139

Windows 10 shows Linkedin Learning Ads on Login Screen (infosec.pub)

submitted 6 days ago by viking@infosec.pub to c/technology@lemmy.world

20 comments fedilink hide all child comments

cross-posted from: https://infosec.pub/post/14206569

Hi all,

First off: Can't switch to Linux, Windows is a work requirement. Please spare me.

With that out of the way, here's my problem:

Since 2-3 days I've been seeing ads disguised as a minimized video player popup on my Windows 10 Login Screen .

Initially I thought I might have been watching something on youtube and forgot to close the tab and it autoplayed in the background until reaching this stuff by chance; but that turned out not to be the case (I'm also using Firefox exclusively, which I thought wouldn't integrate with Windows, but I wasn't 100% sure on that end).

I tried to research this a bit, but the only similar case I found was in an old reddit thread saying that some Windows update installed the LinkedIn App for them, which is not the case here.

Antivirus (Bit Defender) and Malwarebytes both give me a clean report.

So I did some more digging and right click that thing with my firewall set to deny all to figure out where this is taking me, and surprise...

There's a total of 100 connection attempts from Windows Search to around 10 different IP addresses, all of which belong to Microsoft.

I have not installed any updates in the last 14 days, no new software, and have not changed any system settings.

What did change is that I am currently not in China, where I normally live, but am on a business trip to Malaysia, where a bunch of services that are blocked in China might be accessible, and are now splicing in those (somewhat disguised) ads.

Does this happen to anyone else, and if so, do you have an idea how to get rid of it?

Thanks a lot in advance!

all 21 comments

sorted by: hot top controversial new old

[-] muntedcrocodile@lemm.ee 17 points 6 days ago

Have u tried tiny 11. And Chris Titus debloater can kill a lot of crap with those as it removes most of the shit.

Have u considered running windows in a vm or using https://github.com/casualsnek/cassowary

[-] viking@infosec.pub 4 points 6 days ago

I haven't heard of either, let me check if I can run those with my user profile and not break anything I need to log on to our corporate network in the process.

[-] yamaonan@lemmy.world 8 points 6 days ago

I have noticed a similar behavior on one of my machines recently. Usually it's a video (or recently played Spotify song) that gets 'stuck' there. Have you tried opening a new instance of Firefox, playing a video, then lock the computer (win + L) to see if it- at the very least- changes/updates to the newly opened video?

[-] viking@infosec.pub 8 points 6 days ago

I tried and it doesn't update, even after a clean reboot with no browser open whatsoever. However I did find another entry in the Firewall that comes up right on boot, which is a service called MS.Edge.Webview2, which seems to be triggered through the Teams App. I've now completely uninstalled Teams, and after a fresh boot the ad (or "media control") seems to be gone now. Guess I'll be using Teams from my phone or via browser in the future.

[-] yamaonan@lemmy.world 3 points 6 days ago

Good to know, thanks for sharingn Glad to hear you've found a solution.

[-] BigTrout75@lemmy.world 7 points 6 days ago

There's gpo and registry settings to turn that crap off. Sadly there's a ton of it.

[-] send_me_your_mommy_milkers@lemmy.world 5 points 6 days ago

Whats stopping you from running windows in a VM?

[-] viking@infosec.pub 13 points 6 days ago

My employer. Who owns the laptop. And forbids me to fuck around with it...

[-] send_me_your_mommy_milkers@lemmy.world 4 points 6 days ago

My condolences

[-] swayevenly@lemm.ee 5 points 6 days ago

Did you configure your windows 10 lockscreen to include the spotlight feature or other items?

[-] viking@infosec.pub 3 points 6 days ago

Not that I'm aware of, but I'll double check.

[-] dalakkin@lemmy.world 5 points 6 days ago* (last edited 6 days ago)

Most likely it's an ad from one of your open Firefox tabs. Try exiting all your web browsers and see if that fixes it.

[-] systemglitch@lemmy.world 7 points 6 days ago

I've never seen ff do that for anyone.

[-] viking@infosec.pub 2 points 6 days ago

Thought of that as well, but all ads are blocked and I get this popup even with the browser closed and after a full reboot (not just suspend and reactivate), so it must happen on system level, I assume. Checked my run on startup applications and services, and they appear to be clean as well.

this post was submitted on 28 Jun 2024

139 points (96.6% liked)

Technology

55690 readers

3594 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related content.
Be excellent to each another!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, to ask if your bot can be added please contact us.
Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago

MODERATORS