Desperate for help removing malware that Malwarebytes cannot see on edge

[conrat4567]

Hi, 

I am in a bit of a dilemma since around 6pm yesterday, 09/05/24, my Edge and Chrome browsers got infected with two separate extensions that hijacked the browser and locked down the settings so I couldn't remove them. They are managed by an organisation that doesn't exist. Chrome was an easy fix. I uninstalled that as I never used it but edge is proving difficult to the point I am actually considering wiping it all and living like a hermit. 

At first, I ran malwarebytes, rkill and all the other different AVs and none of them picked anything up. I even did a deep scann offline with defender. Nothing. I then looked online and removed the removed the registry keys for edge and was able to delete the extension but it would still route me through "My horoscope.com" and then to yahoo. I then just deleted everything associated with edge in app data and windows. I broke it to the point things stopped working. I reinstalled edge and for about 25 mins, it was fixed. After 25 mins, it came back and now the registry keys are still gone so I cant "unmanage" edge. 

I have made sure sync is off but before then I checked and non of my other browsers have synced the rouge extension which makes me believe it is local to my machine.

I uninstalled everything I installed the past week but everything seems to be legitimate. It keeps coming back.

Defender and Malwarebytes are not finding any files that list as dangerous, rkill doesnt find anything and I am now at breaking point. I really dont want to reinstall windows but if it is the only solution, I may as well upgrade to 11 but I am now panicking as I dont know if will still come back even with a reinstall

[conrat4567]

Notice as well, I can remove the extension from the user context but once removed, if I run edge, in real time I can see the files repopulate and install again. Looks like the edge launcher is somehow tied to a script or installer.

[JSntgRvr]

Let's get the info to get the process started. Be aware it will take many steps and scans to fully remove malware.

Please respond to all future instructions from your helper in a timely manner.

Let's go ahead and run a couple of scans and get some updated logs from your system. Please read the entire post below before starting so that you're more familiar with the process

Then follow each step in the order provided. Unless otherwise asked, please attach all logs

 

Please make the following system changes: Please pay close attention the the instructions in all of the following links.

• If you have not done so already - Enable System Protection and create a NEW System Restore Point
• Temporarily disable your antivirus real-time protection or other security software first only if it blocks or interferes with the scans or downloads.. Make sure to turn it back on once the scans are completed
• Temporarily disable Microsoft SmartScreen to download software below only if needed. Make sure to turn it back on once the downloads are completed
• Disable-Fast-Startup
• Show-Hidden-Folders-Files-Extensions

Please run the following scans: Please pay close attention the the instructions in all of the following links.

1. Click the following link and run a  Scan with AdwCleaner
2. Click the following link and run a  Scan with Malwarebytes 
      RESTART the computer
3. Click the following link and run a  Scan with Farbar Recovery Scan Tool 

Example image of where to click to attach files when posting your reply

 

[conrat4567]

Hi,

Thanks for responding. I ended up wiping and starting again. Windows 10 will be out of support soon so an upgrade was always going to need to happen. I have installed Malwarebytes to prevent this in the future. 

It seems to be ok, nothing has installed as of yet. I will open another topic if need be or open this one up again. 

[JSntgRvr]

Thanks for the feedback.

[AdvancedSetup]

Since this issue is resolved the topic will now be closed to prevent others from posting here.

If you need assistance please start your own new topic and someone will be happy to assist you.

Thanks