Automatically Downloaded .htm File
Solvedbazfile Posted messages 58480 Registration date Status Moderator Last intervention -
Good evening everyone,
As indicated in the title, a rather strange file with a .htm extension has been automatically downloaded via my browser (Firefox) without knowing where it came from. Here is a more detailed screenshot below.
https://ibb.co/5Fm8Yh3
If it contains absolutely nothing when I open it, is there still a risk of infection?
3 answers
Hello
No idea why this issue happened, which existed in memory several years ago...
But I recommend fixing your Firefox from the menu (3 _ ) then Help, then More Troubleshooting Information.
"Clear the cache" and also "Repair"
Be careful, I recommend having an account on Firefox and enabling sync to avoid losing information in Firefox.
Otherwise, make backups first!!
See you later
Hello.
If I believe your screenshot, this file no longer exists, so I don't see the problem.
bazfile
Moderator/Security Contributor.
A hello, a response, a thank you are always appreciated.
Well, I see that like many, you want to inspect your PC.
Download FRST.
Once downloaded save it on the desktop then right-click on FRST and choose Run as administrator and you will see this:
Wait until the message the tool is ready to function appears then click on Analyze
Warning, wait for the messages indicating that the analysis is complete to appear.
At the end of the analysis, you will have two text files on the desktop FRST and Addition.
Then send the FRST and ADDITION reports to https://www.cjoint.com/ then provide the two links generated by https://www.cjoint.com/ in your response.
No infection, just orphaned/obsolete processes, to delete them:
Procedure to follow in the indicated order:
1- Open FRST as an administrator by right-clicking on FRST and choosing run as administrator
2 - Copy the entire script that is in the box below:
Start:: CreateRestorePoint: CloseProcesses: Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No file) S3 fiddrv64; no ImagePath S3 EAAntiCheat; system32\drivers\eaanticheat.sys [X] S3 LenovoDiagnosticsDriver; \??\C:\ProgramData\Lenovo\Vantage\Addins\LenovoHardwareScanAddin\3.0.0.24\LenovoDiagnosticsDriver.sys [X] HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction HKLM\SOFTWARE\Policies\Google: Restriction HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction CustomCLSID: HKU\S-1-5-21-1261383955-4193527029-3378710460-1000_Classes\CLSID\{2280f646-e8ab-4fed-8031-7c0d14bf1ffb}\InprocServer32 -> C:\Program Files\Mozilla Thunderbird\notificationserver.dll => No file CustomCLSID: HKU\S-1-5-21-1261383955-4193527029-3378710460-1000_Classes\CLSID\{23B3E3D8-C162-4A8B-AB0C-0905DCB1DF19}\InprocServer32 -> C:\Users\JB\AppData\Local\Packages\Microsoft.PowerAutomateDesktop_8wekyb3d8bbwe\TempState\RDP\DVCPlugin\x64\Microsoft.Flow.RPA.Desktop.UIAutomation.RDP.DVC.Plugin.dll => No file AlternateDataStreams: C:\Users\JB\AppData\Local\Temp:com.affinity.designer.2 [240] AlternateDataStreams: C:\Users\JB\AppData\Local\Temp:com.affinity.designer.3 [197] End:: 3- Once the script is copied, click on Fix, FRST automatically takes the script that is in the clipboard.
Let the fix happen, once it is done you will be asked to restart your PC, do it as soon as you are prompted, see below.
Then once your computer is restarted:
4- You will have a Fixlog file on your desktop, then send this fixlog report to https://www.cjoint.com/ and provide the generated link from https://www.cjoint.com/ in your reply.
bazfile
Moderator/Security Contributor.
A hello, a response, a thank you is always appreciated.
