Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Internet hack trouble with fake MSE graphic.

Posted on 2014-04-22
Medium Priority
Last Modified: 2014-04-24

Here is a graphic that shows up on my screen...
Full screen grab of hack into my computer.
This has shown up 2-3 times in the last 10 days while I'm browsing websites with IE 11.  You can see in the full screen grab above, the purported URL from which this is coming.  I'll be browsing a web site and suddenly when I select something, I lose the screen I was on and this takes over my browser window.

There is another dialogue box that comes up on top of this screen that is from the OS somehow.  It is small, and looks very much like what you see when using the MSG.exe command over a network.  It says something like the webpage has discovered a problem and you need to clean your computer immediately.  I think I clicked the dialogue box away if I remember correctly, then have to quit IE, if I remember correctly.

 I am running Surface RT so I cannot turn off Windows Update which means my Windows Defender that is provided with RTs is up to date on virus/malware issues as far as Microsoft knows.  You cannot get MSE for RTs, but Windows Defender GUI looks just like MSE.  I ran a full scan using Defender just to say I did.  It reported no problems and my system is protected.  My arm processor is Nvidia Tegra 3 Quad core 1.3 GHz, in Surface RT with Windows 8.1 RT.  Regedit for ...
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TerminalServer\AllowRemoteRPC is set to 0, and "Allow remote assistance connections" is off in the system control panel.  The Surface RT is on WiFi to Apple Airport (maybe 7 years old) which is Ethernet connected to Motorla SB series cable modem (maybe 7 years old) to Comcast.  Under Security control panel, Firewall and everything is on and ok except for "Network Access Protection Agent" which was not running.  Looking into it, I found it off and set to manual.  I changed it to automatic and started it.  It is on now.

1.  Is it really that easy to send something to a protected system?
2.  Is there a checklist of things to do to close down security issues to prevent this?
3.  Was my off status of the NAP agent how they got to me, or unrelated?
4.  Is there any useful intelligence I can gather if they do it again?
5.  Shouldn't Windows Defender tell me my NAP agent is off?

Any answers or advice would be awesome.  Thank you.

Question by:Christopher Jay Wolff
  • 4
  • 2
  • 2
  • +2
LVL 17

Assisted Solution

by:Sajid Shaik M
Sajid Shaik M earned 80 total points
ID: 40018117
is seems a malware ...  browser hijacker... which generating fake alerts...of micro soft security essentials..

here check the instructions for removal of fake alerter..


you can download malware byte from the following link...

LVL 20

Assisted Solution

marsilies earned 920 total points
ID: 40018405
"Network Access Protection Agent" is a feature primarily for corporate environments; it reports from a client PC back to a server to make sure its settings are correct. It's set by default to manual start, so it's not the cause of your problems: See these links for more on NAP:

Does the web page hijack occur in the Metro version of IE? From the screenshot it looks like you're using the desktop version.

Is it just one website that's affected? It could be the website that's been hacked to serve up these false alerts.

@Shaik M. Sajid: Malwarebytes won't run on Windows RT
LVL 31

Accepted Solution

serialband earned 1000 total points
ID: 40018408
I don't believe you can install malwarebytes on Windows RT, since it's ARM based.  You may have to refresh your browser or delete all your browser settings to clear it.  That also means that most normal Windows viruses will not work on your system.  Browser hijacking is still a possibility, so you should type in your browser links and avoid clicking on spam.


You can enable tracker protection as an alternative to adblock plus (which you can't install).  http://www.edandersen.com/2012/10/28/adblock-alternative-on-windows-rts-ie10/

You can install easy list to your Tracker Protection List.
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.


Author Comment

by:Christopher Jay Wolff
ID: 40018526
Thank you very much everyone for your quick and helpful responses!!  Am checking email on coffee break right now, will be able to look at this late tonight EST and more tomorrow.  I had not heard of web page hijacking before.  And thanks for resubmitting Shaik M. Sajid.

It is the desktop version of IE 11.

So far this exact same thing happened on two different days while on two totally different sites.  First time, I was on msn.com and clicked on a news item to read, and at the bottom of the news article they have those spammy looking links to click on for $9 car insurance and such.  One of those let this happen.  Last night its was my resume site, beyond.com/Christopherjaywolff and I cannot remember what I was clicking on.  I think it was my resume update info.  However, about 5 minutes prior I had clicked on a banner ad above my resume for some site that wants to help people publish books called AuthorHouse.  They had typos in their ad so I figured when I write my memoirs I might not have them edit it.  Maybe they'll improve by then though.

The thing is there never seems to be any damage done.  Everything seems to work fine with no data loss after I reboot and/or reset Surface power.  No problems detected.  So it seems like a really annoying thing that is just annoying.  Don't want to be gullible though.

More tonight or tomorrow..
LVL 31

Expert Comment

ID: 40018732
It sounds like both times you clicked on, or just loaded, spam links.  You should just block them from loading.  They sometimes insert code that the main sites don't know about unless someone complains.  Browser hijacking is common now that Microsoft has somewhat locked down their systems and made it more difficult to get access.  It's an easier avenue to exploit because some people are quite easily swayed by flashy ads.
LVL 70

Expert Comment

ID: 40019294
I think you got spammed> spammy looking links to click on for $9 car insurance and such.  One of those let this happen.
Check your start-up group/ programs for any new installed software.
Look in uninstall a program also.
Reset Internet Explorer to default settings. This will delete everything including your passwords.
Try Eset online scanner this is an excellent tool and I get very good results.

Flash Cookie Cleaner is also a good tool keep in your itinerary.

Can you run hijackthis on your system?
Post back the results
Install hijackthis to a folder then extract it inside that folder/run it and do a system scan and save a log.
Post the log back here.

I'd also suggest resetting your router to factory defaults please ensure you know all the settings to put back, viruses can also interfere with the router preventing your system to be cleaned.
I have a spare new one that I use for this purpose.
LVL 31

Expert Comment

ID: 40019328
I don't believe he can install any of those on a Surface RT with an ARM processor.
LVL 70

Expert Comment

ID: 40019363
Thanks serialband I had wondered.

I believed hijackthis is not actually installing as it is a self extracting executable
I just extract it to the same folder as the zip in my downloads.
Can't say about Eset it downloads the latest virus database so it can be run off line.
If it is Surface pro, does it support them?
The point is
No security software can protect when the user clicks on a potential malware and to run a scan as they are active.
Installs hack tools lol?
The fact he gets this warning indicates those pages have privacy threats and other bad stuff on them and he is getting flagged. So his security is just telling him it found some potential.
If I may
Here is the user guide
Surface 2 User Guide
With Windows RT 8.1 Software
scroll to page 90 and see
How can I help protect my Surface from viruses?
Windows RT includes up-to-date virus and malware protection called Windows Defender. This software helps identify and remove viruses, spyware, and other malicious software. Windows Defender is always on and can't be turned off.
To manually scan Surface by using Windows Defender, see How do I find and remove a virus? on Windows.com.

If you're using Windows 8.1, you can run a scanner or antimalware app provided by another company if you prefer.
To keep your PC running smoothly, you should only install and run one antimalware app at a time.
If you're using Windows RT 8.1, Windows Defender is always on and can't be turned off.
Hope that helps.
Regards Merete
LVL 31

Expert Comment

ID: 40020109
It's an ARM processor.  You can't run binaries designed for x86 or x64.  Unless they've specifically compiled for ARM, the installer or binary executable won't run.

Tracker protection is available on Surface RT and installing/enabling easylist is likely the only choice available to reduce attacks for the moment.

Author Closing Comment

by:Christopher Jay Wolff
ID: 40020238
Yes, Marsilies and Serialband are correct, although it will take time for me to prove out EasyList and master the use of Event Viewer for apps and system issues.  I found Malwarebytes interesting because of their leading position in the industry and sent an email request to port their product to arm.  Maybe enough votes like that will get them to do it some day.  Great stuff people!!  I hope the point spread is alright.  Thank you all.

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
How does someone stay on the right and legal side of the hacking world?
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

579 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question