Windows 10: Can't get rid of browser hijack in Edge.

Discus and support Can't get rid of browser hijack in Edge. in Browsers and Email to solve the problem; Got hit with a drive by browser hijack which has set my Edge start page to Yahoo Search - Web Search It also disabled the Home button and changed my... Discussion in 'Browsers and Email' started by Galane, Aug 13, 2016.

  1. Galane Win User

    Can't get rid of browser hijack in Edge.


    Got hit with a drive by browser hijack which has set my Edge start page to Yahoo Search - Web Search

    It also disabled the Home button and changed my default search from Google to Yahoo.

    I tried the Edge reset powershell script. That failed. Microsoft Edge - Reset to Default in Windows 10 - Windows 10 Forums

    I tried Method #2 here (also found other places) BEST FIX: Reset Microsoft Edge on Windows 10 FAIL!

    Malware Bytes got rid of the hijack in Internet Explorer and Chrome. I presume it also took things out of Firefox too, but simply changing the start page and other settings worked. (Now why can't the other browsers shrug off hijack attempts like that?!)

    Superantispyware found *nothing* except a bunch of tracking cookies, which I had it delete.

    I'm about to the point of using the script here that forcibly rips Edge out by the roots. Edge browser - remove or uninstall in Windows 10

    Is there a way to reinstall Edge after using that, without having to reinstall Windows 10?

    If you have something to try that I have not already listed above, I'd like to hear about it. (In other words, do not tell me to do exactly what I've said I already tried which failed to fix the problem.)

    :)
     
    Galane, Aug 13, 2016
    #1
  2. grk041668 Win User

    Can't remove Yahoo from Chrome

    some how yahoo has hijacked my google chrome home page. I can't seem to get rid of it. I used windows defender to scan it showed nothing, I've uninstalled google chrome and reinstalled still there I used malware bytes and cleaned it up nut it's still happening.
    no idea how too get rid of it.

    [Original tile: Browser Hijacker]
     
    grk041668, Aug 13, 2016
    #2
  3. IbnIba Win User
    How to remove Sweetpage.com from Microsoft Edge Windows 10

    Hi,

    My Microsoft Edge browser has been hijacked by Sweetpage.com and I can not find any instructions on how to remove it. I can find instructions for explorer, chrome, firefox but not edge.

    My Avast and AntiMalware Bytes tools do not get rid of it, nor do any Microsoft anti virus tools.

    Would be grateful for instructions how to get rid of it please?

    Can I uninstall Microsoft Edge and reinstall perhaps?

    Regards
     
    IbnIba, Aug 13, 2016
    #3
  4. Dropbox Win User

    Can't get rid of browser hijack in Edge.

    Hey,

    It seems that you are infected with Adware. *Sad

    Did you try to run AdwCleaner to remove the infections? Run the program as administrator and choose the scan option, if you are unsure about what has been found you can post the logfile here first, otherwise you can click clean after scanning.

    Your system will reboot after you clean it, a logfile will open. Can you post the content of the logfile in your next post?
     
    Dropbox, Aug 13, 2016
    #4
  5. Galane Win User
    I'll try AdwCleaner and see if it gets rid of this.

    Just tried Avast Browser Cleanup. It too has failed, said it found a toolbar protector and removed it. Not a toolbar problem, start page hijack.
     
    Galane, Aug 13, 2016
    #5
  6. Dropbox Win User
    Let's see what AdwCleaner does, it would be nice if I can receive the logfile so I can help you with other steps if needed.
     
    Dropbox, Aug 13, 2016
    #6
  7. Galane Win User
    Log attached. I see where it's found the hijack in Chrome and Firefox and IE, but nothing shows for Edge.

    Ignore the B1 Free Archiver entries. *Everything* claims it's malware.
    Conduit is the Swag Button from Swagbucks, also innocuous yet all the malware/adware removers insist it should be removed. (I get free Amazon gift cards from Swagbucks. Free money = not bad!)

    Edit: I unchecked the entries for B1, hit clean then let it reboot. Then I ran CCleaner to clean up, and used its Registry cleaner to clear out references to files and folders Adw deleted.

    Launched Edge and... slight change. Still stuck on the hijacked start page, still being blocked from changing the start page. In the settings, the radio button is now staying on a specific page or pages instead of always changing to Start Page, but no changes to the custom startup are saved, it resets to MSN, yet it launches immediately to the hijacked page without even attempting to go to MSN.

    It's also no longer resetting the Home button to the hijack page.

    So partway cleaned but still has the start page hijacked and changes are blocked. It's hiding somewhere, just have to find it.
     
    Galane, Aug 13, 2016
    #7
  8. Dropbox Win User

    Can't get rid of browser hijack in Edge.

    Hey,

    I see that you only used the scan button. Can't get rid of browser hijack in Edge. :) Can you start the program again, press Scan and after that please use the Clean button to remove what has been found while scanning.

    Please attach the logfile you get after cleaning.

    P.S.:
    Data Found: HKU\S-1-5-21-3264141754-2789376457-1022515604-1001\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
    Data Found: HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}

    This will also be the problem for Edge If I'm correct, let me know please.

    Also for C:\Program Files (x86)\B1 Free Archiver there are a lot of alternatives what are safe, for example Bandizip.
     
    Dropbox, Aug 13, 2016
    #8
  9. Tonyb Win User
    Tonyb, Aug 13, 2016
    #9
  10. Galane Win User
    Safe site or not, something has nailed my start page to it and is blocking it from being changed.

    There's a cloud storage site which archives everything to B1's format when downloading, so it has to stick around.

    I scanned again and I see the keyword URL line is still in prefs.js. I opened the file in notepad and despite AdwCleaner's log saying it removed it, it did not. So I opened prefs.js in notepad and deleted the line. Saved and closed but did not mark it read only then launched Firefox and opened prefs.js. the line is still gone.

    I was hoping something would put the line back, then some process monitor program could watch it to see what accessed it.

    Cleaning log and latest scan log attached. Just tried changing the Edge start page to https://www.yahoo.com again, reverted to set to MSN but going to the search.yahoo one. Does Edge have a preferences file somewhere that could have gotten set to read only and that's blocking any user settings changes? Like how a common malware attack on MS Word was to add junk to the normal.dot file then set it to read only to block changes made to it from within Word.

    I assume that eventually, sometime, the malware cleaners will get updated to get this one, maybe.

    What would fix it is a standalone Edge installer that steamrolls in over *everything* for Edge *everywhere* its files and data are in Windows 10. A 'burn the village to save it' approach to ensure that anything screwed up or infected about it gets overwritten.
     
    Galane, Aug 14, 2016
    #10
  11. Dropbox Win User
    Hello,

    Please download Junkware Removal Tool and save it to your Desktop. Right click the program and choose Run as administrator.

    Let the program run, after it has cleaned a reboot can be needed do it, otherwise attach the file JRT.txt in your next post.
     
    Dropbox, Aug 14, 2016
    #11
  12. Galane Win User
    Still goes to Yahoo Search - Web Search after running JRT.exe and rebooting. Log attached. I see it did away with coupon printer (it's not malware) and the video downloader shortcut (also not harmful) but ignored B1.

    But in the settings it's now leaving the custom page to go to at the regular Yahoo URL instead of switching it to MSN. Still ignores that and goes to the URL I don't want. One more step of progress but still not across the finish line.

    I'm going to use Agent Ransack and have it search for that URL as a text string inside every @#%^@%# file on C: and see if it finds anything.
     
    Galane, Aug 15, 2016
    #12
  13. Galane Win User

    Can't get rid of browser hijack in Edge.

    Here's what Agent Ransack found. I copied them out and saved the paths to the files before deleting them https://dl.dropboxusercontent.com/u/...age-hijack.zip

    Feel free to share those files with people who can get them put into malware remover detection databases.

    For the one in Edge's cache I just went into each subfolder there and deleted everything. Apparently CCleaner wasn't fully emptying it. For the file in Recovery\Active I had to use Unlocker to delete because despite Edge not running, Windows claimed the file was in use.

    Now to reboot and see if Edge launches to the regular Yahoo page. If it's still hijacked, then I don't know what to try next.

    Edit: Rebooted, launched Edge and right back to that same page. The same file re-appeared in the \Windows\Caches

    Whomever created this hijack has buried something very well to ensure that Edge will always be going to that one site.

    I'm scanning all of \AppData under my Username looking for fines containing text string with spigot to see if I missed anything. I stopped Agent Ransack at about 50% (I have a lot of files on C: ) because it had found those files which looked very suspicious due to their locations.
     
    Galane, Aug 15, 2016
    #13
  14. Galane Win User
    Finally found it. The .lnk file in the taskbar had the URL in it. What's the default in it? I tried deleting the URL but then I couldn't go to any sites with Edge, so for now I changed it to the regular Yahoo page.

    C:\Windows\explorer.exe microsoft-edge:"https://search.yahoo.com/?type=994519&fr=spigot_edge_hp" <-What should the default be so Edge will go to the proper Start page?

    C:\Users\Username\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\MicrosoftEdge.lnk
     
    Galane, Aug 15, 2016
    #14
  15. Dropbox Win User
    Hey,

    Thanks for the file, I've send it to some AV companies. Can't get rid of browser hijack in Edge. :)

    It seems that something is wrong in Edge, even as cleaned a lot what is good. I found a way to delete and re-install the Edge browser, can you give it a try and tell me if it works?
     
    Dropbox, Aug 15, 2016
    #15
Thema:

Can't get rid of browser hijack in Edge.

Loading...
  1. Can't get rid of browser hijack in Edge. - Similar Threads - Can't rid browser

  2. Browser hijack

    in Windows 10 Customization
    Browser hijack: Hi whenever I open a page from within an app my default browser which is almost advert free is bypassed and microsofts advert fest Edge is used instead. Edge is pretty much unusable to me as I despise being forced to view adverts also I dislike the search engine which I have...
  3. Can't get rid of EXTREMELY ANNOYING messages to make Edge my default browser

    in Windows 10 Customization
    Can't get rid of EXTREMELY ANNOYING messages to make Edge my default browser: I spent a nice chunk of change this morning on a new laptop. I DO NOT want Edge to be my default browser. Every time I open my computer I get two messages telling my to try Edge & to make it my default browser. I've gone into settings and turned the "get tricks, tips,...
  4. Can't Get Rid of Program

    in Windows 10 Network and Sharing
    Can't Get Rid of Program: Please read the entire post as it explains whats wrong: A little while ago I got rainbow six and logging on was easy but after a while something happend where it wouldn't let me connect to the network and I went through a bunch of hurdles with tech support, but in the end...
  5. Browser hijacker

    in AntiVirus, Firewalls and System Security
    Browser hijacker: How do I know if I've got a browser hijacker? And why do I keep getting calls saying my computer is in danger? Supposingly from microsoft agent....
  6. Browser Hijacking (IE11 and EDGE)

    in AntiVirus, Firewalls and System Security
    Browser Hijacking (IE11 and EDGE): Hi Folks Be extra careful currently as there is STILL a problem in security with IE11 and Edge which can allow "unscrupulous" users to hijack your browser / do other nasty things - and currently NO A/V software can protect against this. BE VERY CAREFUL if using IE11 /...
  7. java update hijacked edge browser

    in Browsers and Email
    java update hijacked edge browser: A older java update has hijacked my edge browser and I cant get rid of the page asking to update. 20004
  8. Edge Browser hijack scam

    in AntiVirus, Firewalls and System Security
    Edge Browser hijack scam: Last night I got the scam where the Browser (Edge) is locked and a message pops up saying to call a number. There is a computerised voice telling me I have a problem. I can open Explorer ok and am using it to type this. I ran AV (Defender & MBAM) but nothing came up. I...
  9. Edge Hijacking?

    in AntiVirus, Firewalls and System Security
    Edge Hijacking?: Is this a highjacking? Did scans with Defender, Mbam, Adwcleaner and Hitman Pro, which none detected. Could not open Edge without it appearing. Finally solved with a backdated recovery. 22737
  10. Can't get rid of AvastUI

    in Windows 10 Performance & Maintenance
    Can't get rid of AvastUI: Hello I did some testing of spyware programs some time ago, and some of the programs had issues when trying to uninstall them. One of them was avast, and after uninstalling it, theres a program called AvastUI.exe that loads with my computer and I can't figure out how to...