Can't login to Facebook malware crap

Agent Smith

Well-Known Member
So I admin my parent's computer and network. I run a pretty damn tight ship. My parent's computer is protected with Bitdefender Free, VooDoo Shield and the browser runs in Sandboxie. Also, the browser has Noscript and uBlock installed. uBlock prevents ADs which could be laced with malware and uses the malware domain list. I also scan the crap out of the computer with Malwarebytes, Super Anti Spyware, ADwCleaner, Junkware Removal Tool, TDSSKiller, GMER, Rougekiller, Hijackthis, and I even run some live CDs on the computer in a non-boot environment as an extra precaution. Nothing found at all. Despite this, my mom goes to log into Facebook and sees this and can't login.

Qr4Qo6h.jpg




I was so PISSED! to say the least. Because I know damn well there is no malware on the damn computer. What's more is that on this computer I was able to log into my Facebook account with no issue. I even tried another browser and Facebook would not allow my mom to log in. So you know what Facebook wanted me to do? Run their Trend micro scanner. I was like 'the hell I'm running some crap program on a clean machine'! Especially from privacy invading Facebook! But after all my resources were exhausted I ran the damn Trend micro scanner anyway. It said it found four BS items all of the same name of which I can't remember now. I call them BS because I Googled this name and found nothing except other people reporting the same crap on the Internet. But doing this and satisfying Facebook my mom was then able to log into her account.

What I find so disturbing is that it's almost as if they are advertising Trend micro. God only knows what the scanner was doing. Probably uploaded a list of stuff on the computer to Facebook and/or Trend micro. But what was I gonna do? I'll talk about that latter on in section (B) below.

So after this Trend micro BS scan. I dug into the computer for any changes and new registry entries that may have been placed there. I found no new registry entries. I did find a lot of Trend micro crap under AppData\Local\Temp\. The most notable were the following places:

C:\Users\"USER_NAME"\AppData\Local\Temp\HC_1E69.tmp\Updater\AUCache\AU_Cache

C:\Users\"USER_NAME"\AppData\Local\Temp\HC_D411.tmp\Updater\AUCache\AU_Cache

C:\Windows\Prefetch\TRENDMICRO.EXE-C03BA22E.pf

C:\Windows\Prefetch\TRENDMICRO.EXE-FADF8549.pf

C:\Windows\Prefetch\TRENDMICRO_T1314239605261586T-0CB3DBA8.pf

C:\Windows\Prefetch\TRENDMICRO_T1314239605261586T-B2FA11AA.pf

But here's the most interesting. I ran Rougekiller after the Trend micro scan and Rougekiller found an entry from Trend micro that seemed like it could have been attached to svchost.exe. I promptly removed it and ran Rougekiller again and found nothing.

===Section B===

So you know what I'll will do if I see this crap pop up on my Facebook account? Since you have no choice in the matter to run the damn Trend micro scanner to satisfy Facecrooked, I'll just have it run in a virtual machine. The hell I'm going to let their scanner touch my computer! Especially since I FDE all my machines!

Just in case if you were wondering if this was a Facebook malware pop up or some crap. Yes, I thought that when I seen it and when I dug around it's real from Facecrook.

https://www.facebook.com/notes/facebook-security/malware-checkpoint-for-facebook/10150902333195766/

https://www.facebook.com/help/community/question/?id=747730905321731

Now I've read on another social networking site by a person who posted about this very thing. Interesting enough a Facebook engineer posted that he helped design this asinine crap and he says it's more of an art and not a science. So it looks like my mom triggered their BS algorithm thinking my mom was spreading malware or spam or some damn thing. Who knows, but this is absolute BS! Any platform that uses some asinine algorithm as an art rather than a science is a HUGE disparage for their users. Does Reddit, Twitter or other social networking sites even have such garbage?
 

Punk

Moderator
Staff member
Just a quick answer: HJT is outdated, use OTL, it does the exact same thing HJT does, even more.

Are you saying that FB is actually pushing people into scanning their computer with Trend Micro scans? Did you try to clear all data with programs such as CCleaner (such as, I know you hate that program) and clear your navigation files?
It's easy to become a spammer without knowing it on Facebook, just click on the clickbaits and it'll share the post, sometimes posting answers on random threads about downloading movies. It's good that you scan with so many different programs, but you need to have scan at the right time and those scan to actually detect the problem.

The annoying part is that you have to scan with Trend Micro scan, that's definitely advertisement for them.
 

Agent Smith

Well-Known Member
Like I said, I was able to log into my own Facebook account on the same computer without issue. It was just my mom's account.

Yes, Hijackthis is dated, but it's still useful and used by thousands. In fact, to anyone reading this you can upload your Hijackthis log to hijackthis.de. Yes, I do use OTL as well. But IMHO Freefixer can be just as good. Although, you need to be very, VERY careful with Freefixer because if you delete the wrong item you can mess up a program or worse yet your operating system. Freefixer has a more Info option on each item so it's best that one research items they think might be rouge. That goes without saying using Hijackthis can be detrimental to your computer if you delete the wrong item as well.

Are you saying that FB is actually pushing people into scanning their computer with Trend Micro scans?

Yep! If their malware scanning whatever the hell it is thinks you have malware. And as a Facebook engineer who helped make the damn thing said, "it's an art more than a science." His quote.


First thing I did was research this Facebook message and wiped cache and cookies around five times. Nothing worked. I actually had to run their Trend micro scanner to satisfy Faceshmuck in order for my mom to regain her login ability at Facebook. I think the other malware scanner they mention was Norton. NO WAY IN HELL! I was using Norton for this asinine crap.

Edit-

Yeah, I use Ccleaner and SystemNinja. I don't care for Ccleaner's so-called free space wiper as I discovered files were still there using a deep scan with Recuva. I used Eraser's DOD 7 pass wipe and Recuva couldn't find anything after that. **Just food for thought**
 
Last edited:

Punk

Moderator
Staff member
Like I said, I was able to log into my own Facebook account on the same computer without issue. It was just my mom's account.

Yes, Hijackthis is dated, but it's still useful and used by thousands. In fact, to anyone reading this you can upload your Hijackthis log to hijackthis.de. Yes, I do use OTL as well. But IMHO Freefixer can be just as good. Although, you need to be very, VERY careful with Freefixer because if you delete the wrong item you can mess up a program or worse yet your operating system. Freefixer has a more Info option on each item so it's best that one research items they think might be rouge. That goes without saying using Hijackthis can be detrimental to your computer if you delete the wrong item as well.



Yep! If their malware scanning whatever the hell it is thinks you have malware. And as a Facebook engineer who helped make the damn thing said, "it's an art more than a science." His quote.


First thing I did was research this Facebook message and wiped cache and cookies around five times. Nothing worked. I actually had to run their Trend micro scanner to satisfy Faceshmuck in order for my mom to regain her login ability at Facebook. I think the other malware scanner they mention was Norton. NO WAY IN HELL! I was using Norton for this asinine crap.

Edit-

Yeah, I use Ccleaner and SystemNinja. I don't care for Ccleaner's so-called free space wiper as I discovered files were still there using a deep scan with Recuva. I used Eraser's DOD 7 pass wipe and Recuva couldn't find anything after that. **Just food for thought**

:D

Thing is hijackthis.de is not 100% good, I remember when i was learning to remove malware (MRU if you're interested in that) I found that the website was useful yet had lots of mistakes. I would suggest learning to read the logs yourself, and use OTL. The only reason your using HJT is because you have a website that checks it out for you, yet the website is far from 100% good.
 

aldan

Active Member
hijack this is pretty much useless these days,and yes you do have malware on this computer.have you tried the kiss approach? (keep it simple stupid).download and run a scan with adwcleaner from bleeping computer.select clean to get rid of anything it finds.next download and run a scan with junkware removal tool,also from bleeping.it will get rid of anything it finds.then run a scan with malwarebytes and get rid of anything if finds.post the logs so we can see whats going on.or,wait for john.its all good.
 

Agent Smith

Well-Known Member
hijack this is pretty much useless these days,and yes you do have malware on this computer.have you tried the kiss approach? (keep it simple stupid).download and run a scan with adwcleaner from bleeping computer.select clean to get rid of anything it finds.next download and run a scan with junkware removal tool,also from bleeping.it will get rid of anything it finds.then run a scan with malwarebytes and get rid of anything if finds.post the logs so we can see whats going on.or,wait for john.its all good.


It's almost as if you never read anything I posted.
 

aldan

Active Member
oh i read it all right.just didnt find anything useful.if your gonna post for help and then slam the help offered i would say your on your own here.
 

Draygoes

New Member
It is for sure malware, so please run Combofix. And you have way to many things running to stop this, so lets start with that eh?
Also you have not produced a HijackThis log or anything to let us know what is really happening. Please run Combofix first, then HTJ and produce both log files here.
 

Punk

Moderator
Staff member
It is for sure malware, so please run Combofix. And you have way to many things running to stop this, so lets start with that eh?
Also you have not produced a HijackThis log or anything to let us know what is really happening. Please run Combofix first, then HTJ and produce both log files here.
Combofix shouldn't be run recklessly. That program, if not used properly, can damage your OS to the point of having to re-install.

That being said, there is no need for logs here, Agent Smith didn't come here for help, he came to rant about this problem. It is not malware for sure actually, but it's a possibility. I think Facebook is trying new ways to sponsor programs, and Trend Micro might have paid them to create that "advertisement". That's another possibility.
 

Draygoes

New Member
Combofix shouldn't be run recklessly. That program, if not used properly, can damage your OS to the point of having to re-install.

That being said, there is no need for logs here, Agent Smith didn't come here for help, he came to rant about this problem. It is not malware for sure actually, but it's a possibility. I think Facebook is trying new ways to sponsor programs, and Trend Micro might have paid them to create that "advertisement". That's another possibility.
If you are sure that he came here to rant then so be it. But it has been a long time sense ComboFix has caused any sort of issue. I asked for a log for obvious reasons.
As for your statement on FB trying new ways to sponsor programs, I disagree in a few ways that this was even FB that created that msg. It really does look more like a browser hijacker to me. I did not come here to argue, I came here to help.
EDIT: And the reason that I know CF does little harm these days is because I have helped cotribute code to it over the years. I am not listed, and I do not want to be listed as one of the helpers, but there is a reason that it will not run in a system with too many antimalware programs installed. But at this point, there would be no choice besides a full reinstall.
 

Punk

Moderator
Staff member
If you are sure that he came here to rant then so be it. But it has been a long time sense ComboFix has caused any sort of issue. I asked for a log for obvious reasons.
As for your statement on FB trying new ways to sponsor programs, I disagree in a few ways that this was even FB that created that msg. It really does look more like a browser hijacker to me. I did not come here to argue, I came here to help.
EDIT: And the reason that I know CF does little harm these days is because I have helped cotribute code to it over the years. I am not listed, and I do not want to be listed as one of the helpers, but there is a reason that it will not run in a system with too many antimalware programs installed. But at this point, there would be no choice besides a full reinstall.

The reason I state that it can cause problems is because it has, an we want people to know that it can if not used properly. That program was one of my most used programs when cleaning other people's systems. I know he doesn't need/want help because he sees himself as a security expert. As far as FB using Trend Mirco, check out his links.

I have to check this new version that works on Win10, ditched the program for newer systems under 8, 8.1 and 10.
 

Draygoes

New Member
The reason I state that it can cause problems is because it has, an we want people to know that it can if not used properly. That program was one of my most used programs when cleaning other people's systems. I know he doesn't need/want help because he sees himself as a security expert. As far as FB using Trend Mirco, check out his links.

I have to check this new version that works on Win10, ditched the program for newer systems under 8, 8.1 and 10.
I will check out the links, mean while, please check for it working on Win10 because it was refitted to work on that platform. As for 8 and 8.1, no it was not refitted for those.
I recommend that you run it in a VM with 10 installed.
 

Agent Smith

Well-Known Member
ROFL! I know a shit ton on malware, security etc. I run a pretty tight ship, trust me. For the hell of it I ran a live CD of Kaspersky Rescue Disk besides all the other programs I run on a periodic basis. Kaspersky Rescue disk found nothing. The issue hasn't come back after removing all of the Facebook Apps in my mom's account besides Pinterest. She only had 5 or 6 Apps and all were legit. They were Ancestry.com, and some other legit one's I can't remember. This is all because of Facebook's asinine algorithm they use and they think you have malware, which this computer doesn't. Especially since it runs VooDoo Shield and Bitdefender Free. The browser runs NoScript and uBlock.

The computer is running Windows 7 SP1. Yes, I have had issues running Combofix and would ONLY consider running it as a last ditch effort.

Anyway, no surprise that Facebook would do this since they even code their input boxes so asinine it makes me sick. The whole platform is a joke, really.
 

Punk

Moderator
Staff member
I will check out the links, mean while, please check for it working on Win10 because it was refitted to work on that platform. As for 8 and 8.1, no it was not refitted for those.
I recommend that you run it in a VM with 10 installed.
Combofix will not run on Windows 10. And unless you are staff here at the forum then you can't even suggest running combofix to others.

A quote from Bleepîngcomputer in June 2016 on the compatibility issue of Combofix:

http://www.bleepingcomputer.com/forums/t/589473/combofix-combatiblity-with-windows-10/
As already noted above...ComboFix most likely never will be updated to support Windows 8.1 or Windows 10 since there are other alternatives (such as FRST, Zoek) which are being used by malware removal experts. However, the developer (sUBs) periodically releases updates and fixes for older supported operating systems.

So no, Combofix does NOT run on Win10.

We don't allow other people than staff (or if you trained to remove malware at places such as MRU for instance) because if not done properly you can damage the computer of the one you're helping. And we don't just send a list of programs to run, you have to explain (but you know that if you're an expert in the field).
 
Last edited:
Top