Using Edge browser I keep getting a pop up (refer attachment). It's trusted and 2 months old so not sure why it keeps popping up. The only way to clear this is to click the x button on the pop up. How can I stop this pop up?
NortonLifeLock Version 22.20.5.39
Win 10
@Cherries Did the email that was opened which started this scenario, contain an attached document or other file? My reasoning is outlined in this Kapersky article. Even your clean restorations are still giving you issue which I believe ARE NOT related to the dll file that was downloaded. A common source COULD be UEFI and/or your MBR (Master Boot Record) being hit with the malware described in the article.
SA
Hello. Edge Version 94.0.992.31 (Official build) (64-bit) is the latest build of Edge Chromium. Windows 10 Home version 21H1, OS build 19043.1237 is also the most current build and version of Windows 10. Are you sure you gave control to an authorized Norton support person? Where did you link to for the support session? It should have been at this link: https://support.norton.com/sp/en/us/home/current/contact
Just now I opened Edge to check its current version while having my default browser, Opera GX open here in the forums. I too saw Norton detect the dll for Core speech after closing Edge. Not having any issue from that download and have seen it before using Edge. Screenshot is below. Just an FYI, I do not use the my phone on any of my computers, my phones aren't rebooting either. The issue doesn't seem to be from the Core Speech download but rather the email having delivered a malicious payload. Your Microsoft credentials may be compromised if you are using that account. As a next step, I would reset your Microsoft account password. If you do not have an account and are logging into your computers with a local account I would change that as well. And. Set 2FA authentication on the Microsoft account. Update your system BIOS at this link as well: https://support.hp.com/us-en/drivers/selfservice/hp-slim-desktop-pc-s01-af1000i/32482415
Download Rkill from Bleeping Computer to your desktop and leave the file there for the time being. Next, boot your computer into Safe Mode following this article. Then run Rkill and allow it to look for suspicious processes which it will identify and stop. If it finds anything it will leave a text file on the desktop for further review. When Rkill is done run MRT.exe from an elevated command prompt ( run as admin). Allow it to run a full scan.
Cloudflare DNS values are as follows: 1.1.1.1 primary / 1.0.0.1 secondary. Change those values in your ISP device and reboot it. ALL your devices will be using those common DNS values when connected to your network, changing those values will help determine if the router is the source of things. Also look at your router logs for entries which would suggest malicious activity.
I also suggest resetting your Windows hosts file. Follow this Microsoft guide to complete that. https://support.microsoft.com/en-us/topic/how-to-reset-the-hosts-file-back-to-the-default-c2a43f9d-e176-c6f3-e4ef-3500277a6dae
These are a few suggestions and a lot for troubleshooting. IF, all else fails, AND, you have a Microsoft account that was being used on the affected computer, you can download an official ISO for Windows 10 from Microsoft and create a bootable USB to perform a clean install from media that isn't on the factory partition. That partition MAY also be compromised since reinstalls are showing the issue to return when performed from that partition. Here is the link: https://www.microsoft.com/en-us/software-download/windows10
Please let us know what your results are so we can assist further with help. BleepingComputer also has free help services if you need them.
SA
You're most welcome.
SA
Thanks everyone for all your help, I found that this only happens with Edge Dev version if I use standard Edge no issue so will switch back. Thanks again appreciated everyone having a go! :-)
I also concur. There aren't any settings within Dev Tools within Edge Chromium settings as well. As stated earlier, this file is part of a Microsoft Software Developer Kit ( SDK ) and can only be downloaded manually. The question we are attemping to answer primarily is HOW it has appeared on your system.
SA
....we don't have \Edge Dev\
Thanks
Full path: Filename: Microsoft.CognitiveServices.Speech.core.dll
Full Path: c:\Users\Ozboy\AppData\Local\Microsoft\Edge Dev\User Data\Speech Recognition\1.0.0.0\Microsoft.CognitiveServices.Speech.core.dll
Windows Version: Windows 10 Pro
Version 20H2
OS Build: 19042.746
The file isn't found within Edge Chromium on Windows 10 Pro x 64 version 20H2. The side-by-side experience is not supported on 20H2. What is your WIndows version and build?
SA
ozboy:Thanks for the reply, speech is off, nothing to do with the mentioned programs I don't have them installed. The dll is located in the Microsoft Edge folder.
~ legacy Edge or Edgium?
Whats the path to Microsoft.CognitiveServices.Speech.core.dll ?
Thanks for the reply, speech is off, nothing to do with the mentioned programs I don't have them installed. The dll is located in the Microsoft Edge folder.
Thanks again appreciate your help.
*
Hello ozboy. Look in your Norton history. IE as in your second screenshot for the file location. Check the settings shown below. Are you using anything related to Azure or compiling/developing anything related to Nuget? This dll file is NOT natively installed with Windows 10, its common use is amongst developer communities. However, games can be the culprit looking for this API, for an example Microsoft Flight Simulator will make calls for it. Plex services can also be the culprit for the same reason. In a nutshell some software on your system installed this API when it was installed. Have you recently installed any new software or upgraded same?
SA
Curious, do you run with Speech Recognition On?
