Severity scale:  
  (82/100)

Remove Msftconnecttest redirect (Removal Guide) - Oct 2020 update

removal by Gabriel E. Hall - - | Type: Malware

Msftconnecttest redirect is a DNS hijacking virus that can result in malicious COVID-19 prompts

Msftconnecttest redirectMsftconnecttest redirect is an error that users encounter when their DNS settings get hijacked by cybercriminals

Msftconnecttest redirect is a phenomenon that users are facing for at least a year. According to users, all of a sudden, their Google Chrome, Mozilla Firefox, Safari, MS Edge, or another browser can not correctly connect to the internet, and instead delivers “http://msftconnecttest.com/redirect” error message. Additionally, it was reported that a suspicious  connecttest.txt file is attempted to being downloaded. The connectivity issues also prevent users from downloading security software to check the system for malware.[1]

In more recent cases, it was reported that the web browsers begin random redirects to msftconnecttest.com, which displays a message asking to download and install an application “COVID-19 Inform App” allegedly developed by the WHO (World Health Organization) to keep up with the coronavirus pandemic.

Without a doubt, Msftconnecttest redirect is not something legitimate, and the suspicious behavior is related to the DNS hijacking issues. Hackers meddle with the router's settings, changing the channels the internet is delivered through, resulting in a complete browser hijacking. In this case, it was known the attackers were redirecting all traffic through 109.234.35.230 and 94.103.82.249 malicious DNS servers.[2]

Name Msftconnecttest redirect
Type Potentially unwanted program/redirect virus/adware
Platform Windows OS
Symptoms Disables access to particular websites; blocks the downloading of some software, e.g., antivirus; changes DNS settings; attempts to install Oski info-stealing Trojan via a fake COVID-19 information app
Relations azureedge.net, 109.234.35.230 and 94.103.82.249 DNS servers, connecttest.txt 
Distribution The delivery methods of DNS hijacking are unknown, although it is speculated that the attack is performed via weakly protected Remote Desktop (RDP) connections
Elimination Eliminate the malicious DNS settings by accessing your router administrator's panel or internet settings. If you clicked on suspicious files, you should also perform a full system scan with anti-malware software – more details below
Fix tool If you have infected your computer with malware, you should get rid of it and then perform a full system scan with ReimageIntego to repair the system damage

Originally, Msftconnecttest.com is a legitimate domain used by Microsoft to send probes to a computer – it shows the connectivity status. This is done to check whether the machine is actively using the internet or not. If the server receives a failed request via the “Microsoft Connect Test,” it warns users about the connection problems.

However, those with the Msftconnecttest redirect problem will not be rerouted via the official Microsoft IP address but one that is under the attacker's control. As a result, users see a completely different landing address that can be configured by hackers. In some cases, 

Currently, there are no exact details about how the attackers manage to gain access to users' routers. However, there have been several reports from the infected users that they did have Remote Desktop connection open. This way, the attackers behind the so-called Msftconnecttest redirect virus can scan the internet and access the router or computer via the default port. Thus, to mitigate this attack, you should never leave your RDP visible.

For those who are affected by the Msftconnecttest redirect hijack, they will not see the official MSN.com or any other website for that matter. Instead, they will be shown a suspicious notification which reads:

COVID-19 Information App

Install this app, to have the latest information and instructions about coronavirus (COVID-19).

World Health Organization.
Part of the U.N. Sustainable Development Group.

It is not a surprise that Msftconnecttest scam is not the only one that attempts to push malware through fake emails, ads, and redirects, which allegedly provides information on coronavirus pandemic situation.[3] Malicious actors want to abuse the concerns about the global crisis – ransomware attacks have plagued the health sector, despite the increasing workloads.[4]

Msftconnecttest redirect virusMsftconnecttest redirect is an issue might result in Oski Trojan infection

Those who get tricked by this message and downloads the alleged COVID-19 app, instead infect their machines with Oski Trojan. This malware can steal a variety of information once installed, including browser cookies, login credentials, F2A databases, text files, crypto-wallets, and more. As a result, the infected users can suffer serious privacy issues to the point where they could lose their identity. Therefore, it is important to remove Msftconnecttest redirect and never download anything offered.

In case malware was indeed installed, Msftconnecttest redirect removal should be firstly performed with a powerful anti-malware, such as SpyHunter 5Combo Cleaner or Malwarebytes. Since a Trojan infection can seriously impact system files, resulting in crashes and other stability issues, experts also recommend using ReimageIntego to fix virus damage.

DNS hijacking – a rather rare but dangerous practice

DNS hijacking is something that does not come along often, although tools like DNS Unlocker has caused major issues to users in the past. DNS, or a Domain Name System, is users to convert IP addresses into domain names – it would not be possible to access any website by typing in an URL without it. In other words, you would have to know the IP address of every website to visit it (a real pain indeed).

DNS address can be provided by your ISP or set to come from another provider, such as Google. By using different DNS, you can bypass certain restrictions. On the contrary, cybercriminals might use this practice in order to restrict their internet access, deliver intrusive advertisements, or redirect them to malware-laden websites.

In most cases, the malware installed on the computer behind users' backs is the culprit of unsolicited changes made to DNS servers. Nonetheless, the attackers can access router settings via other channels, such as RDP or unprotected WiFi connection.

Thus, be careful with potentially unwanted programs, as they might change DNS settings without permission. When installing new apps/freeware from third-parties, always pick Advanced/Custom installation settings when prompted, decline all the offers, read the fine print, and remove all the ticks from pre-checked checkboxes.

Msftconnecttest redirect removal and recovery

Msftconnecttest redirect removal is necessary not only for normal operation of the computer but also for your own safety. There are several steps that you can take to do that, although the most important thing is to eliminate the Oski Trojan if such was installed on your system. For that, scan your machine with powerful anti-malware software – we recommend SpyHunter 5Combo Cleaner or Malwarebytes. In case you experience crashes, errors, and other Windows issues, you can employ ReimageIntego to fix them automatically.

Once you are sure that the malware is eliminated and your computer is clean, you should then remove Msftconnecttest redirect problems. First of all, you need to ensure that you delete the DNS settings applied by the attackers. To do that, you can either reset your network components or change the DNS manually (alternatively, you can access your router's Administrator's panel) and change the settings from there. Here's how to do that:

  • Right-click on Start and select Settings
  • Go to Network & Internet and select Ethernet on the left
  • On the right, pick Change adapter options
  • Right-click on your connection and select Properties
  • Select Internet Protocol Version 4 (TCP/IPv4) and pick Properties
  • Check Obtain DNS server automatically and click OK.

Msftconnecttest redirect DNS settingsChange your DNS settings back to default

Once you change the DNS settings, you should reboot all your devices connected to the network, including gaming consoles, laptops, tablets, phones, etc. Finally, you should reset all the installed web browsers, change all the passwords for all your accounts, employ a secure password managing app, and enable two-factor authentication where possible.

You may remove virus damage with a help of ReimageIntego. SpyHunter 5Combo Cleaner and Malwarebytes are recommended to detect potentially unwanted programs and viruses with all their files and registry entries that are related to them.

Offer
do it now!
Download
Reimage Happiness
Guarantee
Download
Intego Happiness
Guarantee
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage Intego, submit a question to our support team and provide as much details as possible.
Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

To remove Msftconnecttest redirect, follow these steps:

Erase Msftconnecttest redirect from Microsoft Edge

Delete unwanted extensions from MS Edge:

  1. Select Menu (three horizontal dots at the top-right of the browser window) and pick Extensions.
  2. From the list, pick the Msftconnecttest-related extension and click on the Gear icon.
  3. Click on Uninstall at the bottom.Remove extensions from Edge

Clear cookies and other browser data:

  1. Click on the Menu (three horizontal dots at the top-right of the browser window) and select Privacy & security.
  2. Under Clear browsing data, pick Choose what to clear.
  3. Select everything (apart from passwords, although you might want to include Media licenses as well, if applicable) and click on Clear.Clear Edge browsing data

Reset MS Edge if that above steps did not work:

  1. Press on Ctrl + Shift + Esc to open Task Manager.
  2. Click on More details arrow at the bottom of the window.
  3. Select Details tab.
  4. Now scroll down and locate every entry with Microsoft Edge name in it. Right-click on each of them and select End Task to stop MS Edge from running.Reset MS Edge

If this solution failed to help you, you need to use an advanced Edge reset method. Note that you need to backup your data before proceeding.

  1. Find the following folder on your computer: C:\\Users\\%username%\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe.
  2. Press Ctrl + A on your keyboard to select all folders.
  3. Right-click on them and pick DeleteAdvanced MS Edge reset 1
  4. Now right-click on the Start button and pick Windows PowerShell (Admin).
  5. When the new window opens, copy and paste the following command, and then press Enter:

    Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register “$($_.InstallLocation)\\AppXManifest.xml” -VerboseAdvanced MS Edge reset 2

Instructions for Chromium-based Edge

Delete extensions from MS Edge (Chromium):

  1. Open Edge and click select Settings > Extensions.
  2. Delete unwanted extensions by clicking Remove.Remove extensions from Chromium Edge

Clear cache and site data:

  1. Click on Menu and go to Settings.
  2. Select Privacy and services.
  3. Under Clear browsing data, pick Choose what to clear.
  4. Under Time range, pick All time.
  5. Select Clear now.Clear browser data from Chroum Edge

Reset Chromium-based MS Edge:

  1. Click on Menu and select Settings.
  2. On the left side, pick Reset settings.
  3. Select Restore settings to their default values.
  4. Confirm with Reset.Reset Chromium Edge

Eliminate Msftconnecttest from Mozilla Firefox (FF)

Revert Mozilla Firefox web browser back to its previous state – use these instructions.

Remove dangerous extensions:

  1. Open Mozilla Firefox browser and click on the Menu (three horizontal lines at the top-right of the window).
  2. Select Add-ons.
  3. In here, select plugins that are related to Msftconnecttest and click Remove.Remove extensions from Firefox

Clear cookies and site data:

  1. Click Menu and pick Options.
  2. Go to Privacy & Security section.
  3. Scroll down to locate Cookies and Site Data.
  4. Click on Clear Data…
  5. Select Cookies and Site Data, as well as Cached Web Content and press Clear.Clear cookies and site data from Firefox

In case Msftconnecttest did not get removed after following the instructions above, reset Mozilla Firefox:

  1. Open Mozilla Firefox browser and click the Menu.
  2. Go to Help and then choose Troubleshooting Information.Reset Firefox 1
  3. Under Give Firefox a tune up section, click on Refresh Firefox…
  4. Once the pop-up shows up, confirm the action by pressing on Refresh Firefox – this should complete Msftconnecttest removal.Reset Firefox 2

Delete Msftconnecttest from Google Chrome

Delete malicious extensions from Google Chrome:

  1. Open Google Chrome, click on the Menu (three vertical dots at the top-right corner) and select More tools > Extensions.
  2. In the newly opened window, you will see all the installed extensions. Uninstall all the suspicious plugins that might be related to Msftconnecttest by clicking Remove.Remove extensions from Chrome

Clear cache and web data from Chrome:

  1. Click on Menu and pick Settings.
  2. Under Privacy and security, select Clear browsing data.
  3. Select Browsing history, Cookies and other site data, as well as Cached images and files.
  4. Click Clear data.Clear cache and web data from Chrome

If the above-methods did not help you, reset Google Chrome to eliminate all the Msftconnecttest-components:

  1. Click on Menu and select Settings.
  2. In the Settings, scroll down and click Advanced.
  3. Scroll down and locate Reset and clean up section.
  4. Now click Restore settings to their original defaults.
  5. Confirm with Reset settings to complete Msftconnecttest removal.Reset Chrome 2

Get rid of Msftconnecttest from Safari

Remove unwanted extensions from Safari:

  1. Click Safari > Preferences…
  2. In the new window, pick Extensions.
  3. Select the unwanted extension related to Msftconnecttest and select Uninstall.Remove extensions from Safari

Clear cookies and other website data from Safari:

  1. Click Safari > Clear History…
  2. From the drop-down menu under Clear, pick all history.
  3. Confirm with Clear History.Clear cookies and website data from Safari

Reset Safari if the above-mentioned steps did not help you:

  1. Click Safari > Preferences…
  2. Go to Advanced tab.
  3. Tick the Show Develop menu in menu bar.
  4. From the menu bar, click Develop, and then select Empty Caches.Reset Safari

Access your website securely from any location

When you work on the domain, site, blog, or different project that requires constant management, content creation, or coding, you may need to connect to the server and content management service more often. The best solution for creating a tighter network could be a dedicated/fixed IP address.

If you make your IP address static and set to your device, you can connect to the CMS from any location and do not create any additional issues for the server or network manager that needs to monitor connections and activities. VPN software providers like Private Internet Access can help you with such settings and offer the option to control the online reputation and manage projects easily from any part of the world.

 

Recover files after data-affecting malware attacks

While much of the data can be accidentally deleted due to various reasons, malware is one of the main culprits that can cause loss of pictures, documents, videos, and other important files. More serious malware infections lead to significant data loss when your documents, system files, and images get encrypted. In particular, ransomware is is a type of malware that focuses on such functions, so your files become useless without an ability to access them.

Even though there is little to no possibility to recover after file-locking threats, some applications have features for data recovery in the system. In some cases, Data Recovery Pro can also help to recover at least some portion of your data after data-locking virus infection or general cyber infection. 

 

About the author
Gabriel E. Hall
Gabriel E. Hall - Passionate web researcher

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Gabriel E. Hall
About the company Esolutions

References

Your opinion regarding Msftconnecttest redirect