talking malware?

I had Microsoft Edge browser open while I was using the Kindle Book app
to write a paper in Libre Writer. Connecting hardwire to the default
router from my ISP.

Edge showed a screen that starting talking about a need to press some
buttons or something or my computer would be seen as a threat to the
network and would be disconnected until contacting Microsoft.

I ran a full scan with Windows Defender. I ran an offline scan also. No
threats were found.

Proceeding without browsing until I find out how to address this. Would
clearing the cache, etc. fix this? Can I clear stuff outside of Edge?
Any other ideas?

I used to know how to configure an IP firewall ... but it is on ...

--
dale - http://www.dalekelly.org

dale wrote:
I had Microsoft Edge browser open while I was using the Kindle Book app
to write a paper in Libre Writer. Connecting hardwire to the default
router from my ISP.

Edge showed a screen that starting talking about a need to press some
buttons or something or my computer would be seen as a threat to the
network and would be disconnected until contacting Microsoft.

I ran a full scan with Windows Defender. I ran an offline scan also. No
threats were found.

Proceeding without browsing until I find out how to address this. Would
clearing the cache, etc. fix this? Can I clear stuff outside of Edge?
Any other ideas?

I used to know how to configure an IP firewall ... but it is on ...


There is an example of what you're dealing with, here...

https://www.tenforums.com/antivirus-...ge-hacked.html

Nobody there has completely root-caused it. Yes,
in theory, clearing caches and history is all fine stuff.
Except some browsers now, they *insist* on opening pages
from the previous session. Which is a *bad* *bad* behavior.
Think of the extra aggravation that could cause.

Examples of tools, with no certainty they will help.

https://www.bleepingcomputer.com/dow...-removal-tool/

https://www.bleepingcomputer.com/download/adwcleaner/

If this one keeps coming back, then you would suspect
a Startup item or an EXE somewhere is helping it. It
could have added a Scheduler entry, to re-install itself.
And so on.

I'm no good at fixing these. I'm not methodical enough.

*******

You could edit the "hosts" file, and redirect the adware link host
address to 127.0.0.1. That's not a firewall. And it might not even
be any easier to do than programming the firewall. A firewall could
stop outbound connections from MSEdge, or perhaps even prevent
communication with a certain address. Doing it with the "hosts"
file isn't all that good, but you don't need to know that much
to do it.

And the people who write this crap, have considered all the
possible responses an end-user will make. That's why it's
hard to remove. The thing is, when one developer discovers
an "evil method", the other black-hats write that down for
future usage. They accumulate a bag of tricks. This is also
why, using a System Restore point, hardly ever works, because
they "solved" that one long ago. All the restore points would
end up infected, if any EXE is present on the machine. That's
one of the first things they screw over.

Paul

On Sat, 16 Sep 2017 22:12:52 -0400, dale wrote:

I had Microsoft Edge browser open while I was using the Kindle Book app
to write a paper in Libre Writer. Connecting hardwire to the default
router from my ISP.

Edge showed a screen that starting talking about a need to press some
buttons or something or my computer would be seen as a threat to the
network and would be disconnected until contacting Microsoft.

I ran a full scan with Windows Defender. I ran an offline scan also. No
threats were found.

Proceeding without browsing until I find out how to address this. Would
clearing the cache, etc. fix this? Can I clear stuff outside of Edge?
Any other ideas?

Leechblock.

I used to know how to configure an IP firewall ... but it is on ...

"dale" wrote

|I had Microsoft Edge browser open while I was using the Kindle Book app
| to write a paper in Libre Writer. Connecting hardwire to the default
| router from my ISP.
|
| Edge showed a screen that starting talking about a need to press some
| buttons or something or my computer would be seen as a threat to the
| network and would be disconnected until contacting Microsoft.
|
As Paul said, a HOSTS file would be a good start.
Also, stop using Edge. If you use Firefox or Pale
Moon you can use NoScript extension to block
all script except what's absolutely necessary.

The problem was probably with the page you were
visiting. It may have been that actual page or the site
could have been hacked or, probably most likely, an
ad on the page was the method to get to you. (An
example of how HOSTS can help. Attack ads are becoming
more common. Ad servers like Google/Doubleclick have
an automated system that allows people to buy an
ad in order to get access with their own script on
commercial webpages.)

** Such a scam requires javascript. Nearly all online
risks require javascript. Commandeering your browser
requires javascript. You don't have to put up with
sites taking over your browser, malware or not. **

NoScript is the most practical solution for most people.
I use 2 browsers. The one I use normally blocks javascript
completely, as well as iframes, cookies, etc. But if you
shop online that's not realistic. In that case NoScript will
allow you to, for example, allow staples.com or amazon.com
and their related domains, while blocking the tracking/spyware
and ad domains that infest most commercial sites. You can
also train it:

Allow staples.com permanently.
Block scorecardresearch.com permanently.
Block googletagmanager.com permanently.
Block doubleclick.com permanently.
Etc

(Side note: Scorecardresearch and Googletagmanager will
spy on you with web bugs if you disable script, so they
should also be in your HOSTS file.)

A firewall is also a good idea. But that's a whole other
discussion. Especially on Win10. Ideally you should block
anything outbound that you didn't instigate, but with
Win10 itself being spyware that gets complicated.
Nevertheless, blocking what you can would at least
provide some warning if you get malware installed that
tries to call home or use your computer as part of
a "bot herd".