Jump to content

Recommended Posts

A browser extension called "custom search bar" keeps redirecting me to rb.fastsearch.me before sending me to the requested site.

Malwarebytes blocks it from redirecting me to it, but nothing lets me remove it. I cant remove it through edge because its "controlled by my organization" (my pc isnt linked to any organization)

image.png.f2d11c1230e2f611d9e571722c33e962.png

Link to post
Share on other sites

Hello @xleepy and :welcome:

While you are waiting for the next qualified/approved malware removal expert helper to weigh-in on your topic, please carefully follow the instructions within the following Malwarebytes support article:

Run the Farbar Recovery Scan Tool to gather logs

Please attach (not Cut & Paste) both the FRST.txt and Addition.txt report files in your next reply to this topic.

Thank you.

Link to post
Share on other sites

Turn off , or remove an extension https://support.microsoft.com/en-us/microsoft-edge/add-turn-off-or-remove-extensions-in-microsoft-edge-9c0ec68c-2fbc-2f2c-9ff0-bdc76f46b026

Of course, be sure you are logged into a Windows account that has administrator-level rights.

Link to post
Share on other sites

40 minutes ago, Maurice Naggar said:

Thank you, Pete.  Hello @xleepy I'll look forward to getting the Farbar FRST reports. By the way, there should be a way to drill down thru Settings of Edge to possibly "disable" the bad extension

I have tried to Disable the extension but since it says "managed by your organisation" i cannot disable it without any sort of bypass. Here are the FRST docs

FRST.txt Addition.txt

Link to post
Share on other sites

We will get the EDGE browser search redirect fixed. There is a combo of 2 factors involved. One is a policy restriction as to the Edge browser. The 2nd is the setting of the Edge Deafultsearch URL setting. I need you to do 2 basic starter steps. 

Please  set File Explorer to SHOW ALL folders, all files, including Hidden ones.  Use OPTION ONE or TWO of this article
Please use thuis guide https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html

[ 2 ]

Start Malwarebytes. Click Settings ( gear ) icon. Next, lets make real sure that Malwarebytes does NOT register with Windows Security Center

Click the Security Tab. Scroll down to

"Windows Security Center"

Click the selection to the left  for the line "Always register Malwarebytes in the Windows Security Center".
{ We want that to be set as Off   .... be sure that line's  radio-button selection is all the way to the Left.  thanks. }

This will not affect any real-time protection of the Malwarebytes for Windows    😃.

Close Malwarebytes.

>

[ 3 ]

This custom script is for  XLEEPY  only / for this machine only.

Be very sure to Save any work-files you have open at this point. Close & Save any open edits, if any. Next, a custom script to do  checks & some  cleanups. This is really just housekeping with small cleanups.

We will use FRST64  on the Downloads  folder to run a custom script.    The system will be rebooted after the script has run.

This custom script has some specific things, plus some general aspect to help the system overall.  

NOTE-1:  This script will  run a scan using System File Checker to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. .  It will clear the cache files on Brave and Edge browsers.

  • It will clear the EDGE browser DefaultSearchURL
  • It will update Microsoft Defender antivirus and attempt to do one Quick scan

Please be sure to Save this attachment Fixlist.txt to Downloads folder. The FRST64 & Fixlist work as a pair & need to be in same folder.

Fixlist.txt       <<< - - - - -

Then, Start the Windows Explorer and then, go  to the Downloads   folder.


Start FRST64    .  Reply YES when prompted to allow to run.
  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
IF Windows prompts you about running this, select YES to allow it to proceed.

  • IF you get a block message from Windows about this tool......

               click line More info information on that screen
               and click button Run anyway on next screen.

  • on the FRST window:

Click the Fix button just once, and wait.

frst-fix.jpg.f6a25291b39a03d418acc9a3b7136900.jpg

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. 
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

CHKDSK will run a disc check on next machine Restart.

Please attach the FIXLOG.txt with your next reply later, at your next opportunity.

Edited by Maurice Naggar
Link to post
Share on other sites

@xleepy Some inquiries / questions about your system configuration. 

  • Do you have a printer configured on this system ?
  • Do you make use of print job spooling ?
  • Did you make use of the Windows Printworkflow service ? either made changes for it ? or setup some print scheduled tasks ?
Link to post
Share on other sites

This custom script is for  XLEEPY  only / for this machine only.

Be very sure to Save any work-files you have open at this point. Close & Save any open edits, if any. Next, a new custom script 

We will use FRST64  on the Downloads  folder to run a custom script.    The system will be rebooted after the script has run.

NOTE-1:  This script will  remove 2 scheduled tasks that allegedly are for printer tasks.

Please be sure to Save this attachment Fixlist.txt to Downloads folder. The FRST64 & Fixlist work as a pair & need to be in same folder.

Fixlist.txt       <<< - - - - -

Then, Start the Windows Explorer and then, go  to the Downloads   folder.


Start FRST64    .  Reply YES when prompted to allow to run.
  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
IF Windows prompts you about running this, select YES to allow it to proceed.

  • IF you get a block message from Windows about this tool......

               click line More info information on that screen
               and click button Run anyway on next screen.

  • on the FRST window:

Click the Fix button just once, and wait.

frst-fix.jpg.f6a25291b39a03d418acc9a3b7136900.jpg


The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply later, at your next opportunity.

  • Be sure you let me know if the EDGE browser search issue is all cleared away.
Link to post
Share on other sites

On 5/8/2022 at 11:05 PM, Maurice Naggar said:

 

  • Be sure you let me know if the EDGE browser search issue is all cleared away.

upon running the second script with frst fix the extension reappeared.
when i use a shortcut from the edge home screen the redirect doesnt occur, only when i use the top url search the redirect occurs and MB flags it with
"Website blocked due to pup

Website blocked: rb.fastsearch.me" (also still controlled by organisation)

Link to post
Share on other sites

I would like a report set for review.   This is a report only.

Please download MALWAREBYTES MBST Support Tool

Once you start it click Advanced >>> then   Gather Logs

 Have patience till the run has finished.

Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop.

 

  • Please attach  mbst-grab-results.zip    to your reply 
Link to post
Share on other sites

Thank you for the zip report. Now then, since you describe some potential adware issue:

Let's do one scan with Malwarebytes Adwcleaner to check for adwares. Just before pressing that "scan" button, be sure that Chrome & Edge, or other web browser are Closed.

It will not take much time,

First download & save it

https://support.malwarebytes.com/hc/en-us/articles/360038520054-Download-and-install-Malwarebytes-AdwCleaner

 

Then be sure to close all web browsers.

Then go to where the EXE file is saved. Start Adwcleaner.  Then do a scan with Adwcleaner

https://support.malwarebytes.com/hc/en-us/articles/360038520114-Malwarebytes-AdwCleaner-scan-and-clean

Attach the clean log.

Link to post
Share on other sites

Hello @xleepy 

This custom script is for  XLEEPY  only / for this machine only.

Be very sure to Save any work-files you have open at this point. Close & Save any open edits, if any. Next, a new custom script 

We will use FRST64  on the Downloads  folder to run a custom script.    The system will be rebooted after the script has run.

NOTE-1:  This script is another attempt to get rid of the pest search preference on MS Edge browser. This should run fairly quickly.

Please be sure to Save this attachment Fixlist.txt to Downloads folder. The FRST64 & Fixlist work as a pair & need to be in same folder.

Fixlist.txt       <<< - - - - -

Then, Start the Windows Explorer and then, go  to the Downloads   folder.


Start FRST64    .  Reply YES when prompted to allow to run.

  •    If the tool warns you the version is outdated, please download and run the updated version.
  • IF Windows prompts you about running this, select YES to allow it to proceed.
  • IF you get a block message from Windows about this tool......

               click line More info information on that screen
               and click button Run anyway on next screen.

  • on the FRST window:

Click the Fix button just once, and wait.

frst-fix.jpg.f6a25291b39a03d418acc9a3b7136900.jpg


The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply later, at your next opportunity.

  • Be sure you let me know if the EDGE browser search issue is all cleared away.
Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.