265 thoughts on “If Facebook says you have malware, do not download their program—here’s a way around it

  1. Hi Suzanne, I wonder if you tried the suggestion from Stephan above. I would completely believe Facebook would falsely accuse a user of malware just because they were blocking ads. I discovered that Facebook was getting a lot of user preferences, even when people opted out of allowing Facebook to use them for advertising purposes. In fact, it would not let people delete those preferences, by repopulating the page regularly. You can see what it has on you (a lot of it is laughable) at facebook.com/ads/preferences/edit, and I find that deleting everything out of there will reduce the number of ads you see substantially. It might be worth a shot to see what changes it makes, but please note that this is at your own risk.

  2. Richard, I would be very worried proposing this as a solution, as I believe the app extracts more private information off your computer, which is what many of us suspect Facebook’s download of doing. Did you try the solution above of modifying headers when you said you tried ‘everything’? Others who have have reported that that works well, and you don’t need to give in to Facebook’s tricks.

  3. My first ‘Clean This Device’ hit me 20 June in Chrome.
    I installed McAfee later on 20 June. (Thinking Panda wasn’t doing its job.) I am 100% satisfied that my device is clean.
    Link-posting was impossible.
    Installed Firefox 24 June and Opera 25 June. No farcebook access allowed with those.
    Had another hit on 25 June in Edge.
    So, using another e-mail address, set up another fb account… which they disabled ‘as a security precaution’ within two hours. (I was able to make the new account an admin in a group and post links but those posts later vanished.)
    Was able to use clunky old IE until today when I got another hit.
    In Chrome, I have the FB Purity add-on.
    I have now disabled that. No change.
    I don’t think I want to ‘mess around under the bonnet’ as you call it, modifying headers, unless I have no alternative.
    Waiting as an option? This has been messing me around for two weeks now. (I saw that Craig and Ian recently mentioned a month.)
    If it is specific to the fb account, is it only a matter of time before other devices are hit by this?
    I’ve considered buying a new device but could that be a waste of money?

  4. Nigel, when I look through all the various comments, it’s definitely not your device at fault, but Facebook’s handling of accounts, or there’s some corruption of the database which holds your account (something which boffins tell me is unlikely and something which experience tells me is very likely). The header modification plug-ins are harmless and don’t affect the browser per se, only what the browser sends to the website (it’s not like fiddling about with about:config stuff—you’re not tuning the engine, you’re adding a spoiler). If it makes you feel better, I have used header-changers for many years, long before I got hit by this, for privacy reasons. Don’t buy a new device—when I switched to Linux and Mac, I was still hit with malware warnings, but because Facebook (then) didn’t have malware “scanners” for these platforms, I was allowed into the site. Link-posting was still impossible, but if they believed I was on a non-Windows machine, they went easier on me and I could at least access the site and send messages.
       Otherwise, that month’s wait could be the only remaining way.

  5. Nigel,
    Yes, it seemed that the month-long wait was all I had to do. In my case, this was device dependent. This was my office computer that was locked up. Every other device I used was able to continue accessing FB with full functionality. Phone, Tablet, iPad, Laptop PC. (some of these devices have AdBlocker Plus on them, some don’t) I am in no way tech savvy so I also didn’t feel comfortable with the header changes. There seems to be no real pattern with this FB attack. I am really leaning to Jack’s theory that they have some MAJOR database issues going on and it’s just being kept hush-hush.
    Cheers,
    Craig

  6. Thanks, Jack. Okay, I’ve gone for the iPhone in Firefox route.
    Craig, the waiting game didn’t totally appeal to me, my doubt was if I was tech savvy enough to handle it (and if fb would have a comeback against it).
    The way in didn’t seem to resemble the earlier guidelines and I didn’t feel too sure as I tackled it but, yes, I am back in. As others said, it looks weird, mainly because link images are blown up in size to fill the width of the screen.
    One problem so far, ‘Your browser doesn’t support posting photos directly.’ This is a nuisance. Is there a way around this?
    Posting a link was okay but I would have preferred to post a photo and add the link.
    I’m still unsure why I couldn’t set up a second fb account. I know others who have two or three.
    Jack, you mentioned nobody picking up on this story. Worth trying an approach to Rory Cellan-Jones, the BBC’s technology correspondent?

  7. Thanks, Craig. My theory comes from observations of other bugs on Facebook—tiny things like being unable to see any tagged photo of me before a certain date, entire sections of the photo album missing for my main account, or a weird 69-hour outage a few years ago when I could no longer post, like or comment (it wasn’t “Facebook jail”: the site just failed). By calling it a malware issue on our computers, it buys Facebook the time to make its repairs. I’ve been on many a site where the database has failed: a Yahoo! Group in the late 1990s deleted every message and took away all functionality even though I did nothing wrong, and all my other groups were there; another site I was on called Vox failed in 2009, and even the people at their HQ couldn’t write a new post after I gave them my username and password. Therefore, when geeks tell me databases do not fail, I have to laugh, because I’ve witnessed them happening on big sites for nearly two decades.
       Of course, if this went public, Facebook’s shares would take a nosedive, and most people won’t question what is happening.
       Nigel, I can Tweet Rory and see what he thinks—thanks for the lead.
       There were plenty of journalists repeating Facebook’s press release that they had a malware scanner, but no one prepared to call them out for their BS.
       It is a mystery to me why you can’t set up a second account though. I did just that when I got locked out in 2016, and made the new account a back-up admin to my work pages.
       What is interesting is that this blog post is getting more hits, which tells me the problem is becoming more widespread, and the solution has gone from deleting cookies (till April 2016) to waiting three days, to waiting five days, and now waiting a month, save for the header trick posted earlier. Facebook really needs to account for this.

  8. Glad I found this thread. I’m now locked out and still am after running CCleaner and Malware Bytes. That’s OK, I’d been wanting to take a break from fb anyway. I’ll see if waiting it out helps. I’m following this thread now to see if anything changes.
    July 11, 2017

  9. Hi Linda, thank you for commenting and for following this thread. As I write, Facebook is down worldwide for a lot of users. I can’t help but think this is related, that its databases have suffered some major failure, which had been my theory for some time.

  10. Yesterday, I received the FB message suddenly while in the middle of playing a FB game stating that malware was detected on this device and to use other devices or clean this device by downloading Kasperksy. I cleared caches, ran malwarebytes and windows defender – NO malware detected. I uninstalled Chrome and Firefox both in control panel and C drive programs folder and re-ran Malwarebytes and Windows Defender – NO malware detected. Reinstalled Chrome – gained access to FB. Witnin an our I received the message again but this time it told me to clean it with trend micro. Three other FB friends said they had the same issue – 2 stated that after restarting their devices 3 times they were able to get back on. 1 other said that they just waited a few days and got back on. I do post a lot of opinions regarding politics (anti-trump) I am beginning to think that I’ve been tagged. I can get on FB with my laptop but not my PC which is what I use primarily when on FB. Not sure if there is substance tot he ID, track and attack or if it is a FB virus only – I will not use this computer right now to do any personal transactions. Any updates?

  11. SATURDA JULY 16 2017 – RECEIVED THIS MESSAGE WHILE PLAYING A FACEBOOK GAME:

    “We’ve noticed that this device may be infected with malicious software. To continue to use Facebook, you can either use other devices or clean this device by downloading the scanner provided by Facebook and Kaspersky.”
    i RAN Malwarebytes and Windows Defender – NO malware detected. I unininstalled Chrome and Firefox from control panel and C drive programs folder. Ran Malwarebytes and Windows Defender again – NO malware – restarted computer. Ran Malwarebytes and Windows defender a 3rd tome – NO malware detected. Reinstalled Chrome – regained access to FB. Posted my experience – 4 replies – 2 indicated that the restarted 3 times and got back in to FB. 2 others indicated that the did what I did and used another device to access. They still cannot regain access to FB.

    After an hour of playing games and posting: it happened again: this time the download was for micro trends.

    We’ve noticed that this device may be infected with malicious software. To continue to use Facebook, you can either use other devices or clean this device by downloading the scanner provided by Facebook and Trend Micro.

    Chrome works every where else except FB – I am beginning to think that FB has a mechanism to ID, track and attack. Not sure why but I too post factual information regarding the trump administration and refute and post all fake news (anti-trump) = lately getting a lot of ‘bot a;t rogjt articles posted to my wall that I cannot delete or report but I do post my FAKE NEWS meme on those sites. I beginning to think there is a connection. I do know for a fact Cambridge Analytica and Strategic Communications Laboratories has tracked individuals ID through voter registrations records – not to get overly paranoid but I am beginning to think that FB is a propaganda forum for the wrong side of democracy.

  12. yesterday evening , i was playing facebook game and i got logged out and it wanted me to log in but tells me about malicious software. My hubby ran our Norton Security and we have nothing . I just can’t get logged fully back into my facebook on my computer , i am logged in just fine on my phone. I want to get back to my games. Just not sure what to do have tried several things and nothing working.

  13. Julie, there are some suggestions above about modifying your headers: have you tried that? It is slightly technical but I recall one commenter in one of my blog threads posted the steps you can take.

  14. I see this post is pretty old, however thi issue is still ongoing. I am forced now to download trend micro and FB is not letting me to my account. I think I have tried quite a lot: deleting all browsing data, reseting the browser (I’m using Chrome), even the computer, trying to log in from other browsers (firefox) or incognito window, initiating a manual virus scan (tho my Bitdefender says the PC is clean). I’m not really familiar with header changes, but what I know is that I havent downloaded any add ons or headers. Also FB is fully functional from my phone. (no tablet or other device is avaiable unfortunately in the household)
    No ide what do do – shall i download this trend micro then uninstalling it immediatelly? I am afraid it might casuse some harm on my PC.
    Im really worried about this issue and no idea now how to access my FB account from my PC.

  15. Nliv, do not download anything from Facebook. The trouble is, most people will not be able to remove it. It doesn’t show up in your installed programs’ list. And even if we were right in the post(s) about the program location, there’s no guarantee that that’s the only thing these people plant on your computer. If you don’t want to alter your headers, you may need to use m.facebook.com for the time being, even on the desktop, or potentially use a Mac or Linux PC. Wisdom appears to be that this takes three days to one month to pass right now.

  16. So I got the message today. My husband and I use THE SAME computer. I ran three different malware diagnostics tools and no malware was detected. I did not download their software. I use Chrome for all my browsing. My husband uses Firefox. My husband’s account is perfectly fine. No issues. Same computer. I deleted cookies. I used an incognito window, still no luck getting on. I uninstalled Chrome. I used the Firefox, still got the same message but get this. I logged out and logged in with my husband’s account and it works fine. So it’s obviously BS. I post a lot of anarchist stuff. I realized trendmicro is the service the government uses. I’m not letting them have access to every file on my computer. I have nothing to hide but I don’t trust the government not to put something there. I don’t know what their end game is but I still use FB on my phone so they are gaining nothing doing this. If you have any suggestions how I can get around it other than what I’ve tried already. I don’t think I can change my IP address, let me know. Thanks!

  17. It,s been 3 days now that my account has been blocked…
    I didn’t download their software either as I find it pretty frustrating since I also ran my malware softwares and bitfender antivirus and of course they found nothing…

    What if it’s just random? They just randomly do it to people just so they download their damn software and collect our info?

    I am waiting and hoping it won’t last a month… I still have access on my cellphone at least, and hope this will stay like this…

    This is very frustrating and really unethical from them…

  18. I’m sorry to report, Anne-Marie, but as one of farcebook’s recent victims, I couldn’t get back in until day 31. The modify headers/iPhone in Firefox alternative worked and although better than nothing was far from ideal.

  19. This “warning, malware” crap just hit me yesterday, July 31, 2017. Shows up when I use every browser to try to log into FB, no difference, here’s what it says:

    Let’s Check Your Device for Malicious Software

    Hi James, we’re continuously working to keep your account secure. We’ve noticed that this device may be infected with malicious software. To continue to use Facebook, you can either use other devices or clean this device by downloading the scanner provided by Facebook and ESET.

    — Yes, I can still access FB through my iPhone 6-Plus, no problem. Has anyone successfully downloaded “the scanner provided by Facebook and ESET?” I mean, the presumption here is that it’s a scam, but is it? If all it’s doing is collecting info (that’s an accusation, by the way, not a documented fact), but otherwise in fact IS a bona-fide malware cleaner, what’s my downside to complying?

  20. James, I was spurred to write the original post because I had downloaded the scanner—and it knocked out my real antivirus. Once downloaded, you’ll be hard pressed to find it: it’s not in your installed programs’ list. You can create a brand-new account on your “infected” computer and not have any malware warning (or, for that matter, log on as someone other than yourself). The down side, at least with what I have experienced, is a tremendous waste of time and actual damage to existing software. To me these things point to Facebook not being honest with us. I doubt very much there are any bona fides here from Facebook. There are reputable malware cleaners out there that you can always try out first before downloading things that wind up hidden inside your computer.

  21. Thanks. As it turns out, I’d just had a high-end tech guy at work install and run Malawarebytes Premium and run it for me, and I ran it again last night after I got home and got this FB warning.

    No problems detected.

    Plus I have “Symantec Endpoint Protection” running in background, no problems.

    So, sure, this FB “warning” is scammy (again, I can access my FB account through my iPhone 6-Plus), but geez, how do I fix it?

    I’ve watched several videos and have done the suggestion that I go into Chrome, Advanced Settings and restore to the default settings, but it won’t work. Even rebooted, just for the hell of it. Tried IE and Firefox, and still the dog won’t hunt.

    If you know of any EFFECTIVE quick fixes (written or videos), please post. And thanks for taking the time to help the afflicted here.

  22. The only successful solution that others have posted in the two threads I’ve got going here is to download an add-on for your Chrome or Firefox browser that alters your headers (specifically the user-agent). The trick is to fool Facebook into thinking you’re using a Mac, as the malware program isn’t geared toward Mac users. Nigel Young above chose to alter his headers to fool Facebook into thinking he was on his Iphone whilst he was surfing on his desktop. Here’s a link from one of the threads.

  23. OK, so this is a follow-up to my earlier posts. I gave up and drank the Kool-Aid.

    That’s right, I clicked and let FB and Trend-Micro, or whoever, scan my system. Took a few clicks, 80 or so seconds, and worked.

    I’m now back on FB like nothing happened.

    Ran my Malaware Premium (what my pro tech guy loaded on my Win-10 Dell Laptop, and recommends) and it detects no problems. Checked my Symantec Endpoint Protection (also runs in the background) and no problems reported.

    And a few days back, I did come down with a FAKE warning about a Zeus malaware infection (why my tech guy installed Malaware – to remove that fake-out, which beckoned me to call a fake Microsoft number for “help”), so maybe FB sensed my recent problem.

    Anyway, I’m back home again. About 3 hours time lost fuckin’ with this crap.

    I’ll report back here if I detect any problems. But if all I’ve lost is that FB has more info on me, fine. I’ll live with that. BTW, I’m a kick-ass lawyer who’s posted a lot of Dump Trump shit, and I enjoy plain vanilla, quality adult porn.

    Oh, and I’ve also published a naughtily subversive book on Amazon: “KC,” by P.A. Trate (Amazon 2013).

    I also pay a lot of money to CPA to make sure I pay all my goddam taxes (until yesterday, when I retired, I was a federal gov’t lawyer, so it made sense to be a good citizen).

    There, I’ve laid out all that FB and Da Gubmint would want to know about me – so there’s no need to scam me for more, OK you fuckers?

  24. That’s interesting, James, that it was a quick scan, because a lot of us had Facebook spend hours scanning away—or the scan would never finish. What Facebook was doing over eight or nine hours is a mystery. Question: were you able to remove the scanner once done, or is it still sitting on your system somewhere?

  25. I find this very odd as I cannot get into my FB through Chrome but am able to get in through IE so what is going on there?

  26. Jack, I was not able to “remove the scanner once done,” because I can’t detect any. It may be there and I’m not savvy enough to detect it, but it’s now August 13, 2017 and still there are no problems. Hence, this remains a nothing-burger for me.

  27. I’ve tried other browsers, deleting cookies, clearing temp files, m.facebook.com… Nothing works. Any NEW ideas out there?

    Thanks.

    John

  28. Oh… I even contacted FB: “Please fix or should we litigate?” No response, yet.

  29. Richard: I just tried Windows 10 from the app store. Still blocked.

  30. Fair enough—for me I didn’t want rogue programs sitting on my computer where no one was willing to explain their function.

  31. John, I can only suggest you follow the instructions for changing (or spoofing) the headers and see if that works. J. T. above tried it and has so far been the only one to report back that Facebook has blocked this method. Others have managed to do it and get back in.

  32. My Norton won’t let the FB scanner stay on my laptop — I too can’t use FB in Chrome (which I reinstalled) or FireFox.

  33. I got hit by the Trend Micro version of this Facebook number tonight and have read through the conversation. I think I got hit by it because of a lot of article sharing I’ve done lately, most of it very liberal. My main reason for being on FB is playing games some of which won’t play on my Android Galaxy Tab S3 tablet. I’m off to see if FB blocks my games in their Gameroom.

  34. Follow up to my last comment regarding FB’s latest trip. I was able to get on FB on my Galaxy Tab S3 just fine and type a message but when I tried to send it they refused to let me and sent me to a page of explanation. So it really has nothing to do with malware. I have been able to get on Facebook Gameroom just fine and play my games. I haven’t tried other browsers than Chrome yet.

  35. Hi, this popped up while I was in facebook this morning. I won’t download or let them in my computer. Is this normal? What is wrong with them?

    Let’s Check Your Device for Malicious Software
    Hi Karen Lee, we’re continuously working to keep your account secure. We’ve noticed that this device may be infected with malicious software. To continue to use Facebook, you can either use other devices or clean this device by downloading the scanner provided by Facebook and Trend Micro.

  36. Glad to find this blog but sorry that I’m also affected. 3 times in June. The first time was almost 3 days (I was only calm enough to make it through when I found this blog) It came back partially first — no posting of links or photos or playing of games for another day. The second and third times it only lasted for about a day and when I could connect again everything worked at once. The third time I even got an email from Facebook saying “We noticed you’ve been having trouble logging in. Click here and we’ll help you.” I did and that connected me.
    As of about 5 p.m. Friday it happened again and I’m still unable to connect. I actually got the email on Monday but when I clicked on it this time it didn’t work. I’m sad to read that some of you were out for a month or so before being allowed back on. Hope I’m not going to join your ranks this time but it looks like I’m on my way.
    I also use Chrome.

  37. Norton probably realizes the scanner is dodgy. I notice you wrote on the 18th, Jenny: are you back in now?

  38. Hi Serena, you are 100 per cent right: this has nothing to do with malware. Most of us who have been hit weren’t convinced about Facebook’s official statements. It also doesn’t add up: someone else using the same computer can get on their Facebook. It is definitely account-specific.

  39. Hi Karen, many of us above are completely suspicious of what this scanner is, because in practice very few people actually had malware when their computers were scanned by proper malware scanners. Facebook and its malware “partners” all clam up when asked, which naturally fuels the suspicion (Kaspersky even deletes your comments from their blog). You are right not to allow a download because it completely screwed up my real antivirus program. Some of us suspect it is malware or spyware, which happens to be endorsed by Facebook.

  40. Sandy, I have been locked out of Facebook for long periods due to their database problems for years; the first was 69 hours a few years ago. This, and experiences with other sites, suggest to me that there is something seriously wrong with Facebook, but by blaming us, it lets them off the hook because so far no one has been able to tell us what is inside their “scanner”. Can you imagine what would happen to their share price if word got out that the site was buggy? And yet, it is, and the tech press seems too scared to write about this. Three days tend to be the standard outage since my experiences in 2014, but you are right, a few people reported a month. It’s anybody’s guess—the site is unpredictable and there seem to be very few (if any) common threads tying us together.

  41. I just got this notice in Chrome about 2 days ago. I did the clear history/cache/cookies, no luck. I even tried downloading their thingy, but NOrton said it wasn’t safe. FB works in Firefox and Edge, but only in Chrome does it want me to download their junk. It keeps cycling through their things too.

    Guess I will wait it out. I can play the games in Edge and post links, pictures, etc. there. A couple months ago it did this too, but it was on another computer (I think) and their scanny thingy did it’s thing, I don’t know how long as it never told me when it was done. I’m not downloading another unknown file again.

  42. Hi Jack, they still won’t let me log in. I keep getting the message they want to scan my computer. They won’t let me post anymore either from any websites that share. I have Malwarebytes Premium and have scanned my computer and there is 0, nothing there, so I agree with you that FB is attempting to enter my computer. I got rid of Norton years ago, the worse anti virus around, right there with McAfee. I’m just grateful I found you before letting them scan my computer. This should be illegal for them to do.

  43. Just wanted to update my earlier comment: Again, I drank the Kool Aid with my Dell PC desktop and ran FB’s scan, and am still experiencing no problems of any kind. I didn’t bother to look for residual stuff on my PC, which is a 2012 model that has the free Windows 10 upgrade on it. I was and still do run “Symantec Endpoint Protection” and also “Malawarebytes Premium.” Fingers crossed!

  44. Final update for this go-round. This morning I still couldn’t log in to Facebook via Chrome (my default browser) That made 5 1/2 days of limited access via my phone. I decided to try Firefox and got on just fine. Have been using Firefox off and on all day to access Facebook with no sign of a “malware” message. Just checked chrome again and — eureka — my malware has mysteriously disappeared — 6 days, practically to the minute after this episode started.

  45. Michelle, I would wait it out as well—I was out for three days at a time with earlier Facebook SNAFUs (the 2014 incident was before they invented this so-called malware scanner).

  46. I had a similar experience, Karen, with no link-posting allowed for days. I agree this should be illegal—also the tech press should be getting a journalist to research just what this scanner does. Also if the scanners are all from different companies (Trend Micro, Kaspersky, etc.), then how come they all operate in exactly the same way and never appear in our installed programs’ list? Nothing about this adds up.

  47. Hi Sandy, glad you are back in—it’s interesting that it’s six days since I was out for three at a time, and even more interesting that a computer that was allegedly infected with malware was suddenly OK without Facebook’s “scanner’s” intervention. It shows again what a big con this is, and how deceptive Facebook is. Those in the US really should bring this up with their authorities.

  48. FB still wants to scan my computer. After hearing about how Google is cutting people from their emails, calendars and signing in, I’m convinced there’s something behind FB and Google’s motives for doing what they’re doing. It was on the news last night how Google stopped a professor in Canada from accessing his account.

  49. It’s me again. My happiness didn’t last long. This morning, after working fine for a day and a half, Facebook on Chrome started acting strange — not letting me reply to friend’s messages first, then not letting me see friends’ photos or previews on links when I loaded my newsfeed, then not letting me navigate onto my aps, the pages I follow or even settings. Finally I got a message that I should try again later — that the part of the data base my page was on was undergoing maintenance. Then the malware message — all in the last 2 hours.
    I’m fine on my phone and on Firefox — just not the browser I prefer to use.
    Just thought I’d let you know so we can continue documenting this for everybody.

  50. Hi Karen, I’ve documented some very questionable practices from both Google and Facebook, including the wrongful use of private data even after users have opted out of ad customization. Since both companies are obsessed by acquiring this data, sometimes illegally (Google was caught hacking Iphones a few years ago and was fined $17 million, or four hours’ earnings), it wouldn’t surprise me that the malware “scanner” is a means of getting more of this private data, while at the same time covering up Facebook’s own database failings.

Leave a Reply

Your email address will not be published. Required fields are marked *