63
submitted 1 year ago* (last edited 1 year ago) by ChaoticNeutralCzech@lemmy.one to c/mildlyinfuriating@lemmy.world

Embed attempt

Edit: Folks, I keep telling you it's VERY unlikely to be malware.

I’ll update you and apologize to each if my credit card gets wiped or something but I’m quite sure I’m safe, don't worry.

Also sorry for blaming Microsoft for what is apparently my fault.


I accidentally clicked Microsoft Edge on my work computer with Windows 10 and couldn't close it — it just keeps reopening. It takes File Shredder to stop it from opening again, at least until the computer restarts.

Notice the ads, most are extremely sketchy (my frequent reload in previous takes caused the ad server + my work VPN to rate limit me):

  • China warns: %user.currency% is dead! (Yeah, sure. Obvious propaganda. Generic pictures or faked images of a worthless banknote giveaway.)
  • 63-year-old figured out! (Does not say what but a pic of obviously young-looking feet.)
  • Make boatloads of money with AI! (aka auto-trade very uncompetitive options, no guarantees on withdrawals of any wins)
  • Save money using solar! (The company is legitimate but the deal on panels is probably not great)
  • Buy yourself a great new FPCEILPTBSP! (You can't tell what it is and neither can we! (Apparently TV wall mount))
  • Losing hair?
  • Millionaire has genius method you can try (but give us money first, making his pic transparent so we can put him in front of %user.country.flag% was difficult)
  • Game! Yay! (Microtransactions galore!)
  • Get EVERYTHING in your car fixed (by a stock photo mechanic!)
top 50 comments
sorted by: hot top controversial new old
[-] Moonrise2473@feddit.it 37 points 1 year ago

Definitely something wrong with your computer, not normal behavior

[-] CameronDev@programming.dev 28 points 1 year ago

The ads are definitely garbage, but the respawning window is something very wrong. Are you sure you dont have some kind of malware that is respawning the window?

[-] Carighan@lemmy.world 3 points 1 year ago

Yeah this sounds like OP has malware on the system, definitely.

load more comments (27 replies)
[-] stevedidwhat_infosec@infosec.pub 25 points 1 year ago* (last edited 1 year ago)

This is textbook browser takeover activity. Is your enterprise level world renown AV setup correctly?

Who is it by the way. Just curious

Edit: by the way the freeware tool you downloaded to remove edge which “didn’t work” sounds like it did work and it took over your browser.

[-] Kecessa@sh.itjust.works 14 points 1 year ago

Ding ding ding! OP drank the Kool Aid and felt like they needed to completely remove Edge, they downloaded a tool made to bait gullible users and they're now stuck with a malware and won't admit it.

The question OP needs to ask themselves is, why ask for opinions when they will ignore all of them?

[-] ChaoticNeutralCzech@lemmy.one -4 points 1 year ago

Nope, the tool is FOSS MSEdgeRedirect, very well known and praised. I think it’s purely my config mistake with no third-party wrongdoing and I will live with the consequence of Edge being slightly more annoying whenever I accidentally click it.

[-] ShitOnABrick@lemmy.world 3 points 1 year ago* (last edited 1 year ago)

Did you a: make sure to verify the code before running it on your computer making double sure theres no suspicious code in your text editor of choice or did you just do : b run the file on your computer and give it unfeathered access to your computer I'm assuming you did b because this is what i and most people even a good chunk of linux users would do in this scenario even then I at least make sure to scan doublely suspious files in my AV of choice before actually running it on my system

[-] ChaoticNeutralCzech@lemmy.one -1 points 1 year ago

B, of course, I don’t want every install to take 4 hours.

For antivirus, the company provides ESET but I also use VirusTotal and a WIP common sense engine.

[-] Carighan@lemmy.world 1 points 1 year ago

In a way what you do proves vendors like MS or Apple right in doing what they do, btw. They lock systems down to prevent average users from fucking up their systems with stuff they download from the internet.

Forcing a specific browser (see Apple just enforcing it all be safari) to prevent the user getting around security checks you can build relying on that one browser is just one step of that.

And every time someone blindly shoots themselves in the foot with a tool then tries to blame the company for what they themselves did wrong, the number used in meetings to justify more programmer time spent on locking it all down goes up by 1.

[-] ChaoticNeutralCzech@lemmy.one -2 points 1 year ago* (last edited 1 year ago)

Well, my default browser is Firefox and ~~EdgeRemover~~ (oops, misremembered the name) MSEdgeRedirect (which is FOSS of course, would not install such thing otherwise) does work, in a way – all Help pages, Start Menu searches etc. get redirected to Firefox and DuckDuckGo. I thought it would prevent Edge from opening at all. I don't think it's a browser hijacker.

Okay, the company is using ESET’s highest tier and the computers are remotely managed so I’m not sure I would see detection notifications.

textbook browser hijacker

Is your textbook from the 1990s? Pretty sure modern malware is way more stealthy and not at all obvious.

Screenshot of famous DOS virus Walker

And I’m pretty sure you have no idea what you’re talking about, and I have a career with this stuff.

Figure it out yourself now smart ass.

[-] ChaoticNeutralCzech@lemmy.one -1 points 1 year ago* (last edited 1 year ago)

Duh. To be honest, should have checked before making the post.
Are you WestEnd?

[-] Hexarei@programming.dev 21 points 1 year ago
[-] ChaoticNeutralCzech@lemmy.one 7 points 1 year ago

Thanks. I should have checked earlier before making a fool of myself. A lesson for me, I guess.

[-] DrakeRichards@lemmy.world 14 points 1 year ago

Looks like this may be a known issue for some users.

[-] Moonrise2473@feddit.it 10 points 1 year ago

Ah so you also have the fake "china says euro is dead" ads that promote a scam shitcoin. I thought it was a local scam only for my country. I always flag those ads but they always come back with a different URL. Zero control from Microsoft

[-] ChaoticNeutralCzech@lemmy.one 7 points 1 year ago

I once got Top 7 Luxury Cruise in (Landlocked) Czech Republic from Microsoft. Also, The Flight Price From %user.location% (village of 200 people) To New York Will Surprise You

[-] Appoxo@lemmy.dbzer0.com 0 points 1 year ago

I dread it every time I open it by accident.
Task manager was faster than waiting + dialogs.

[-] ChaoticNeutralCzech@lemmy.one 1 points 1 year ago

Well, Task Manager nor attempting to delete the executable normally helped in my case. Power deleting Edge (including WebView) is obviously a bad idea but faster than finding whatever mistake I made that led to this behavior. I can afford to do dumb stuff because the job is temporary, and I never downloaded any malware (according to VirusTotal) that would cause further problems.

[-] Appoxo@lemmy.dbzer0.com 2 points 1 year ago

Be aware that the new explorer.exe seems to be dependant on some parts on edge.
I believe I saw flashes of edge in windows explorer during a crash

[-] ChaoticNeutralCzech@lemmy.one 0 points 1 year ago* (last edited 1 year ago)

That’s exactly what Microsoft did in the 1990s after an antitrust lawsuit for hindering free browser selection: integrated Internet Explorer into Explorer to have an excuse for having it preinstalled.

The EU is taking similar steps but I tgink Edge WebView will stay essential. Removing it on a laptop broke biometrics (aka Windows Hello: fingerprint sensor and face recognition) and I had to use a restore point. Seems sketchy to use a browser engine for essential security features – at this point, I would hope I had triggered some OS tamper-detection because the alternative is an OS whose login system is infected with an unpopular browser not because it enhances security but out of spite, and I don't think exploiting legal loopholes leads to most secure solutions.

[-] ShitOnABrick@lemmy.world 1 points 1 year ago* (last edited 1 year ago)

You downloaded a suspicious file of the Internet anyone can summit code to github and while that stuff does get reviewed alot of malcious stuff goes unnoticed especially on a project of a smaller scale like thjs that is executing code which is doing maclious things to your Web browser I'm a dumbass on the internet and even I know that's a textbook piece of malware op

[-] ChaoticNeutralCzech@lemmy.one -4 points 1 year ago* (last edited 1 year ago)

That's what 1990s malware does. Modern malware either shows its own ads in your face (adware) or is stealthy while it mines crypto, exfiltrates your passwords / credit card info or encrypts all personal files.

You're like WestEnd in this thread. Don't take ot personally, I don't blame you for the confusion, there is a lot of misleading media about malware behavior.

your web browser

That would be Firefox, and it works fine.

[-] ShitOnABrick@lemmy.world 4 points 1 year ago* (last edited 1 year ago)

I'm going by the information ive got on hand from what I know you've installed a suspicious file on github which uninstalls edge which means it almost certainly has administrator permissions. Ontop of this anyone can summit code to github projects and while most of those maclious actors get caught a few can slip on in and reek chaos I know for an instant that edge doesn't behave this way as I use it almost daily on my personal computer I know most chromium Web browsers especially the big main ones don't behave this way also. I also know that if this github project is executing code in this way and manner that means it is textbook malware

Even if I am wrong and this isn't malware. Isn't it better to be safe than sorry op to take the proper precautions that are necessary to avoid all the unnecessary stress and hardship

[-] ChaoticNeutralCzech@lemmy.one 3 points 1 year ago* (last edited 1 year ago)

Thank you for your kind words.

Hardship is part of life. I have more than I would like right now but that's just how I am. Dunno, maybe should place myself preventively on suicide watch.

At least it's a temporary, below minimum wage job so I don't mind too much if the computer goes up in flames and I get fired. It will get wiped for the next wagie anyway.

MSER does not uninstall Edge BTW

[-] ShitOnABrick@lemmy.world 3 points 1 year ago* (last edited 1 year ago)

Dang bro sounds like you got alot of on plate at the moment gl and gl in your career and future careers. I seriously do hope you all the best

[-] ChaoticNeutralCzech@lemmy.one 2 points 1 year ago* (last edited 1 year ago)

Thanks. Maybe I should go buy another emotional support Blåhaj, the big one this time.

Very wholesome thread for someone who could well be an IRL Joker and @ShitOnABrick@lemmy.world.

Oh, and I love the community you moderate. Better fuel Huel!

load more comments
view more: next ›
this post was submitted on 21 Nov 2023
63 points (76.9% liked)

Mildly Infuriating

35455 readers
27 users here now

Home to all things "Mildly Infuriating" Not infuriating, not enraging. Mildly Infuriating. All posts should reflect that.

I want my day mildly ruined, not completely ruined. Please remember to refrain from reposting old content. If you post a post from reddit it is good practice to include a link and credit the OP. I'm not about stealing content!

It's just good to get something in this website for casual viewing whilst refreshing original content is added overtime.


Rules:

1. Be Respectful


Refrain from using harmful language pertaining to a protected characteristic: e.g. race, gender, sexuality, disability or religion.

Refrain from being argumentative when responding or commenting to posts/replies. Personal attacks are not welcome here.

...


2. No Illegal Content


Content that violates the law. Any post/comment found to be in breach of common law will be removed and given to the authorities if required.

That means: -No promoting violence/threats against any individuals

-No CSA content or Revenge Porn

-No sharing private/personal information (Doxxing)

...


3. No Spam


Posting the same post, no matter the intent is against the rules.

-If you have posted content, please refrain from re-posting said content within this community.

-Do not spam posts with intent to harass, annoy, bully, advertise, scam or harm this community.

-No posting Scams/Advertisements/Phishing Links/IP Grabbers

-No Bots, Bots will be banned from the community.

...


4. No Porn/ExplicitContent


-Do not post explicit content. Lemmy.World is not the instance for NSFW content.

-Do not post Gore or Shock Content.

...


5. No Enciting Harassment,Brigading, Doxxing or Witch Hunts


-Do not Brigade other Communities

-No calls to action against other communities/users within Lemmy or outside of Lemmy.

-No Witch Hunts against users/communities.

-No content that harasses members within or outside of the community.

...


6. NSFW should be behind NSFW tags.


-Content that is NSFW should be behind NSFW tags.

-Content that might be distressing should be kept behind NSFW tags.

...


7. Content should match the theme of this community.


-Content should be Mildly infuriating.

-At this time we permit content that is infuriating until an infuriating community is made available.

...


8. Reposting of Reddit content is permitted, try to credit the OC.


-Please consider crediting the OC when reposting content. A name of the user or a link to the original post is sufficient.

...

...


Also check out:

Partnered Communities:

1.Lemmy Review

2.Lemmy Be Wholesome

3.Lemmy Shitpost

4.No Stupid Questions

5.You Should Know

6.Credible Defense


Reach out to LillianVS for inclusion on the sidebar.

All communities included on the sidebar are to be made in compliance with the instance rules.

founded 2 years ago
MODERATORS