New
#11
Here's what Agent Ransack found. I copied them out and saved the paths to the files before deleting them https://dl.dropboxusercontent.com/u/...age-hijack.zip
Feel free to share those files with people who can get them put into malware remover detection databases.
For the one in Edge's cache I just went into each subfolder there and deleted everything. Apparently CCleaner wasn't fully emptying it. For the file in Recovery\Active I had to use Unlocker to delete because despite Edge not running, Windows claimed the file was in use.
Now to reboot and see if Edge launches to the regular Yahoo page. If it's still hijacked, then I don't know what to try next.
Edit: Rebooted, launched Edge and right back to that same page. The same file re-appeared in the \Windows\Caches
Whomever created this hijack has buried something very well to ensure that Edge will always be going to that one site.
I'm scanning all of \AppData under my Username looking for fines containing text string with spigot to see if I missed anything. I stopped Agent Ransack at about 50% (I have a lot of files on C: ) because it had found those files which looked very suspicious due to their locations.
Last edited by Galane; 16 Aug 2016 at 02:00.