Solved Hack to PC presumably via an uncontrolled access path through MS Edge.

Reporting a hack on a PC using MS Edge, presumably via an uncontrolled access path to the PC through this browser.
To which PC? The one from my profile in "eleven forums".
Symptoms: Constantly ("constantly" means for about 30 seconds, every 2 minutes) a window in "Notifications": "Your PC is infected with 5 viruses" or "Your PC is infected with Emotet Trojan" or "Your PC is infected with "Zeus 21" Trojan". The notification is embedded in a notification window containing a fake McAfee corporate image (fake, verified with McAfee). The (presumably fake) notifications contain a warning that the infection is via Microsoft Edge. The notification contains a link to "https://fonte(dot)click".
By clicking on this link it appears an exoteric homepage made up of an image.
Who is "fonte.click"? You can consult it at "fonte.click Reviews | check if site is scam or legit| Scamadviser"
Remedial attempts with appropriate tools:
(a) Windows Defender can't find it. Neither online nor offline.
(b) Malwarebytes (Premium) can't find it.
(c) Malwarebytes AdwCleaner can't find it.
(d) Panda offline can't find it. Summary: Failure to detect with common antimalware programs.
Remedial attempts through personal experiments:
(a) Search in the Registry: "fonte.click". Four instances appear. Action: Delete them. Result: the problem continues.
(b) Search in MS Edge settings for "fonte.click". [Settings - Cookies and Site Permissions - All sites]. There appears a site called "fonte.click". It is not possible to delete it, it is only possible to remove access to "Notifications" and I remove it. Result: Notifications disappear.
The problem reappears: When shutting off and restarting the PC, the notifications (presumably false) appear again.
New experiment: Restore MS Edge settings to source [Settings - Reset Settings - Reset settings to default - Reset] and also [Settings - Privacy, search and services - Tracking prevention - Strict]. Result: The (presumably fake) notifications have disappeared.
New action change the most important passwords.
Provisional conclusion: The action against the PC seems annulled.
Prevailing unknowns:
-- 1. What kind of Malware is it.
-- 2. If the damage caused or that may appear is greater than the notifications (presumably false).
New perspectives: In the absence of more ideas, if they reappear, uninstall MS Edge. Then: Format and Reinstall Windows.
Attached:
(a) Four files with uncontrolled and secret modifications to the Registry at the behest of "fonte.click".
(b) Image of the home page of "fonte.click".

Hozeluii said:

The notification is embedded in a notification window containing a fake McAfee corporate image (fake, verified with McAfee). The (presumably fake) notifications contain a warning that the infection is via Microsoft Edge. The notification contains a link to "https://fonte(dot)click".

Click to expand...

It sounds like an issue with the push notifications feature in Chromium based browsers (which includes MS Edge). Please see if the instructions in this Malwarebytes Labs article help or not.

Porthos said:

It sounds like an issue with the push notifications feature in Chromium based browsers (which includes MS Edge). Please see if the instructions in this Malwarebytes Labs article help or not.

Click to expand...

Indeed, these Malwarebytes instructions deal with browser push notifications technology using popping windows; although it only refers to the annoyance of windows appearing probably while you are hard at work.
But, I believe that "push" technology is not inherently bad in itself. Furthermore, in many cases this technology can be very good for people interested in receiving instant news regarding newspapers, weather, stocks, sports, etc. Note that whenever a person receives this news, it is because they have previously requested it from the website that issues it or, at least, they have accepted the website's invitation to send it to them.
The problem that occurs in the case that I have brought to forum attention is twofold:
(A) Notifications that have not been requested or accepted: "not accepted" at least voluntarily, although they may have been done by triggering a false link, that is, falling into a "mouse trap".
(B) Once you have fallen into that minor trap, the second part follows, which is to click on the link that contains the offer to clean the computer that offers that false window. After that, the attack can be unpredictable: the PC and its user are under the will, ambition and sagacity of the attacker. One has fallen into the "elephant hunting trap".
In my case: I don't have McAffe installed, that's why I suspected abuse. But I could have had McAfee as an antiviral! Then it would be highly probable that I had clicked on a dangerous link to clean up the PC.
My opinion: It is unacceptable that, at this point, in Windows 11 22H2, one can even modify the Windows registry and perhaps install files disguised as cookies, without the user being aware. In this case, everything remains trustworthy for Malwarwbytes and/or Defender to intervene in the last instance, at the last moment, if the hacker uses software; but if the attacker uses social engineering based on the naivete of the user, the damage would be immeasurable.
Thus, Microsoft Edge contains an open door to be sweetly tricked by hackers on the web.
Thanks for pointing him out.

The more you allow the internet or your computer to have unfettered access to one another, the more problems you're gonna have. I think a good method of dealing with the internet is acting like you're a secret agent.

Get in, do your thing, get out.

As you mentioned... push technology isn't inherently bad. It's stupid, but not bad.
When you enable any kind of push technology, you're just opening your computer up to a problem, sooner or later.
When using any push technology, you're trusting your computer to the site that's doing the pushing.
If they get infected, you will also.

And that's just one minor example.

There are many things that will aid the bad guys in accessing your computer.
Social media, email clients, any company's apps (which every company offers), browser extensions, just to name a few.

There are many company's websites I would trust, but next to none that I would let install apps on my computer.


"It's not paranoia if they really are out to get you".

All the security in the world cannot prevent a social engineering scam from working if the target willingly or unkowingly engages.
I should imagine that at some point you have clicked one of those cookie acceptance popups, maybe from a reputable site even, that allows 3rd party cookies from affiliates/ sponsors, this is probably where the notifications got into your system.
Or you clicked a link or image from one of those 3rd parties that allows other affiliates/ sponsors.
Not putting any blame on you here, it is so easy to click on something you think is clean and end up with an issue, even if you are educated about the pitfalls of internet browsing.
As to the culprit being undetectable, well you invited it in, even if unknown to you so it doesn't get flagged as malicious.
Since it is merely a notification it has no inherent power, until clicked on and followed by the user.
The answer to the wider issue, possibly there isn't one.

DigitalGoat said:

well you invited it in

Click to expand...

Yep... just like vampires... never invite them in.

If you have a computer at some point in time you will either be hacked, spied on or infected with something no matter how good your computer security is, it will happen ! I have been doing HJT logs (High Jack This) & no matter how careful i have been in 25 yrs it happens every once in awhile ! I do get one sometimes when i am testing a new program for Malware Removal or following a lead to a Virus ! So check your computer regularly and be careful of what sites you visit !
And as Ghot said "don't let vampires in" !

Ghot said:

As you mentioned... push technology isn't inherently bad. It's stupid, but not bad.
When you enable any kind of push technology, you're just opening your computer up to a problem, sooner or later.
When using any push technology, you're trusting your computer to the site that's doing the pushing.

Click to expand...

Sadly so, I really wanted to use notifications, but because 9 of 10 weboages abuse them, I had to disable them all.
Google and MS tried to remediate the situation with silent and toast notifications instead, but it is a lost battle.

Hozeluii said:

It is unacceptable that, at this point, in Windows 11 22H2, one can even modify the Windows registry and perhaps install files disguised as cookies, without the user being aware.

Click to expand...

There are many ways an experienced hacker can get in to insert malicious code, but the user has to do SOMETHING to open the door....open a link, ad, or attachment, visit a malicious site, or be dumb enough to give them physical remote access to his system(which happens a lot). If one wants an operating system that hackers don't concentrate all their efforts in infecting, then one can run one of the free Linux distros rather than Windows. That's not to say Linux can not be infected. It can. The bad boys don't care about the 2.68% of worldwide desktop PCs and laptops running Linux. They spend their time trying to infect the 76% of worldwide users running Windows. If one wants to be 100% safe from hackers, never go on the internet.

Even Linux is no longer 'safer', I believe Bleepingcomputer reported this week that over 60 new Linux malware variants were in circulation this year alone, if I can find the article I will link it later.
Unfortunately as Valve have made a large percentage of thier games Linux compatible it has bought the OS, if not into the mainstream, at least onto the radar. Steam accounts are prime targets for some bad actors, all those payment details, names, addresses and so on, not to mention the number of inherent security holes being found/ created in some distros as the OS becomes more popular.