Edit: Folks, I keep telling you it’s VERY unlikely to be malware.

I’ll update you and apologize to each if my credit card gets wiped or something but I’m quite sure I’m safe, don’t worry.

Also sorry for blaming Microsoft for what is apparently my fault.


I accidentally clicked Microsoft Edge on my work computer with Windows 10 and couldn’t close it — it just keeps reopening. It takes File Shredder to stop it from opening again, at least until the computer restarts.

Notice the ads, most are extremely sketchy (my frequent reload in previous takes caused the ad server + my work VPN to rate limit me):

  • China warns: %user.currency% is dead! (Yeah, sure. Obvious propaganda. Generic pictures or faked images of a worthless banknote giveaway.)
  • 63-year-old figured out! (Does not say what but a pic of obviously young-looking feet.)
  • Make boatloads of money with AI! (aka auto-trade very uncompetitive options, no guarantees on withdrawals of any wins)
  • Save money using solar! (The company is legitimate but the deal on panels is probably not great)
  • Buy yourself a great new FPCEILPTBSP! (You can’t tell what it is and neither can we! (Apparently TV wall mount))
  • Losing hair?
  • Millionaire has genius method you can try (but give us money first, making his pic transparent so we can put him in front of %user.country.flag% was difficult)
  • Game! Yay! (Microtransactions galore!)
  • Get EVERYTHING in your car fixed (by a stock photo mechanic!)
  • CameronDev@programming.dev
    link
    fedilink
    English
    arrow-up
    26
    ·
    1 year ago

    The ads are definitely garbage, but the respawning window is something very wrong. Are you sure you dont have some kind of malware that is respawning the window?

    • ChaoticNeutralCzech@lemmy.oneOP
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      16
      ·
      edit-2
      1 year ago

      It’s the cleanest Windows install I’ve ever done, less than a month old, and there is world-renowned, enterprise-level antivirus software running. Malware is pretty much out of the question.

      I did install EdgeRemover (edit: misremembered name) MSEdgeRedirectbut it apparently does not quite work.

      So yeah, it is caused by a kind of malware, which you pay Microsoft for. Unfortunately, I don’t have any other choice due to our required software.

      • Lemdee@lemmy.world
        link
        fedilink
        English
        arrow-up
        45
        arrow-down
        1
        ·
        1 year ago

        Enterprise IT infrastructure admin here, I’ve imaged thousands of windows laptops over a decade and dealt with Edge since it was implemented, never seen anything like this. I’m sure you’re confident in your abilities but you messed something up real bad or have malware of some kind. No question about it, this is not typical for any version of Edge.

        • ChaoticNeutralCzech@lemmy.oneOP
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          7
          ·
          1 year ago

          messed something up real bad

          You see me power-deleting Edge (including WebView) in the video, which is obviously a bad idea. This is a somewhat experimental setup I have so I don’t mind screwing things up a little bit.

          malware

          Unlikely. I follow very strict precautions. I cannot afford to have malware on top of my existing computer trouble.

          • Lemdee@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            so I don’t mind screwing things up a little bit.

            Which you clearly did, and are trying to blame Edge. There’s plenty of things to shit on Edge for but user error is not one of them.

      • atocci@kbin.social
        link
        fedilink
        arrow-up
        12
        ·
        1 year ago

        This is actual malware behavior though, not Microsoft’s usual “pls use Edge” shtick. If it’s not malware, something has still gone very wrong.

        • ChaoticNeutralCzech@lemmy.oneOP
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          6
          ·
          edit-2
          1 year ago

          I don’t disagree with you. I could have still messed up in a subtle way but at least the consequences don’t seem to be too serious.

          Anyway, I don’t think it’s (third party) malware (that is, not by me or Microsoft) for another reason: viruses and trojans are not what they used to be. Unlike the 1990s, you won’t find much modern malware that does nothing but annoys the user (corporations, other users and freeware vendors do it plenty). People do it fir profit and they make adware, ransomware and cryptostealers, not some script kiddie’s batch file in the Startup folder that opens all executables in System32 simultaneously.

          When Firefox started opening several blank tabs every second, I immediately knew it wasn’t malware but a misconfiguration: turns out it was trying to open a PDF in itself. I think this is another little mistake I made.

          • Kecessa@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            7
            arrow-down
            1
            ·
            1 year ago

            I think this is another little mistake I made.

            Like not listening to people that are telling you to stop acting like you know what you’re doing?

            • ChaoticNeutralCzech@lemmy.oneOP
              link
              fedilink
              English
              arrow-up
              1
              arrow-down
              5
              ·
              1 year ago

              Hey! The stakes are low and the consequences are mild annoyance at worst (unless I’ve downloaded actual malware, which is unlikely because I follow precautions). Yes, I mess around with systems I shouldn’t but that’s just another learning experience.

              • u/unhappy_grapefruit_2@lemmy.world
                link
                fedilink
                English
                arrow-up
                4
                ·
                edit-2
                1 year ago

                Going scorched earth on your hdd is also good learning experience as well and I recommend you do it now that you ran and almost certainly gave admin permissions to a suspicious file which fails under textbook malware I also recommend you delete all your browser cookies and change your passwords

      • Kecessa@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        6
        arrow-down
        1
        ·
        edit-2
        1 year ago

        “which you pay Microsoft for”

        No. That’s not an Edge feature, that’s your shit that you broke yourself. I’m running five computers with Windows 11 and none of them have this behaviour, it’s not Microsoft doing partial rollouts as that would be all over tech news.

        Don’t ask for opinions if you’re going to argue with everyone that clearly understand things better than you do.

        Delete everything on your computer, do a full format of your hard drive, change all the passwords that computer could have had access to, don’t try to delete Edge from your next install of Windows as it’s a necessary feature and you just got pwnd for being an idiot that couldn’t understand that.

        • ChaoticNeutralCzech@lemmy.oneOP
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          6
          ·
          1 year ago

          That’s clearly misconfiguration, not malware. Do you think modern malware would do obvious shit like this? I checked all installers on VirusTotal and most were FOSS, too.

          Anyway, I know removing Edge can do weird stuff, it disabled biometric login on another PC.

          The computer is not high-stakes, I don’t do personal stuff there and this is mild annoyance at worst. I’ll have ESET check the drive and reset Edge-related config.

  • stevedidwhat_infosec@infosec.pub
    link
    fedilink
    English
    arrow-up
    21
    ·
    edit-2
    1 year ago

    This is textbook browser takeover activity. Is your enterprise level world renown AV setup correctly?

    Who is it by the way. Just curious

    Edit: by the way the freeware tool you downloaded to remove edge which “didn’t work” sounds like it did work and it took over your browser.

    • Kecessa@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      13
      arrow-down
      2
      ·
      1 year ago

      Ding ding ding! OP drank the Kool Aid and felt like they needed to completely remove Edge, they downloaded a tool made to bait gullible users and they’re now stuck with a malware and won’t admit it.

      The question OP needs to ask themselves is, why ask for opinions when they will ignore all of them?

      • ChaoticNeutralCzech@lemmy.oneOP
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        6
        ·
        1 year ago

        Nope, the tool is FOSS MSEdgeRedirect, very well known and praised. I think it’s purely my config mistake with no third-party wrongdoing and I will live with the consequence of Edge being slightly more annoying whenever I accidentally click it.

        • u/unhappy_grapefruit_2@lemmy.world
          link
          fedilink
          English
          arrow-up
          4
          ·
          edit-2
          1 year ago

          Did you a: make sure to verify the code before running it on your computer making double sure theres no suspicious code in your text editor of choice or did you just do : b run the file on your computer and give it unfeathered access to your computer I’m assuming you did b because this is what i and most people even a good chunk of linux users would do in this scenario even then I at least make sure to scan doublely suspious files in my AV of choice before actually running it on my system

          • ChaoticNeutralCzech@lemmy.oneOP
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            2
            ·
            1 year ago

            B, of course, I don’t want every install to take 4 hours.

            For antivirus, the company provides ESET but I also use VirusTotal and a WIP common sense engine.

        • Carighan Maconar@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          1
          ·
          1 year ago

          In a way what you do proves vendors like MS or Apple right in doing what they do, btw. They lock systems down to prevent average users from fucking up their systems with stuff they download from the internet.

          Forcing a specific browser (see Apple just enforcing it all be safari) to prevent the user getting around security checks you can build relying on that one browser is just one step of that.

          And every time someone blindly shoots themselves in the foot with a tool then tries to blame the company for what they themselves did wrong, the number used in meetings to justify more programmer time spent on locking it all down goes up by 1.

    • ChaoticNeutralCzech@lemmy.oneOP
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      5
      ·
      edit-2
      1 year ago

      Well, my default browser is Firefox and EdgeRemover (oops, misremembered the name) MSEdgeRedirect (which is FOSS of course, would not install such thing otherwise) does work, in a way – all Help pages, Start Menu searches etc. get redirected to Firefox and DuckDuckGo. I thought it would prevent Edge from opening at all. I don’t think it’s a browser hijacker.

      Okay, the company is using ESET’s highest tier and the computers are remotely managed so I’m not sure I would see detection notifications.

      textbook browser hijacker

      Is your textbook from the 1990s? Pretty sure modern malware is way more stealthy and not at all obvious.

      Screenshot of famous DOS virus Walker

  • Appoxo@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    2
    arrow-down
    3
    ·
    1 year ago

    I dread it every time I open it by accident.
    Task manager was faster than waiting + dialogs.

    • ChaoticNeutralCzech@lemmy.oneOP
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      1
      ·
      1 year ago

      Well, Task Manager nor attempting to delete the executable normally helped in my case. Power deleting Edge (including WebView) is obviously a bad idea but faster than finding whatever mistake I made that led to this behavior. I can afford to do dumb stuff because the job is temporary, and I never downloaded any malware (according to VirusTotal) that would cause further problems.

      • Appoxo@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Be aware that the new explorer.exe seems to be dependant on some parts on edge.
        I believe I saw flashes of edge in windows explorer during a crash

        • ChaoticNeutralCzech@lemmy.oneOP
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          1
          ·
          edit-2
          1 year ago

          That’s exactly what Microsoft did in the 1990s after an antitrust lawsuit for hindering free browser selection: integrated Internet Explorer into Explorer to have an excuse for having it preinstalled.

          The EU is taking similar steps but I tgink Edge WebView will stay essential. Removing it on a laptop broke biometrics (aka Windows Hello: fingerprint sensor and face recognition) and I had to use a restore point. Seems sketchy to use a browser engine for essential security features – at this point, I would hope I had triggered some OS tamper-detection because the alternative is an OS whose login system is infected with an unpopular browser not because it enhances security but out of spite, and I don’t think exploiting legal loopholes leads to most secure solutions.

      • u/unhappy_grapefruit_2@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        1
        ·
        edit-2
        1 year ago

        You downloaded a suspicious file of the Internet anyone can summit code to github and while that stuff does get reviewed alot of malcious stuff goes unnoticed especially on a project of a smaller scale like thjs that is executing code which is doing maclious things to your Web browser I’m a dumbass on the internet and even I know that’s a textbook piece of malware op

        • ChaoticNeutralCzech@lemmy.oneOP
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          6
          ·
          edit-2
          1 year ago

          That’s what 1990s malware does. Modern malware either shows its own ads in your face (adware) or is stealthy while it mines crypto, exfiltrates your passwords / credit card info or encrypts all personal files.

          You’re like WestEnd in this thread. Don’t take ot personally, I don’t blame you for the confusion, there is a lot of misleading media about malware behavior.

          your web browser

          That would be Firefox, and it works fine.

          • u/unhappy_grapefruit_2@lemmy.world
            link
            fedilink
            English
            arrow-up
            3
            ·
            edit-2
            1 year ago

            I’m going by the information ive got on hand from what I know you’ve installed a suspicious file on github which uninstalls edge which means it almost certainly has administrator permissions. Ontop of this anyone can summit code to github projects and while most of those maclious actors get caught a few can slip on in and reek chaos I know for an instant that edge doesn’t behave this way as I use it almost daily on my personal computer I know most chromium Web browsers especially the big main ones don’t behave this way also. I also know that if this github project is executing code in this way and manner that means it is textbook malware

            Even if I am wrong and this isn’t malware. Isn’t it better to be safe than sorry op to take the proper precautions that are necessary to avoid all the unnecessary stress and hardship

            • ChaoticNeutralCzech@lemmy.oneOP
              link
              fedilink
              English
              arrow-up
              2
              ·
              edit-2
              1 year ago

              Thank you for your kind words.

              Hardship is part of life. I have more than I would like right now but that’s just how I am. Dunno, maybe should place myself preventively on suicide watch.

              At least it’s a temporary, below minimum wage job so I don’t mind too much if the computer goes up in flames and I get fired. It will get wiped for the next wagie anyway.

              MSER does not uninstall Edge BTW

              • u/unhappy_grapefruit_2@lemmy.world
                link
                fedilink
                English
                arrow-up
                2
                ·
                edit-2
                1 year ago

                Dang bro sounds like you got alot of on plate at the moment gl and gl in your career and future careers. I seriously do hope you all the best

                • ChaoticNeutralCzech@lemmy.oneOP
                  link
                  fedilink
                  English
                  arrow-up
                  2
                  ·
                  edit-2
                  1 year ago

                  Thanks. Maybe I should go buy another emotional support Blåhaj, the big one this time.

                  Very wholesome thread for someone who could well be an IRL Joker and @ShitOnABrick@lemmy.world.

                  Oh, and I love the community you moderate. Better fuel Huel!