Topic: Facebook virus

[Myco]

anybody else get this virus? Something on facebook just installed a rootkit virus on my pc. avast warned me of it, but now my pc is frozen on a white screen just after windows starts up, Anyone have any suggestions to get rid of this? Thanks

[Fatah Ruark (aka MIKE B)]

How are you sure it was Facebook?

Try booting into Safe Mode (hit F8 while booting) to see if you can get the OS to start.

If you can get into Windows Safe Mode then you should run the MS Malicious Software Removal Tool (you should get this every month in your updates. I think there was an update today...so hopefully you updated before this happened).

To run the MSRT click your start button and then run..., and type MRT into that box (this is for XP). If you have Vista or Windows 7 then you can just type MRT in the Search Programs box after you click the start button.

And yes it is MRT and not MSRT. Crazy MS folks can't do things that make sense...that would be very un-MS like.

[Lil Kim Jong-Il]

where you looking at a photo gallery when it happened?

saw that here

[Myco]

I am back up now, but it's still on there I believe.

It's really weird. When it all first happened I had just posted an update on the stupid new page on Facebook and all of a sudden the avast! antivirus sirens start going off and prompt me to start moving a bunch of files to the quarantine chest. Some program called PC Security Tools starts to install and then attempt a "security scan". I refuse the "scan" when it prompts me to. The avast! booted most of the files into it's quarantine chest, and I can now run an Avast! antivirus scan and it says that all is clean and uninfected, but this "Security Tools" program is still on my pc. Avast! warned me this was a rootkit virus, and seems like it's in there deep in the system32 files. I don't know it's it's still working or not, but there is still evidence of it around. It's not listed on the list for add/remove programs, so I can't remove it that way either.

[mattmiller]

Run Malwarebytes Anti-Malware to see if it takes care of it.

If not, run Superantispyware.

If you still suspect something's there, run HijackThis, and then copy-and-paste the results into www.hijackthis.de.  It'll tell you what needs deleted.

[Lil Kim Jong-Il]

Thats similar to what happened to my roommate.  She was looking at someone's photos and when she followed a facebook link to more pictures she got the same notification to download the security tools however we were able to keep it from downloading into vista.  I am still curious about how she invoked it through the facebook pages.

[Myco]

Thats similar to what happened to my roommate.  She was looking at someone's photos and when she followed a facebook link to more pictures she got the same notification to download the security tools however we were able to keep it from downloading into vista.  I am still curious about how she invoked it through the facebook pages.

I never clicked on any specific links or anything asking to install it. The only sequence that I followed was I noticed that Andy Murray had this poll on his board that asked if you (HATE!! or Like) the new Facebook changes and I clicked on HATE!!. I then went and posted something on my board, and then the problems all started right after I posted to my board. It happened to one other person I know so far. Fargin' Facebook. 

[vanark]

Thats similar to what happened to my roommate.  She was looking at someone's photos and when she followed a facebook link to more pictures she got the same notification to download the security tools however we were able to keep it from downloading into vista.  I am still curious about how she invoked it through the facebook pages.

I never clicked on any specific links or anything asking to install it. The only sequence that I followed was I noticed that Andy Murray had this poll on his board that asked if you (HATE!! or Like) the new Facebook changes and I clicked on HATE!!. I then went and posted something on my board, and then the problems all started right after I posted to my board. It happened to one other person I know so far. Fargin' Facebook. 

Funny, I saw that poll on Andy's page and went to it and decided it looked sketchy to me and didn't vote.

[Myco]

MRT doesn't work unfortunately, and the virus is fighting my antivirus by shutting down the system when it trys to remove it. The virus won't let me update or run any protections, and I can't install anything new. Thanks for trying to help though. Looks like I gotta call in the Geek Squad tomorrow. grrrr. Serves me right for letting my guard down. I never expected to get anything from anyone here that I know. Let this be a lesson to everyone here. Don't participate in these f*ckin polls and Facebook add-ons.

[vanark]

MRT doesn't work unfortunately, and the virus is fighting my antivirus by shutting down the system when it trys to remove it. The virus won't let me update or run any protections, and I can't install anything new. Thanks for trying to help though. Looks like I gotta call in the Geek Squad tomorrow. grrrr. Serves me right for letting my guard down. I never expected to get anything from anyone here that I know. Let this be a lesson to everyone here. Don't participate in these f*ckin polls and Facebook add-ons.

Did you try rolling your computer back to a restore point before the infection?  In XP, boot into safe mode (press F5 when it just starts to boot) and select safe mode.  Hopefully a restore point helps.  If you have changed any files, back them up first so you don't lose them in the restore.

[it-goes-to-eleven]

Let this be a lesson to everyone here. Don't participate in these f*ckin polls and Facebook add-ons.

Don't Do Facebook.
Don't Do Windows.. especially for basic stuff like browsing the web.
Block third party ad servers.. a lot of badness comes that way.
By default do not allow sites to run javascript, java, flash, etc.

If I had to run windows, all my browsing and internet stuff would be done from within a disposable virtual machine.

[vanark]

Let this be a lesson to everyone here. Don't participate in these f*ckin polls and Facebook add-ons.

Don't Do Facebook.
Don't Do Windows.. especially for basic stuff like browsing the web.
Block third party ad servers.. a lot of badness comes that way.
By default do not allow sites to run javascript, java, flash, etc.

If I had to run windows, all my browsing and internet stuff would be done from within a disposable virtual machine.

Sorry for the semi-threadjack, but has anyone tried using a Sandbox software like Sandboxie?  I might give it a try soon.

[Myco]

MRT doesn't work unfortunately, and the virus is fighting my antivirus by shutting down the system when it trys to remove it. The virus won't let me update or run any protections, and I can't install anything new. Thanks for trying to help though. Looks like I gotta call in the Geek Squad tomorrow. grrrr. Serves me right for letting my guard down. I never expected to get anything from anyone here that I know. Let this be a lesson to everyone here. Don't participate in these f*ckin polls and Facebook add-ons.

Did you try rolling your computer back to a restore point before the infection?  In XP, boot into safe mode (press F5 when it just starts to boot) and select safe mode.  Hopefully a restore point helps.  If you have changed any files, back them up first so you don't lose them in the restore.

I'll try that tomorrow, thanks Rory.

[Fatah Ruark (aka MIKE B)]

Worse comes to worse I would just re-install Windows before going to the Geek Squad. No need to waste your money on them.

It's not a bad idea to "start fresh" every once in a while. It may even help your computer run better.

And I would also suggest installing Microsoft Security Essentials as your anti-virus. I'm not sure it would have caught that virus, but it is FREE and doesn't eat up a lot of CPU cycles.

[Myco]

Thanks for your suggestions guys. I do have back-up discs of my drives that I made right around Christmas time with Nero Back-up, but I don't know what to do with them. Any suggestions there?