This article was created to help users remove the Microsoft Edge Virus. We recommend reading more about Microsoft Edge Virus Scam before moving on the to removal guide which can be found in the second half of the article.
It has not even been two weeks since Windows 10 was released and already there is a virus tailor made for it. In fact it’s so new that the name is not even original – the Microsoft Edge Virus. Microsoft Edge Virus targets the new internet browser made by Microsoft called Edge, but uses a trick that was used to plague Google Chrome users as well until recently, when an official update mostly fixed the exploit used.
The Microsoft Edge Virus
Microsoft Edge Virus operates in a matter somewhat similar to a Hijacker virus. Whenever you start Edge browser it will not load your usual home page, but instead another page showing some kind of error in the background. In front a message will pop-out that cannot be closed.
It will inform you that there is a problem with your computer. Microsoft Edge Virus will use a jumble of scary words and virus names, whose only goal is to instill panic in you. You will also be told via a recorded message to call the nearest Microsoft support center in order to receive help with removing the virus.
The Microsoft Edge Malware
The Microsoft Edge Malware is a browser hijacker that has been specifically designed to expose users to certain advertising materials and generating benefits for its developers thanks to Pay-Per-Click campaigns or sponsored ads positioning. Typically, any browser hijacker, including the The Microsoft Edge Malware app, will try to extract information about the users’ web browsing habits from the hijacked browser and pass it back on to its developers.
IT IS ALL FAKE
We realize that this might look scary as hell, but overall Microsoft Edge Virus is just a cleverly designed ruse using an unforeseen system weakness and it is not dangerous at all – unless you fall for the scammers of course. This virus resembles a lot to a very popular and danger virus called Zeus Virus.
Basically at some point while you were browsing you clicked on an infected link and your computer installed a script similar to what Browser Hijacker viruses use. But Microsoft Edge Virus is actually a phishing scam, as we will see below. Microsoft Edge Virus will terminate all your current tabs and windows and change your homepage to the site running the scam. Now whenever you start Edge it will load the scammer’s site you will just be seeing this message and it will be impossible to navigate away from it – thus the phishing part.
The so called Microsoft Support Centre is actually the core of the phishing scam. You will be connected to the hackers, who may try rob you in a couple of ways:
- Through greatly inflated phone cost prices while keeping you wait on-hold for ages.
- They will try to steal your Windows key by making you write it to them in order to receive support.
- By trying to extort money from your credit card or through bit coin installations in order to buy some kind of “support package”
The location of these hackers have been reported to be in places of Africa and India, which makes their physical apprehension pretty hard for the authorities. Fortunately though Microsoft Edge Virus is fairly easy to remove as you will soon see. Nevertheless we strongly recommend you buy&install a professional anti-malware program to fight these viruses. Windows 10 is still taking it’s baby steps and there will be many more coming from similar to this one until Microsoft manages to plug-in the biggest holes. The Edge virus is somewhat harmless compared to some of the heavy hitters we are bound to see in the future like Ransomware viruses and Trojans.
SUMMARY:
Name | Microsoft Edge Virus |
Type | Potentially Unwanted Program |
Danger Level | Medium (May try to install other dangerous software on your machine on spy on your browsing habits) |
Symptoms | Unwanted Ads appearing when a page is loaded, random toolbars and search engines getting installed on your PC, slowdown of processing speed. |
Distribution Method | Software bundles and online Ads. |
Detection Tool |
Remove Microsoft Edge Virus
STEP 1:
Open the Task Manager by right clicking on the Taskbar and choosing Start Task Manager. Once it opens, choose the Processes Tab. Locate and terminate the Microsoft Edge process by choosing End Task.
STEP 2:
Stop your internet connection. It doesn’t matter exactly in what way you do it.
STEP 3:
Navigate to the following directory:
C:Users<users>AppDataLocalPackagesMicrosoft.MicrosoftEdge_xxxxxxACMicrosoftEdgeUserDefaultRecoveryActive .The XXXX after Microsoft Edge is different for every user, a succession of numbers and/or symbols. Delete the last folder.
STEP 4:
Hold the Windows Key and R again – but this time copy + paste the following and click OK:
notepad %windir%/system32/Drivers/etc/hosts
A .txt file will open – don’t touch anything there. If you are hacked and someone has access to your PC, there will be a bunch of other IPs connected to you at the bottom. This is what a hosts file looks like:
If there are a bunch of strange IPs connecting to you below “Localhost” you may be hacked, and it’s best to ask us in the comments for directions.
I have 3 IP’s below the line. How do I remove them
Can you post these 3 IPs? They may be safe – or not. I can’t know until I see them.
This isn’t part of the infection. It’s perfectly fine for it to stay where it is. 🙂
127.0.0.1 down.baidu2016..com
127.0.0.1 123.sogou..com
127.0.0.1 http://www.czzsyzgm..com
127.0.0.1 http://www.cazzsyzxl..com
127.0.0.1 union.baidu.2019..com
SOS.
Hi Joao, all of these lines have to be deleted from your system, since you probably don’t want to have anything in common with known attack sites.
Do you have any issues with your PC?
If you no longer see any of the symptoms, you can assume that the issue has been dealt with.
It’s probably best if you remove them, Normally, there should be no IP addresses below the localhost IP’s. Still, though, you can send us a screenshot so we can tell you for certain.
Hello there, any IP addresses below localhost are not supposed to be in the Hosts file. Since there are such IP’s in your Hosts file, we advise you to delete them manually from the file and save the changes to it.
Can you tell me how to remove them manually?
You just need to delete them from within the file as you would normally delete text and then press CTRL + S in order to save the changes.
Can you send us a screenshot of the alert that pops-up?
Hi,
I am unable to save the changes to notepad file ‘hosts’. Getting ‘Contact system administrator’. What should I do?
Are you the system Administrator of the computer that you are using? Does the account you are using on the PC have Administrator privileges?
It is difficult to say – how long did the scammer have access to your PC? Also, are there any changes to your PC and are you sure that the remote access has been restricted?
Only a few moment’s. How do I restrict remote access?
How did your wife let the scammer gain remote access?
Hi!
I just did all the steps, but do we have to do step 4? That’s the only step I haven’t done yet. I still am getting virus pop ups and i’m not sure if i have to really do step 4, because I don’t really think my computer is hacked.
Well, it could still be worth it to check out the Hosts file anyway.
I have been hacked this morning with this virus. I am at step 4 and see 2 local host. Now what
Send the IP’s to use so we can determine whether they need to be removed or not.
Just had to follow your guide https://howtoremove. guide/remove-microsoft-edge-virus/
Got to the final bit and it says, ‘the system cannot find the path specified’ a blank notepad pops up to, I googled the solution as soon as it happened and changed my email password, the laptops new so only had my email and Facebook logged in, figuring I’m pretty safe?
If there’s nothing suspicious going on in your PC or browser, then you should be in the clear. Are there any symptoms of an unwanted program on your machine right now?
once I had followed these steps no, everything went back to normal. How do you prevent this from happening? The antivirus software did not detect this at all
How you prevent what from happening?
Did you find anything in the Registry Editor and inside the Hosts file that looks suspicious?
Hi- Thanks for your response! I did not find anything that looked suspicious.
Can you send us a screenshot of the pop-up?
I unplugged the computer to see if that would fix it, now I just have a black screen with the audio message playing that Edge has disabled the computer and I need to call to get it fixed…
Did you try using any of the steps form the guide?