Jack Yan
Global  |  Leadership  |  Experience  |  Media  |  Videos
Blog  |  Contact
  You can’t beat Wellington. Subscribe to my Facebook page Join my page on Facebook Follow me on Twitter Follow me on Drivetribe Follow me on Tumblr Follow me on Weibo Check out my Instagram account Follow me on Pinterest Subscribe to my blog’s RSS feed  


Share this page

Quick links

Surf to the online edition of Lucire

Add feeds

Get this blog via email
Enter your Email

Powered by FeedBlitz

Enter your email address:

Delivered by FeedBurner


The Persuader

My personal blog, started in 2006.

« | »


Facebook forced me to download their anti-malware, and my own antivirus gets knocked out

When Facebook says it cares about security, I laugh. Every day I see bots, spammers and click-farm workers plague the site, and despite reporting them, Facebook lets them stay. It will make a statement saying it would no longer kick off drag queens and kings, then proceed to kick off drag queens and kings. So when I was blocked last night from using Facebook on my Windows 10 computer, after using a website with a Facebook messaging plug-in, with the claim that there was malware on the system, I knew something was fishy.
   Like Google’s false malware accusationsso serious that people have lost websites over them—I knew to take this one with a massive grain of salt. However, I didn’t have a choice: in order to get in to the site, I had to download a Kaspersky malware program, and let it run. The program never appeared in my installed list in Windows. I let it run overnight, for seven hours, whereupon it was frozen at 62 per cent. Restarting the computer, I was back to square one.

Above: Doing things the Facebook way. Listening to them was bound to end in tears.

Above: There’s no sign of Kaspersky in Windows’ installed programs’ list.

   Here’s where things started getting very strange. Windows 10 began saying I had no antivirus, anti-malware, or firewall up. Normally I would use McAfee. However, no matter how many times I tried to choose it, the warnings kept coming, thick and fast. In one case, it chose Windows Defender for me—only because I decided to let it run—and would not permit me to change it back through the settings. The timing of these events was all too suspicious.
   There was a rumour, denied by Kaspersky, that it was creating malware to throw off its competitors. The jury’s still out, but it’s just odd that while Kaspersky is running its Facebook scan, of what I knew to be non-existent malware, that McAfee would be inaccessible. I went to the McAfee website to file this.

Above: While the Kaspersky scan proceeded, McAfee was knocked out and could not be switched on. Coincidence?

   Unlike most people, I have options open to me, so I began to go on to Facebook using several different methods. A VirtualBox containing XP on the same computer was fine, if incredibly slow while Kaspersky was doing its thing. (Think about Windows XP on a 386.) Lubuntu was fine as well, as was Mac OS X. I Tweeted the McAfee community link, and thought it odd that it did not appear in Facebook (I have my Twitter set up to post there). I then tried to paste the link into Facebook manually, whereupon, in Lubuntu and Mac OS, I was told that my computer was now infected with either a virus or malware. Unlike Windows, I had the option of telling them they were in error, and I was able to continue using the machines.
   This really sounds like Facebook and Kaspersky have it in for McAfee and, possibly, rival products, if the scan knocks out your choice of antivirus and anti-malware program, and if the mere mention of mcafee.com inside Facebook results in a warning box saying your computer is infected.

Above: On a Mac, I couldn’t even tell people about the post on mcafee.com. The second I did, Facebook said my computer was infected. The same thing happened on Lubuntu. Facebook accuses you of infection on the mere mention of mcafee.com.

   Eventually, the entire system froze, and while I could still move the mouse about, I couldn’t access the task bar or go to other programs.
   I was forced to do a hard reboot.
   But you’re asking now: was I ever infected? No. It’s Google all over again.
   Peter, the very knowledgeable McAfee support tech who came to my aid many years ago, was present again and put me on to two other programs after this restart. Getsusp analysed my system for malware, and, you guessed it, found nothing. Malware Bytes did the same, and found some PUPs (potentially unwanted programs), all of which I knew about, and I had intentionally installed. They’ve been present for years. In other words, two other malware scanners told me my system was clean. Malware Bytes did, however, restore McAfee as the correct antivirus program, exactly as Peter had predicted.
   He also suggested a system restore, which sadly failed, with Windows giving the reason that an antivirus program was running. Having restored this system once before (after some bad advice from Microsoft), I knew it couldn’t be McAfee. The only difference on this computer: I had had Kaspersky doing its Facebook scan. It appears that Facebook and Kaspersky don’t want you restoring your system.
   I had fixed the newer issues, but the original one remained: I couldn’t get on to Facebook. The Kaspersky scan never finishes, incidentally—you’re stuck on 62, 73 or 98 per cent—and while not having a personal Facebook is no great loss, I have businesses that have presences there.
   I stumbled across a Reddit thread where others had been forced to download antivirus programs by Facebook, and, fortunately, a woman there had found where hers resided. In my case, it was at C:\Users\USERNAME\AppData\Local\Temp\FBScanner_331840299. Deleting this, and all cookies mentioning Facebook and Kaspersky, restored my access.
   What to do if you ever come across this? My advice is to, first, run Malware Bytes, but ensure you run the free version, and do not opt for the trials. Once you’re satisfied your computer is clean, head into your cookies and delete all the Facebook ones, and any from the antivirus provider it recommends. This second Reddit thread may be helpful, too. I don’t know if this will work completely, but anything is preferable to following Facebook’s instructions and wasting your time. I really need to stop following instructions from these big firms—you’d think after all these years, I’d know better.

PS.: I found this video from last July which suggests the malware accusations have nothing to do with your computer set-up:

In addition, I cannot paste any links in Facebook. The situation began deteriorating after I regained access. Initially, I could paste and like a few things, but that facility eventually disappeared. Regardless of platform, I get the same error I did on the Mac yesterday (see screen shot above). Liking things results in the below error, and the wisdom there is to wait it out till Facebook staff get back to work on Monday.

P.PS.: Holly Jahangiri confronted the same issue as I did a few days later. She was smarter than me: she didn’t download the anti-malware malware. Have a read of her post here: other than that one difference, it’s almost play for play what happened to me for four days. She’s also rightly frustrated, as I am, by Facebook’s inaction when it’s legitimately needed.

P.P.PS.: Not only does Kaspersky delete your comment when you ask on its blog how to remove the malware scanner, they also clam up when you ask them on Twitter.

P.P.P.PS.: I’m beginning to hear that deleting cookies will not work (April 26). Facebook seems intent on having you download their suspicious junk. In those cases, people have switched to another browser.

P.P.P.P.PS.: Andrew McPherson was hit with this more recently, with Facebook blocking the cookie-deleting method in some cases, and advises, ‘If you get this, you will need to change your Facebook password to something very long (a phrase will do), delete and clear your browsers cache and history, then delete your browser, then renew your IP address to a different number and then reinstall your browsers.’ If you cannot change your IP address but are using a router, then he suggests refreshing the address on that. Basically, Facebook is making it harder and harder for us to work around their bug. Once again, if you sign on using a different account using the same “infected” computer, there are no problems—which means the finger of blame should remain squarely pointed at Facebook.

P.P.P.P.P.PS.: June 17: for those who might find Andrew’s method too technical, the current wisdom is to wait it out. It does appear to take days, however. Reminds me of the time Facebook stopped working for me for 69 hours in 2014.

P.P.P.P.P.P.PS.: January 28, 2017: David has come up with a great solution in the comments (no. 103). You can fool Facebook into thinking you are using a Mac by changing the user-agent. He suggests a Chrome Extension. I have Modify Headers for Firefox, which might work, too.

Related posts

Filed under: internet, technology, USA—Jack Yan @ 06.10

112 Responses to ‘Facebook forced me to download their anti-malware, and my own antivirus gets knocked out’

  1. Jack Yan says:

    You are right, Ann—I hope you have since been able to access your account.

  2. […] more than customers—its distributors surely will think twice. (I’m also looking at you, Kaspersky. Another firm to avoid.)    4. Advertising your website in large letters and have it not […]

  3. David says:

    I did this I found on the net, took 2 seconds –
    Re: Facebook F-Secure malware scanner

    1. Change your user agent with a browser addon – that way you ‘fool’ facebook you are on a Mac – it will prompt you to confirm with an OK that you do not have viruses, instead of forcing you to download the redundant and un-necesarry extra online scanner.
    2. Facebook will see the fake user agent and instead of offering you to download the windows based online scanner will simply present you with a menu – asking “Did you run antivirus for Mac?”
    And you can press “Yes i did” and it lets you in for good.

    3. Then revert back the user agent to its usual state
    4.[Optional] Change your password and run a rull AV scan with your own AV
    5. [Optional] Run an extra malware scan with malware bytes
    just my 2 cents

    Perfect, sod off Facebook. ME 1 – 0 Facebook. 100% works, you can do it manually or there is a Chrome Extension. I used the extension, turn to Sarfari, Loaded facebook, told them I did the scan, then clicked continue to Facebook. Then turn it back to Chrome, Close Chrome and reopened to check and I am in. Good luck, don’t download that software Facebook ask you to its a scam.

  4. Jack Yan says:

    An excellent idea, David! I use Modify Headers on Firefox, for those using Firefox. I will update the original post so people can see your idea. Thank you!

  5. @docgreen81 says:

    Same thing happened to me tonight in Google Chrome. One minute I’m surfing along reading comments, then I click a notification and *BAM*… Facebook logs me out and tells me that I have malware.

    Now, interesting side note… I’m an IT professional. Identifying and removing malware is one of my primary jobs. I have more than adequate malware protection on my computer, and can assure you that I do not, in fact, have malware on my PC.

    I also got a notification on my phone saying “You’re temporarily restricted from creating open graph actions” for 24 hrs.

    I had previously had issues pasting links into Facebook before this, but I had dismissed it as a problem with Chrome, and was always able to fix it by closing and re-opening the browser.

    Also, I had no problem at all logging into my Facebook account ON THE SAME DAMN COMPUTER using Internet Explorer.


  6. Jack Yan says:

    It’s great to get a few very learned opinions on this issue this week. Thank you, Docgreen81. As a professional, you’ll know this is Facebook itself playing silly buggers and nothing to do with someone masquerading as Facebook. There are some who theorize that the download is malware (someone inside Facebook enjoys irony). What we do know is that the Facebook malware warning is, for the most part, BS, since you can get in with IE. Word of this forced download is spreading, so I hope Facebook will eventually have to acknowledge that they have been spying on us.

  7. Erika says:

    David, how do I “1. Change your user agent with a browser addon – that way you ‘fool’ facebook you are on a Mac”? I am not very computer savy, please help.

  8. Jack Yan says:

    Hi Erika, I use a browser add-on to change the user-agent, but I’m on Firefox. Is this what you’re using?
       My Firefox one is called Modify Headers and it can be located here. If you are on Firefox, give that a go—if you’re not clear on how it works, I can try to walk you through it.

  9. Anastasia says:

    Thank you so much for this post. I just run into this problem after reinstalling my pc, full clean install with malwarebytes on. Cleaning cookies didnt help but changing agent to Safari did the trick!
    Glad I found your post :)

  10. Jack Yan says:

    My pleasure, Anastasia! I’m happy this post has helped so many.

  11. Their site is full of spam and malware, yet they have the audacity to enforce “real names” policy, and force us to send them scanned PERSONAL IDs? Are they f**king kidding me? If this is the kind of racket Facebook has decided to be involved in, I’d rather not use Facebook anymore. I don’t understand how the law has not got involved. This is in fact “ransomware.”

  12. Jack Yan says:

    The law, and the tech press (whom I have alerted, too, but no one seems to think this is a worthy story). It looks very damning to me, but maybe no one wants to upset rich people these days. There’s a good reason ‘Welcome to Facebook’ can be abbreviated as WTF.
       I had been progressively cutting down on Facebook anyway, and these forced downloads simply sped up my de-Facebooking. I still have the odd work page on there but as to personal updates, I can’t be bothered. Personal sharing was down 25 per cent in 2015, 29 per cent in 2016, so I imagine they’re desperate to get our data by whatever means possible. Hopefully as word spreads about Facebook’s conduct, more and more will actually leave the site, or at least ensure that sharing is so low Facebook might as well be Myspace.

Leave a reply