Jack Yan
Global  |  Leadership  |  Experience  |  Media  |  Videos
Blog  |  Contact
 
  You can’t beat Wellington. Subscribe to my Facebook page Join my page on Facebook Follow me on Twitter Follow me on Drivetribe Follow me on Tumblr Follow me on Linkedin Follow me on Weibo Check out my Instagram account Follow me on Pinterest Subscribe to my blog’s RSS feed  

 

Share this page




Quick links


Surf to the online edition of Lucire





Add feeds



Get this blog via email
Enter your Email


Powered by FeedBlitz

Enter your email address:


Delivered by FeedBurner



 

The Persuader

My personal blog, started in 2006.



« | »

02.01.2016

Facebook forced me to download their anti-malware, and my own antivirus gets knocked out

You are currently browsing comments. If you would like to return to the full story, you can read the full entry here: “Facebook forced me to download their anti-malware, and my own antivirus gets knocked out”.


Filed under: internet, technology, USA—Jack Yan @ 06.10

171 Responses to ‘Facebook forced me to download their anti-malware, and my own antivirus gets knocked out’

  1. Jack Yan says:

    You are right, Ann—I hope you have since been able to access your account.

  2. […] more than customers—its distributors surely will think twice. (I’m also looking at you, Kaspersky. Another firm to avoid.)    4. Advertising your website in large letters and have it not […]

  3. David says:

    I did this I found on the net, took 2 seconds –
    Re: Facebook F-Secure malware scanner

    1. Change your user agent with a browser addon – that way you ‘fool’ facebook you are on a Mac – it will prompt you to confirm with an OK that you do not have viruses, instead of forcing you to download the redundant and un-necesarry extra online scanner.
    2. Facebook will see the fake user agent and instead of offering you to download the windows based online scanner will simply present you with a menu – asking “Did you run antivirus for Mac?”
    And you can press “Yes i did” and it lets you in for good.

    3. Then revert back the user agent to its usual state
    4.[Optional] Change your password and run a rull AV scan with your own AV
    5. [Optional] Run an extra malware scan with malware bytes
    just my 2 cents

    Perfect, sod off Facebook. ME 1 – 0 Facebook. 100% works, you can do it manually or there is a Chrome Extension. I used the extension, turn to Sarfari, Loaded facebook, told them I did the scan, then clicked continue to Facebook. Then turn it back to Chrome, Close Chrome and reopened to check and I am in. Good luck, don’t download that software Facebook ask you to its a scam.

  4. Jack Yan says:

    An excellent idea, David! I use Modify Headers on Firefox, for those using Firefox. I will update the original post so people can see your idea. Thank you!

  5. @docgreen81 says:

    Same thing happened to me tonight in Google Chrome. One minute I’m surfing along reading comments, then I click a notification and *BAM*… Facebook logs me out and tells me that I have malware.

    Now, interesting side note… I’m an IT professional. Identifying and removing malware is one of my primary jobs. I have more than adequate malware protection on my computer, and can assure you that I do not, in fact, have malware on my PC.

    I also got a notification on my phone saying “You’re temporarily restricted from creating open graph actions” for 24 hrs.

    I had previously had issues pasting links into Facebook before this, but I had dismissed it as a problem with Chrome, and was always able to fix it by closing and re-opening the browser.

    Also, I had no problem at all logging into my Facebook account ON THE SAME DAMN COMPUTER using Internet Explorer.

    WTF?!

  6. Jack Yan says:

    It’s great to get a few very learned opinions on this issue this week. Thank you, Docgreen81. As a professional, you’ll know this is Facebook itself playing silly buggers and nothing to do with someone masquerading as Facebook. There are some who theorize that the download is malware (someone inside Facebook enjoys irony). What we do know is that the Facebook malware warning is, for the most part, BS, since you can get in with IE. Word of this forced download is spreading, so I hope Facebook will eventually have to acknowledge that they have been spying on us.

  7. Erika says:

    David, how do I “1. Change your user agent with a browser addon – that way you ‘fool’ facebook you are on a Mac”? I am not very computer savy, please help.

  8. Jack Yan says:

    Hi Erika, I use a browser add-on to change the user-agent, but I’m on Firefox. Is this what you’re using?
       My Firefox one is called Modify Headers and it can be located here. If you are on Firefox, give that a go—if you’re not clear on how it works, I can try to walk you through it.

  9. Anastasia says:

    Thank you so much for this post. I just run into this problem after reinstalling my pc, full clean install with malwarebytes on. Cleaning cookies didnt help but changing agent to Safari did the trick!
    Glad I found your post :)

  10. Jack Yan says:

    My pleasure, Anastasia! I’m happy this post has helped so many.

  11. Their site is full of spam and malware, yet they have the audacity to enforce “real names” policy, and force us to send them scanned PERSONAL IDs? Are they f**king kidding me? If this is the kind of racket Facebook has decided to be involved in, I’d rather not use Facebook anymore. I don’t understand how the law has not got involved. This is in fact “ransomware.”

  12. Jack Yan says:

    The law, and the tech press (whom I have alerted, too, but no one seems to think this is a worthy story). It looks very damning to me, but maybe no one wants to upset rich people these days. There’s a good reason ‘Welcome to Facebook’ can be abbreviated as WTF.
       I had been progressively cutting down on Facebook anyway, and these forced downloads simply sped up my de-Facebooking. I still have the odd work page on there but as to personal updates, I can’t be bothered. Personal sharing was down 25 per cent in 2015, 29 per cent in 2016, so I imagine they’re desperate to get our data by whatever means possible. Hopefully as word spreads about Facebook’s conduct, more and more will actually leave the site, or at least ensure that sharing is so low Facebook might as well be Myspace.

  13. SandraL says:

    Tonight I was on facebook for at least a couple of hours. I read a post, then went to read an article, posted the article – which was about Venezuela giving Trump $500K for his inauguration…which it got from Russia…and then BOOM! I got that message saying my laptop was infected.

    Now, that seems to me that this has something to do with Russia…but, I did NOT download their antivirus because I already have one running on my system.

    What I did do is sign into FB with not just one, but TWO other FB accounts…on the same computer. No problem. Got in just fine. Then tried to sign in on another computer with my main FB account and boom! same message saying my device was infected. So I know it is account specific.

    I ran two antivirus scans on my computer, and nothing came up. Ran malwarebytes and nothing came up.

    Tried deleting cache and cookies, tried signing in with two different browsers on both computers, and same result. I can sign in with two different accounts but not with my main account.

    I am FUMING! Is Facebook in cahoot with a third company? OR has Facebook itself been hacked and thereby, all user accounts? Are we being monitored for what we upload? or what links we post? Or content?

    Because it seems very, very suspicious that as soon as I tried to post this article, which btw, did NOT post, as I can view what I post through my other accounts via “friends”…that suddenly I’m logged out and I get this notice from FB. Very VERY SUSPICIOUS.

  14. Miles says:

    Which Chrome extension should I use? There is no mention of the one to use?

  15. Jack Yan says:

    Hi Miles: on Firefox, it’s Modify Headers. Because Chrome is Google, I don’t use it, and I suspect David, whose suggestion it was, didn’t subscribe to the comments. I’m sure if you look up header modifications and user agent in wherever Chrome has its add-on library, you’ll find something to suit.

  16. […] have long maintained that Facebook’s databases are dying (hence their need to force people to download malware) and tonight’s discovery is a case of ‘What more proof do you need?’    Tonight, I […]

  17. Cee says:

    Just got that infamous message by facebook

    Let’s Check Your Device for Malicious Software
    Hi Cee, we’re continuously working to keep your account secure. We’ve noticed that this device may be infected with malicious software. To continue to use Facebook, you can either use other devices or clean this device by downloading the scanner provided by Facebook and Trend Micro.

    I tried cleaning the cookies there chrome://settings/cookies

    Nothing

    I tried logging in from explorer browser- same message by facebook.

    Anything I could try ? I am not an expert like you guys.. I have “Windows Defender” and it says it is all ok..

    Thanks for any input!

  18. Jack Yan says:

    Cee, if you scroll up you’ll see a comment by David, who suggests using an extension to modify your headers. There’s a separate comment on this blog (on another thread) which confirms that it works. They are slightly technical but in the second link, Stephan gives step-by-step instructions, and I would highly recommend what he says. I assume you’re using Chrome (because of the chrome://settings/cookies you mention)?

  19. Cee says:

    Thank you Jack Yan.. I read it but must sit with someone who understands the topic I am afraid..
    Apart from that FB ‘s last message was to block my account for 2 days and 22 hours… Wondering what will happen after that time !

  20. Jack Yan says:

    That’s really interesting, Cee. If Facebook has given a time, then it proves once and for all this has nothing to do with malware, and they are lying to you. There’s evidently something wrong with their databases and it’ll take then three days to fix. Others have reported that they were locked out for three days (up to a month in one case). I think in two days and nine hours (given I am replying to you much later), Facebook will just work as though nothing has happened.

  21. Cee says:

    It s really a big joke this FB thing… Wish I did not have to be part of it but my business page is there and until another option is worth it, I will remain there.
    I will report on friday and see if I am back in or not! :)
    Cheers Jack and everyone!

  22. Jack Yan says:

    Thank you, Cee! Like you, if I didn’t have work pages to manage, I’d happily abandon Facebook. I see very little point to it now in 2017.

  23. Suzie says:

    My problem is that I got this message on my employer computer and the last thing I need to do is call the help desk to clean it up. My office manager knows that all of us do this but none of the others have gotten this message. How can I get rid of it from a computer that belongs to the state?

  24. Jack Yan says:

    It might be an idea to contact the help desk because few people seem to believe this is happening. Demonstrate that any other account on your PC is fine, just not yours. Show them this post, and also refer them to my comment above. Hopefully the fix those two users posted still works.

  25. Tina Cosgrove says:

    I got this stupid message this morning using chrome! I refused to download Kaspersky. I did a full scan running my software and cleared my browser history and cache. Still couldnt get into facebook. Switched to firefox and got logged in with no problem!

    BTW i had searched facebook help and found a few people posting about this. I only ever found responses asking for screenshots but never an explanation of why it is happening.

  26. Jack Yan says:

    Great to know you got back in, Tina. Facebook (and Kaspersky, etc.) will never come clean about this—they haven’t to date and I doubt they ever will, probably because whatever they are planting on to our computers is dodgy.

  27. Cee says:

    it seems I forgot to check back with you guys…. sorry about that!
    So yep..the following Friday after that ban of 22hours or so, I was back in as if nothing happened and FB even had the nerve to inform me I had not posted anything those past days…
    Can someone please create something else –worthy– than this FB????

    Cheers everyone!

  28. JTLeung says:

    Hi Jack. It seems I’ve received the same issue as I am unable to access Facebook through Chrome and it wants me to install Kaspersky. I’ve already cleared my browsing cache, history, etc. but refuse to install Kaspersky. My antivirus McAfee and MalwareBytes both came up clean. I’m not sure what to do in order to regain access to Facebook via Chrome. Please advise. Thank you for your assistance. It is greatly appreciated!! Best regards – JTL

  29. Jack Yan says:

    JT, have you tried the idea above of spoofing your headers? It’s in one of the comments. So far that seems to be the best solution.

  30. JTLeung says:

    Hi Jack and thank you for the response. I’m not sure if I did this correctly. I followed the instructions of downloading the Chrome extension, then I went to (https://udger.com/resources/ua-list/browser-detail?browser=Safari) selected a string and pasted that into the Modify Headers for Google Chrome extension and got this:

    http://i.imgur.com/l2J1ee0.jpg

    Then I went to try out the facebook page and received a different version of their message except this time they asked to scan with Eset instead of Kaspersky.

    http://i.imgur.com/o3hCzyn.png

    I’m not sure if I did any of this correctly as I am not very good with computers. Please advise. Your help is much appreciated. Thank you and best regards :D! – JTL

  31. Jack Yan says:

    Hi JT, what you did looks right to me, but what I would try is a much later version of Safari. See if the one at the bottom of the page you cited works better:

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13) AppleWebKit/603.1.13 (KHTML, like Gecko) Version/10.1 Safari/603.1.13

    I don’t use Chrome myself so I am trying to work out the best solutions based on the comments posted. Hopefully the above will be more successful than the user-agent string you tried.

  32. JTLeung says:

    Hi Jack and thanks for the response. Unfortunately, it took me back to the original screen where they ask me to install the Kaspersky scanner. It seems Facebook might have learned about this spoof technique. Do you know anyone else who uses Chrome who is also facing a similar issue recently who also tried this technique? I’m wondering if it might be account based where they lock your account and not an actual Chrome issue.

    Please let me know what you think. Your help is much appreciated. Thank you and have a great week :D! – JTL

  33. […] This happened while Facebook was working fine in my Firefox browser. I found this very helpful hint here ( see comment # 3 in this lengthy article ) how to overcome this strange means and enable Facebook […]

  34. Jack Yan says:

    Hi JT, I’m afraid my sum knowledge of this is largely on this blog. I hear from a lot of people via Twitter but no one has gone into depth on what they have done (given Twitter’s character limits). But I can say with absolute certainty that it is your account they lock. Someone else can log in on your supposedly “infected” PC and have no problems with Facebook. The trick is fooling Facebook into thinking you are running a computer for which they have no fake malware scanner. I had hoped telling them that you were on a Mac would do it. But as I have noticed, Facebook does block techniques that people adopt in order to force them into installing their program. And no one will come clean on what that program does, not ESET, not Kaspersky, no one. If the program was innocent, then they have no reason to clam up.

  35. JTLeung says:

    This is really frustrating. Ongoing for over 10 days now. I think you are absoultely correct about the account being locked. I tried the user agent thing one more time but with a different string [Chose this one: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-HK) AppleWebKit/533.18.1 (KHTML, like Gecko) Version/5.0.2 Safari/533.18.5 ]

    After revisiting the facebook log in, instead of getting the Kaspersky scanner, I get this message instead “Account temporarily unavailable. Please log into http://www.facebook.com from your computer and follow the instructions you see there”.

    http://i.imgur.com/Zz5PnQU.png

    So it seems no matter what I try, it will probably prevent me from accessing my account via Chrome, IE, microsoft Edge, or Opera unless I install their scanner. At this point, not sure what else I can try. Hopefully someone has a new method some time in the near future as I have basically lost all contact and info with all the people I met on Facebook the past few years LOL…

    Thank you again for all the help! It is much appreciated! Best regards and have a great weekend – JTL

  36. LIRON says:

    Hi. The same happened to me… I uploaded Kaspersky and it wrote me that everything fine with my computer. I was sure I’m going to UNinstall Kaspersky but I couldn’t find it on my computer.
    what should I do?
    Thank you guys

  37. dee says:

    This has been happening to me every other DAY for about a month. But only when I use Google Chrome. Sometimes it’s Kaspersky that pops up, but today it was Eset. I had no choice but to uninstall Google Chrome. It got to be that I had to wait until it scans and only then could I get back onto Facebook. All my friends are insisting that I have some major virus, but everything comes up clean. So I wrote to Kaspersky yesterday and eset today to see if there is SOME way to deactive this nightmare.

  38. Jack Yan says:

    It’s discussed in the penultimate paragraph of the main post (there’s a link to Reddit as well).

  39. Jack Yan says:

    I’ve written to them both, and they both clam up. They initially engage with you when you don’t tell them what it’s about. The minute you do, and you say it’s the Facebook malware scanner, they run a mile. Your friends are all wrong, this is Facebook at its finest. Facebook has even bragged about offering it. This will keep spreading—then I’m sure they’ll believe you.

  40. Jack Yan says:

    Hi JT, the only remaining suggestion I have if you have gone through the header changes is to use a Mac or a Linux machine for real and see if that makes a difference. Back in 2016 when this hit me, I was able to get in via Mac and Ubuntu (but not post links).

  41. dee says:

    Yup..wrote to both and they both claimed innocence. That I should write to Facebook about it! LOL..yeah, good luck with that. I also found the FB_scanner file in my temp files, like you instructed. I click on them and it turns into a zip file. I click on THAT and it says “CHROME_EXT” As soon as I stopped using Chrome, I stopped being bothered by it. I also cannot delete those scanner files no matter what I do. Any suggestions on how to get rid of them? Thanks so much for this blog.

  42. Jack Yan says:

    Hi Dee, I’m not sure how to get rid of those scanner files. When I got this, I could just delete that FB_scanner folder. I imagine they must have changed their program since to prevent people from deleting it. You could give Ccleaner a try—I’ve found it pretty good when it comes to removing useless files. I just don’t know if it’s designed to pick up the Facebook “scanner”.

  43. dee says:

    Thanks! Will give it a try…they are insidious and evil!

  44. […] in 2017, giving fewer clues about how candidates are thinking, and I hardly look at my Facebook (for obvious reasons). I have spied some of the TVCs, where Labour has done an excellent job, and (last I looked) […]

  45. […] in its pettiness over allegedly targeting Vivaldi, and Facebook doesn’t as it gathers data and falsely accuses its own users of having malware on their machines.    On September 1, my colleague Euan Semple wrote, ‘As tools and services provided by […]

  46. Holger says:

    Also my experience.

    I am shocked that FB does this!

    FB is almost like a virus.

  47. Jack Yan says:

    Thank you for dropping by, Holger. Did you wind up downloading their “scanner” or were you smarter than me and avoided it?

  48. DDalton says:

    I fixed being locked out of my Facebook account because of “malware on this device, download our scanner etc etc”. I’m using a PC so I don’t know the steps for Mac or Linux.

    Also, this fix requires that you have previously backed up your Chrome Browser user profile (or other browser you were using before you were locked out).

    I attempted to unintstall/reinstall Chrome, “Reset” Chrome, etc. None of these worked for me. Below are the steps I took to regain access to my account using Chrome on a PC.

    1) Press the “Start/Win” key.

    2) Type %appdata% (yes with the % sign).

    3) Click up one folder. You should see the following folders “Local”, “LocalLow”, and “Roaming”.

    4) Open “Local” and find the folder named “Google”. This is your user profile for Chrome.

    5) Move it to the Desktop. There should now no longer be a “Google” folder in “Local”.

    6) Copy your Google Profile backup into “Local” and you should be good to go.

    7) When you attempt to login to Facebook, it will most likely offer you to recover your account. DO THIS!

    8) After you’ve recovered your account, you should now be able to use Facebook on Chrome.

  49. Jack Yan says:

    Thank you, Donald, for your time and offering your solution to this.

  50. joseph BODDEN says:

    If Putin will murder a writer/poet with a radioactive element, what will he do or threaten to get Kaspersky (a Russian company) to effect the installation of malware, trojans, backdoors etc. into a very large user base in the United States and other countries?
    We can trust Russia not to hack our private computers just like we can trust them to not tamper with our elections… and Trump is likely playing ball which is prolly why the FBI, NSA is not all over this.
    IF my computer is gonna be hacked, at least let it be some homeboys…

Leave a reply