Windows 10: Can't get rid of browser hijack in Edge. Solved

Page 1 of 2 12 LastLast
  1.    14 Aug 2016 #1

    Can't get rid of browser hijack in Edge.


    Got hit with a drive by browser hijack which has set my Edge start page to Yahoo Search - Web Search

    It also disabled the Home button and changed my default search from Google to Yahoo.

    I tried the Edge reset powershell script. That failed. Microsoft Edge - Reset to Default in Windows 10 - Windows 10 Forums

    I tried Method #2 here (also found other places) BEST FIX: Reset Microsoft Edge on Windows 10 FAIL!

    Malware Bytes got rid of the hijack in Internet Explorer and Chrome. I presume it also took things out of Firefox too, but simply changing the start page and other settings worked. (Now why can't the other browsers shrug off hijack attempts like that?!)

    Superantispyware found *nothing* except a bunch of tracking cookies, which I had it delete.

    I'm about to the point of using the script here that forcibly rips Edge out by the roots. Edge browser - remove or uninstall in Windows 10

    Is there a way to reinstall Edge after using that, without having to reinstall Windows 10?

    If you have something to try that I have not already listed above, I'd like to hear about it. (In other words, do not tell me to do exactly what I've said I already tried which failed to fix the problem.)
      My ComputerSystem Spec

  2.    14 Aug 2016 #2

    Hey,

    It seems that you are infected with Adware.

    Did you try to run AdwCleaner to remove the infections? Run the program as administrator and choose the scan option, if you are unsure about what has been found you can post the logfile here first, otherwise you can click clean after scanning.

    Your system will reboot after you clean it, a logfile will open. Can you post the content of the logfile in your next post?
      My ComputerSystem Spec

  3.    14 Aug 2016 #3

    I'll try AdwCleaner and see if it gets rid of this.

    Just tried Avast Browser Cleanup. It too has failed, said it found a toolbar protector and removed it. Not a toolbar problem, start page hijack.
      My ComputerSystem Spec

  4.    14 Aug 2016 #4

    Let's see what AdwCleaner does, it would be nice if I can receive the logfile so I can help you with other steps if needed.
      My ComputerSystem Spec

  5.    14 Aug 2016 #5

    Log attached. I see where it's found the hijack in Chrome and Firefox and IE, but nothing shows for Edge.

    Ignore the B1 Free Archiver entries. *Everything* claims it's malware.
    Conduit is the Swag Button from Swagbucks, also innocuous yet all the malware/adware removers insist it should be removed. (I get free Amazon gift cards from Swagbucks. Free money = not bad!)

    Edit: I unchecked the entries for B1, hit clean then let it reboot. Then I ran CCleaner to clean up, and used its Registry cleaner to clear out references to files and folders Adw deleted.

    Launched Edge and... slight change. Still stuck on the hijacked start page, still being blocked from changing the start page. In the settings, the radio button is now staying on a specific page or pages instead of always changing to Start Page, but no changes to the custom startup are saved, it resets to MSN, yet it launches immediately to the hijacked page without even attempting to go to MSN.

    It's also no longer resetting the Home button to the hijack page.

    So partway cleaned but still has the start page hijacked and changes are blocked. It's hiding somewhere, just have to find it.
    Can't get rid of browser hijack in Edge. Attached Files
    Last edited by Galane; 14 Aug 2016 at 05:28.
      My ComputerSystem Spec

  6.    14 Aug 2016 #6

    Hey,

    I see that you only used the scan button. :-) Can you start the program again, press Scan and after that please use the Clean button to remove what has been found while scanning.

    Please attach the logfile you get after cleaning.

    P.S.:
    Data Found: HKU\S-1-5-21-3264141754-2789376457-1022515604-1001\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
    Data Found: HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}

    This will also be the problem for Edge If I'm correct, let me know please.

    Also for C:\Program Files (x86)\B1 Free Archiver there are a lot of alternatives what are safe, for example Bandizip.
    Last edited by Dropbox; 14 Aug 2016 at 08:46. Reason: Added some extra info.
      My ComputerSystem Spec

  7.    14 Aug 2016 #7

    norton safe web says this about the domain that the archiver comes from Is This Website Safe | Website Security | Norton Safe Web i would use something else but that software just saying.
      My ComputerSystem Spec

  8.    15 Aug 2016 #8

    Safe site or not, something has nailed my start page to it and is blocking it from being changed.

    There's a cloud storage site which archives everything to B1's format when downloading, so it has to stick around.

    I scanned again and I see the keyword URL line is still in prefs.js. I opened the file in notepad and despite AdwCleaner's log saying it removed it, it did not. So I opened prefs.js in notepad and deleted the line. Saved and closed but did not mark it read only then launched Firefox and opened prefs.js. the line is still gone.

    I was hoping something would put the line back, then some process monitor program could watch it to see what accessed it.

    Cleaning log and latest scan log attached. Just tried changing the Edge start page to https://www.yahoo.com again, reverted to set to MSN but going to the search.yahoo one. Does Edge have a preferences file somewhere that could have gotten set to read only and that's blocking any user settings changes? Like how a common malware attack on MS Word was to add junk to the normal.dot file then set it to read only to block changes made to it from within Word.

    I assume that eventually, sometime, the malware cleaners will get updated to get this one, maybe.

    What would fix it is a standalone Edge installer that steamrolls in over *everything* for Edge *everywhere* its files and data are in Windows 10. A 'burn the village to save it' approach to ensure that anything screwed up or infected about it gets overwritten.
    Can't get rid of browser hijack in Edge. Attached Files
      My ComputerSystem Spec

  9.    15 Aug 2016 #9

    Hello,

    Please download Junkware Removal Tool and save it to your Desktop. Right click the program and choose Run as administrator.

    Let the program run, after it has cleaned a reboot can be needed do it, otherwise attach the file JRT.txt in your next post.
      My ComputerSystem Spec

  10.    15 Aug 2016 #10

    Still goes to Yahoo Search - Web Search after running JRT.exe and rebooting. Log attached. I see it did away with coupon printer (it's not malware) and the video downloader shortcut (also not harmful) but ignored B1.

    But in the settings it's now leaving the custom page to go to at the regular Yahoo URL instead of switching it to MSN. Still ignores that and goes to the URL I don't want. One more step of progress but still not across the finish line.

    I'm going to use Agent Ransack and have it search for that URL as a text string inside every @#%^@%# file on C: and see if it finds anything.
    Can't get rid of browser hijack in Edge. Attached Files
      My ComputerSystem Spec


 
Page 1 of 2 12 LastLast

Related Threads
Ms Edge Browser. in Browsers and Email
I am running windows 10 preview 14393.5. I have the following questions. 1. In ms edge the cast to device is greyed out, is this normal? 2. Will cast to device work with 1st generation google cast device? Henry
ms new edge browser in Browsers and Email
anyone know when ms plans to allow plugins to work with edge ? is kinda a useless browser without them
Add-ons For Edge Browser in Browsers and Email
Hi :party: from where I can download Add-ons For Edge Browser ?
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 13:43.
Find Us