Your Fle is Ready Malware

Status
Not open for further replies.
U

UncleJim

New Member
Thread author
Mar 4, 2022
5
Have the malware "Your file is ready to downlload" I have the icon on my Windows 11 desktop and can't remove it. When I try I get the message - The action can't be completed because the file is open in System. I have ran MalwareBytes and it didn't fine anything. I have ran others and nothing would fine it Ran Farbar and included results.

Please help.
Uncle Jim
 

Attachments

  • Addition.txt
    13.8 KB · Views: 22
  • FRST.txt
    38.7 KB · Views: 22
nasdaq

nasdaq

Super Moderator
Verified
Staff Member
Nov 5, 2019
1,597
Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.

Code: 
start

Comment: For your security a new restore point will be created.
CreateRestorePoint:
Comment: We need to close all processes to complete the fix.
CloseProcesses:

Comment: Items from the FRST.TXT log that will be removed from the Registry.
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (No File)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge HomePage: Default -> hxxps://www.google.com/#spf=1578676489262
S1 amsdk; \??\C:\WINDOWS\system32\drivers\amsdk.sys [X]
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]

Comment: The system will restart.
Reboot:

End

Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please send the compromised file to Virus Total for a security Scan.

VirusTotal

VirusTotal
www.virustotal.com www.virustotal.com

Follow the instructions on the page.

If found to be bad boot the computer in Safe Mode and delete the file.

Restart the computer normally.

Please post the Fixlog.txt.


If the problem persists post the filename as well as the exact location where the file is saved.

I will also need to see the complete Addition.txt log.
The one you attached was truncated. It's missing the bottom part.
 
nasdaq

nasdaq

Super Moderator
Verified
Staff Member
Nov 5, 2019
1,597
HI,

If the Icon is still present post the filename as well as the exact location where the file is saved.

Attach the Addition.txt log that was created by the Farbar program.
 
U

UncleJim

New Member
Thread author
Mar 4, 2022
5
I also notice this morning the malware was gone. Not sure what you did, but I appreciate it. Thanks so much.
 
nasdaq

nasdaq

Super Moderator
Verified
Staff Member
Nov 5, 2019
1,597
Hi,

The “Your File Is Ready To Download” page is a browser-based scam that displays fake error messages to trick you into installing malicious browser extensions.
malwaretips.com

Remove "Your File Is Ready To Download" Pop-up Scam

This guide teaches you how to remove "Your File Is Ready To Download" browser hijacker for free by following easy step-by-step instructions.
malwaretips.com malwaretips.com

I suggest you rename the file with a .bad extension.
Send it to your Recycle bin.

If all is well in a day or two flush it.
 
Status
Not open for further replies.

Similar threads

strato
  • Locked
Need help with generating a fixlist.txt
Replies
5
Views
1,048
Windows Malware Removal Help & Support
nasdaq
nasdaq
Matthew.Bott1986
  • Locked
Malware "Mobility Search" Forcing Bing (Yuck) Searches
Replies
2
Views
698
Windows Malware Removal Help & Support
nasdaq
nasdaq
L
  • Locked
Unsupported Legacy Version Not Allowing Installation of Current Version of Malwarebytes
Replies
2
Views
412
Windows Malware Removal Help & Support
nasdaq
nasdaq

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top