Solved Hack to PC presumably via an uncontrolled access path through MS Edge.


Hozeluii

Active member
Local time
2:42 PM
Posts
2
Location
Spain
OS
Windows 11
Reporting a hack on a PC using MS Edge, presumably via an uncontrolled access path to the PC through this browser.
To which PC? The one from my profile in "eleven forums".
Symptoms: Constantly ("constantly" means for about 30 seconds, every 2 minutes) a window in "Notifications": "Your PC is infected with 5 viruses" or "Your PC is infected with Emotet Trojan" or "Your PC is infected with "Zeus 21" Trojan". The notification is embedded in a notification window containing a fake McAfee corporate image (fake, verified with McAfee). The (presumably fake) notifications contain a warning that the infection is via Microsoft Edge. The notification contains a link to "https://fonte(dot)click".
By clicking on this link it appears an exoteric homepage made up of an image.
Who is "fonte.click"? You can consult it at "fonte.click Reviews | check if site is scam or legit| Scamadviser"
Remedial attempts with appropriate tools:
(a) Windows Defender can't find it. Neither online nor offline.
(b) Malwarebytes (Premium) can't find it.
(c) Malwarebytes AdwCleaner can't find it.
(d) Panda offline can't find it. Summary: Failure to detect with common antimalware programs.
Remedial attempts through personal experiments:
(a) Search in the Registry: "fonte.click". Four instances appear. Action: Delete them. Result: the problem continues.
(b) Search in MS Edge settings for "fonte.click". [Settings - Cookies and Site Permissions - All sites]. There appears a site called "fonte.click". It is not possible to delete it, it is only possible to remove access to "Notifications" and I remove it. Result: Notifications disappear.
The problem reappears: When shutting off and restarting the PC, the notifications (presumably false) appear again.
New experiment: Restore MS Edge settings to source [Settings - Reset Settings - Reset settings to default - Reset] and also [Settings - Privacy, search and services - Tracking prevention - Strict]. Result: The (presumably fake) notifications have disappeared.
New action change the most important passwords.
Provisional conclusion: The action against the PC seems annulled.
Prevailing unknowns:
-- 1. What kind of Malware is it.
-- 2. If the damage caused or that may appear is greater than the notifications (presumably false).
New perspectives: In the absence of more ideas, if they reappear, uninstall MS Edge. Then: Format and Reinstall Windows.
Attached:
(a) Four files with uncontrolled and secret modifications to the Registry at the behest of "fonte.click".
(b) Image of the home page of "fonte.click".
 
Windows Build/Version
Windows 11 Ver 22H2 Comp. 22621.963

Attachments

  • fonte.click.4.txt
    520 bytes · Views: 3
  • fonte.click.3.txt
    590 bytes · Views: 1
  • fonte.click.2.txt
    440 bytes · Views: 1
  • fonte.click.1.txt
    510 bytes · Views: 2
  • 20230102_133554.jpg
    20230102_133554.jpg
    24.8 KB · Views: 4

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Micro-Star International Co, Ltd
    CPU
    Intel(R) Core(TM) i5-11500 @ 2.70GHz.
    Motherboard
    MAG B560M MORTAR WIFI (MS-7D17)
    Memory
    16 Gb
    Graphics Card(s)
    Integrated
    Sound Card
    Integrated
    Monitor(s) Displays
    BenQ GW2765HT
    Screen Resolution
    2560 x 1440 @ 59 Hz
    Hard Drives
    465,08 GB
    Cooling
    Air
    Keyboard
    Microsoft Wireless Keyboard 2000
    Mouse
    Microsoft Wireless Keyboard 2000
    Internet Speed
    1000 Mb/Ss
    Browser
    Chrome + Edge + Firefox
    Antivirus
    Windows Defender
    Other Info
    Malwarebytes Premium
The notification is embedded in a notification window containing a fake McAfee corporate image (fake, verified with McAfee). The (presumably fake) notifications contain a warning that the infection is via Microsoft Edge. The notification contains a link to "https://fonte(dot)click".
It sounds like an issue with the push notifications feature in Chromium based browsers (which includes MS Edge). Please see if the instructions in this Malwarebytes Labs article help or not.
 

My Computer

System One

  • OS
    Windows 10
It sounds like an issue with the push notifications feature in Chromium based browsers (which includes MS Edge). Please see if the instructions in this Malwarebytes Labs article help or not.
Indeed, these Malwarebytes instructions deal with browser push notifications technology using popping windows; although it only refers to the annoyance of windows appearing probably while you are hard at work.
But, I believe that "push" technology is not inherently bad in itself. Furthermore, in many cases this technology can be very good for people interested in receiving instant news regarding newspapers, weather, stocks, sports, etc. Note that whenever a person receives this news, it is because they have previously requested it from the website that issues it or, at least, they have accepted the website's invitation to send it to them.
The problem that occurs in the case that I have brought to forum attention is twofold:
(A) Notifications that have not been requested or accepted: "not accepted" at least voluntarily, although they may have been done by triggering a false link, that is, falling into a "mouse trap".
(B) Once you have fallen into that minor trap, the second part follows, which is to click on the link that contains the offer to clean the computer that offers that false window. After that, the attack can be unpredictable: the PC and its user are under the will, ambition and sagacity of the attacker. One has fallen into the "elephant hunting trap".
In my case: I don't have McAffe installed, that's why I suspected abuse. But I could have had McAfee as an antiviral! Then it would be highly probable that I had clicked on a dangerous link to clean up the PC.
My opinion: It is unacceptable that, at this point, in Windows 11 22H2, one can even modify the Windows registry and perhaps install files disguised as cookies, without the user being aware. In this case, everything remains trustworthy for Malwarwbytes and/or Defender to intervene in the last instance, at the last moment, if the hacker uses software; but if the attacker uses social engineering based on the naivete of the user, the damage would be immeasurable.
Thus, Microsoft Edge contains an open door to be sweetly tricked by hackers on the web.
Thanks for pointing him out.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Micro-Star International Co, Ltd
    CPU
    Intel(R) Core(TM) i5-11500 @ 2.70GHz.
    Motherboard
    MAG B560M MORTAR WIFI (MS-7D17)
    Memory
    16 Gb
    Graphics Card(s)
    Integrated
    Sound Card
    Integrated
    Monitor(s) Displays
    BenQ GW2765HT
    Screen Resolution
    2560 x 1440 @ 59 Hz
    Hard Drives
    465,08 GB
    Cooling
    Air
    Keyboard
    Microsoft Wireless Keyboard 2000
    Mouse
    Microsoft Wireless Keyboard 2000
    Internet Speed
    1000 Mb/Ss
    Browser
    Chrome + Edge + Firefox
    Antivirus
    Windows Defender
    Other Info
    Malwarebytes Premium
Trust.png

The more you allow the internet or your computer to have unfettered access to one another, the more problems you're gonna have. I think a good method of dealing with the internet is acting like you're a secret agent.

Get in, do your thing, get out.

As you mentioned... push technology isn't inherently bad. It's stupid, but not bad.
When you enable any kind of push technology, you're just opening your computer up to a problem, sooner or later.
When using any push technology, you're trusting your computer to the site that's doing the pushing.
If they get infected, you will also.

And that's just one minor example.

There are many things that will aid the bad guys in accessing your computer.
Social media, email clients, any company's apps (which every company offers), browser extensions, just to name a few.

There are many company's websites I would trust, but next to none that I would let install apps on my computer.


"It's not paranoia if they really are out to get you". :cool:
 
Last edited:

My Computers

System One System Two

  • OS
    Win 11 Home ♦♦♦22631.3374 ♦♦♦♦♦♦♦23H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® [May 2020]
    CPU
    AMD Ryzen 7 3700X
    Motherboard
    Asus Pro WS X570-ACE (BIOS 4702)
    Memory
    G.Skill (F4-3200C14D-16GTZKW)
    Graphics Card(s)
    EVGA RTX 2070 (08G-P4-2171-KR)
    Sound Card
    Realtek ALC1220P / ALC S1220A
    Monitor(s) Displays
    Dell U3011 30"
    Screen Resolution
    2560 x 1600
    Hard Drives
    2x Samsung 860 EVO 500GB,
    WD 4TB Black FZBX - SATA III,
    WD 8TB Black FZBX - SATA III,
    DRW-24B1ST CD/DVD Burner
    PSU
    PC Power & Cooling 750W Quad EPS12V
    Case
    Cooler Master ATCS 840 Tower
    Cooling
    CM Hyper 212 EVO (push/pull)
    Keyboard
    Ducky DK9008 Shine II Blue LED
    Mouse
    Logitech Optical M-100
    Internet Speed
    300/300
    Browser
    Firefox (latest)
    Antivirus
    Bitdefender Internet Security
    Other Info
    Speakers: Klipsch Pro Media 2.1
  • Operating System
    Windows XP Pro 32bit w/SP3
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® (not in use)
    CPU
    AMD Athlon 64 X2 5000+ (OC'd @ 3.2Ghz)
    Motherboard
    ASUS M2N32-SLI Deluxe Wireless Edition
    Memory
    TWIN2X2048-6400C4DHX (2 x 1GB, DDR2 800)
    Graphics card(s)
    EVGA 256-P2-N758-TR GeForce 8600GT SSC
    Sound Card
    Onboard
    Monitor(s) Displays
    ViewSonic G90FB Black 19" Professional (CRT)
    Screen Resolution
    up to 2048 x 1536
    Hard Drives
    WD 36GB 10,000rpm Raptor SATA
    Seagate 80GB 7200rpm SATA
    Lite-On LTR-52246S CD/RW
    Lite-On LH-18A1P CD/DVD Burner
    PSU
    PC Power & Cooling Silencer 750 Quad EPS12V
    Case
    Generic Beige case, 80mm fans
    Cooling
    ZALMAN 9500A 92mm CPU Cooler
    Mouse
    Logitech Optical M-BT96a
    Keyboard
    Logitech Classic Keybooard 200
    Internet Speed
    300/300
    Browser
    Firefox 3.x ??
    Antivirus
    Symantec (Norton)
    Other Info
    Still assembled, still runs. Haven't turned it on for 13 years?
All the security in the world cannot prevent a social engineering scam from working if the target willingly or unkowingly engages.
I should imagine that at some point you have clicked one of those cookie acceptance popups, maybe from a reputable site even, that allows 3rd party cookies from affiliates/ sponsors, this is probably where the notifications got into your system.
Or you clicked a link or image from one of those 3rd parties that allows other affiliates/ sponsors.
Not putting any blame on you here, it is so easy to click on something you think is clean and end up with an issue, even if you are educated about the pitfalls of internet browsing.
As to the culprit being undetectable, well you invited it in, even if unknown to you so it doesn't get flagged as malicious.
Since it is merely a notification it has no inherent power, until clicked on and followed by the user.
The answer to the wider issue, possibly there isn't one.
 

My Computer

System One

  • OS
    Windows 11 Pro 22H2, build: 22621.521
    Computer type
    PC/Desktop
    Manufacturer/Model
    Scan 3XS Custom 1700
    CPU
    Intel i7-12700K 3.6GHz Base (5.0GHz Turbo)
    Motherboard
    Asus ProArt Creator B660 D4
    Memory
    64GB DDR 3600Mhz
    Graphics Card(s)
    Asus Tuff RTX 3080 10GB OC
    Sound Card
    Onboard Realtek
    Monitor(s) Displays
    Gigabyte G32QC 32inch 16:9 curved @2560 x 1440p 165Hz Freesync Premium Pro/ Dell SE2422H 24inch 16:9 1920 x 1080p 75Hz Freesync
    Screen Resolution
    2560 x 1440p & 1920 x 1080p
    Hard Drives
    WD SN570 1TB NVME (Boot), Samsung 870QVO 1TB (SSD), SanDisk 3D Ultra 500Gb (SSD) x2, Seagate 3Tb Expansion Desk (Ext HDD), 2x Toshiba 1Tb P300 (Ext HDD)
    PSU
    Corsair RM1000X Modular
    Case
    Corsair 4000D Airflow Desktop
    Cooling
    Corsair Hydro H150i RGB Pro XT 360mm Liquid Cooler, 3 x 120mm fans, 1x Exhaust
    Keyboard
    Microsoft Ergonomic
    Mouse
    Logitech G402
    Internet Speed
    800Mbs
    Browser
    Edge Chromium
    Antivirus
    Defender, Malwarebytes

My Computers

System One System Two

  • OS
    Win 11 Home ♦♦♦22631.3374 ♦♦♦♦♦♦♦23H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® [May 2020]
    CPU
    AMD Ryzen 7 3700X
    Motherboard
    Asus Pro WS X570-ACE (BIOS 4702)
    Memory
    G.Skill (F4-3200C14D-16GTZKW)
    Graphics Card(s)
    EVGA RTX 2070 (08G-P4-2171-KR)
    Sound Card
    Realtek ALC1220P / ALC S1220A
    Monitor(s) Displays
    Dell U3011 30"
    Screen Resolution
    2560 x 1600
    Hard Drives
    2x Samsung 860 EVO 500GB,
    WD 4TB Black FZBX - SATA III,
    WD 8TB Black FZBX - SATA III,
    DRW-24B1ST CD/DVD Burner
    PSU
    PC Power & Cooling 750W Quad EPS12V
    Case
    Cooler Master ATCS 840 Tower
    Cooling
    CM Hyper 212 EVO (push/pull)
    Keyboard
    Ducky DK9008 Shine II Blue LED
    Mouse
    Logitech Optical M-100
    Internet Speed
    300/300
    Browser
    Firefox (latest)
    Antivirus
    Bitdefender Internet Security
    Other Info
    Speakers: Klipsch Pro Media 2.1
  • Operating System
    Windows XP Pro 32bit w/SP3
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® (not in use)
    CPU
    AMD Athlon 64 X2 5000+ (OC'd @ 3.2Ghz)
    Motherboard
    ASUS M2N32-SLI Deluxe Wireless Edition
    Memory
    TWIN2X2048-6400C4DHX (2 x 1GB, DDR2 800)
    Graphics card(s)
    EVGA 256-P2-N758-TR GeForce 8600GT SSC
    Sound Card
    Onboard
    Monitor(s) Displays
    ViewSonic G90FB Black 19" Professional (CRT)
    Screen Resolution
    up to 2048 x 1536
    Hard Drives
    WD 36GB 10,000rpm Raptor SATA
    Seagate 80GB 7200rpm SATA
    Lite-On LTR-52246S CD/RW
    Lite-On LH-18A1P CD/DVD Burner
    PSU
    PC Power & Cooling Silencer 750 Quad EPS12V
    Case
    Generic Beige case, 80mm fans
    Cooling
    ZALMAN 9500A 92mm CPU Cooler
    Mouse
    Logitech Optical M-BT96a
    Keyboard
    Logitech Classic Keybooard 200
    Internet Speed
    300/300
    Browser
    Firefox 3.x ??
    Antivirus
    Symantec (Norton)
    Other Info
    Still assembled, still runs. Haven't turned it on for 13 years?
If you have a computer at some point in time you will either be hacked, spied on or infected with something no matter how good your computer security is, it will happen ! I have been doing HJT logs (High Jack This) & no matter how careful i have been in 25 yrs it happens every once in awhile ! I do get one sometimes when i am testing a new program for Malware Removal or following a lead to a Virus ! So check your computer regularly and be careful of what sites you visit !
And as Ghot said "don't let vampires in" !
 

My Computer

System One

  • OS
    Windows11 23H2 (OS Build 22631.2428)
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP HP ENVY TE01
    CPU
    2.90 gigahertz Intel Core i7-10700
    Motherboard
    Board: HP 8767 A (SMVB)
    Memory
    16214 Megabytes Usable Installed Memor
    Hard Drives
    1511.52 Gigabytes Usable Hard Drive Capacity
    1418.15 Gigabytes Hard Drive Free Space
    Keyboard
    Logitech wireless
    Mouse
    M 185 wireless
    Internet Speed
    12 ms Jitter 8 ms Download 10.5 Mbps Upload 1.7
    Browser
    Edge & FF
    Antivirus
    Windows Defender
As you mentioned... push technology isn't inherently bad. It's stupid, but not bad.
When you enable any kind of push technology, you're just opening your computer up to a problem, sooner or later.
When using any push technology, you're trusting your computer to the site that's doing the pushing.
Sadly so, I really wanted to use notifications, but because 9 of 10 weboages abuse them, I had to disable them all.
Google and MS tried to remediate the situation with silent and toast notifications instead, but it is a lost battle.
 

My Computer

System One

  • OS
    Windows 11 Home
    Computer type
    PC/Desktop
    CPU
    AMD Ryzen 5 3600 & No fTPM (07/19)
    Motherboard
    MSI B450 TOMAHAWK 7C02v1E & IFX TPM (07/19)
    Memory
    4x 8GB ADATA XPG GAMMIX D10 DDR4 3200MHz CL16
    Graphics Card(s)
    MSI Radeon RX 580 ARMOR 8G OC @48FPS (08/19)
    Sound Card
    Creative Sound Blaster Z (11/16)
    Monitor(s) Displays
    24" AOC G2460VQ6 (01/19)
    Screen Resolution
    1920×1080@75Hz & FreeSync (DisplayPort)
    Hard Drives
    ADATA XPG GAMMIX S11 Pro SSD 512GB (07/19)
    PSU
    Seasonic M12II-520 80 Plus Bronze (11/16)
    Case
    Lian Li PC-7NB & 3x Noctua NF-S12A FLX@700rpm (11/16)
    Cooling
    CPU Cooler Noctua NH-U12S@700rpm (07/19)
    Keyboard
    HP Wired Desktop 320K + Rabalux 76017 Parker (01/24)
    Mouse
    Logitech M330 Silent Plus (04/23)
    Internet Speed
    400/40 Mbps via RouterOS (05/21) & TCP Optimizer
    Browser
    Edge (No FB/Google) & Brave for YouTube & LibreWolf for FB
    Antivirus
    NoAV & Binisoft WFC & NextDNS
    Other Info
    Headphones: Sennheiser RS170 (09/10)
    Phone: Samsung Galaxy Xcover 7 (02/24)
It is unacceptable that, at this point, in Windows 11 22H2, one can even modify the Windows registry and perhaps install files disguised as cookies, without the user being aware.
There are many ways an experienced hacker can get in to insert malicious code, but the user has to do SOMETHING to open the door....open a link, ad, or attachment, visit a malicious site, or be dumb enough to give them physical remote access to his system(which happens a lot). If one wants an operating system that hackers don't concentrate all their efforts in infecting, then one can run one of the free Linux distros rather than Windows. That's not to say Linux can not be infected. It can. The bad boys don't care about the 2.68% of worldwide desktop PCs and laptops running Linux. They spend their time trying to infect the 76% of worldwide users running Windows. If one wants to be 100% safe from hackers, never go on the internet.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2 22631.3296
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 7080
    CPU
    i9-10900 10 core 20 threads
    Motherboard
    DELL 0J37VM
    Memory
    32 gb
    Graphics Card(s)
    none-Intel UHD Graphics 630
    Sound Card
    Integrated Realtek
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    1tb Solidigm m.2 +256gb ssd+512 gb usb m.2 sata
    PSU
    500w
    Case
    MT
    Cooling
    Dell Premium
    Keyboard
    Logitech wired
    Mouse
    Logitech wireless
    Internet Speed
    so slow I'm too embarrassed to tell
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium
  • Operating System
    Windows 10 Pro 22H2 19045.3930
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 9020
    CPU
    i7-4770
    Memory
    24 gb
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    256 gb Toshiba BG4 M.2 NVE SSB and 1 tb hdd
    PSU
    500w
    Case
    MT
    Cooling
    Dell factory
    Mouse
    Logitech wireless
    Keyboard
    Logitech wired
    Internet Speed
    still not telling
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium
Even Linux is no longer 'safer', I believe Bleepingcomputer reported this week that over 60 new Linux malware variants were in circulation this year alone, if I can find the article I will link it later.
Unfortunately as Valve have made a large percentage of thier games Linux compatible it has bought the OS, if not into the mainstream, at least onto the radar. Steam accounts are prime targets for some bad actors, all those payment details, names, addresses and so on, not to mention the number of inherent security holes being found/ created in some distros as the OS becomes more popular.
 

My Computer

System One

  • OS
    Windows 11 Pro 22H2, build: 22621.521
    Computer type
    PC/Desktop
    Manufacturer/Model
    Scan 3XS Custom 1700
    CPU
    Intel i7-12700K 3.6GHz Base (5.0GHz Turbo)
    Motherboard
    Asus ProArt Creator B660 D4
    Memory
    64GB DDR 3600Mhz
    Graphics Card(s)
    Asus Tuff RTX 3080 10GB OC
    Sound Card
    Onboard Realtek
    Monitor(s) Displays
    Gigabyte G32QC 32inch 16:9 curved @2560 x 1440p 165Hz Freesync Premium Pro/ Dell SE2422H 24inch 16:9 1920 x 1080p 75Hz Freesync
    Screen Resolution
    2560 x 1440p & 1920 x 1080p
    Hard Drives
    WD SN570 1TB NVME (Boot), Samsung 870QVO 1TB (SSD), SanDisk 3D Ultra 500Gb (SSD) x2, Seagate 3Tb Expansion Desk (Ext HDD), 2x Toshiba 1Tb P300 (Ext HDD)
    PSU
    Corsair RM1000X Modular
    Case
    Corsair 4000D Airflow Desktop
    Cooling
    Corsair Hydro H150i RGB Pro XT 360mm Liquid Cooler, 3 x 120mm fans, 1x Exhaust
    Keyboard
    Microsoft Ergonomic
    Mouse
    Logitech G402
    Internet Speed
    800Mbs
    Browser
    Edge Chromium
    Antivirus
    Defender, Malwarebytes

Latest Support Threads

Back
Top Bottom