deliberately to repair a defective plane while it's in the air !!!.

    I've flown enough planes in my time to know as a Pilot you ensure any defects are remedied while it's on the ground and certainly not using a defective piece of kit (the Windows OS in this case with the malware in it).

    If and when it's fixed let that be a lesson AND START TAKING REGULAR CLEAN BACKUPS - software is FREE and quick so no excuse.

    Cheers
    jimbo
      My Computer


 
Page 2 of 2 FirstFirst 12

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 17:29.
Find Us




Windows 10 Forums