When Facebook says it cares about security, I laugh. Every day I see bots, spammers and click-farm workers plague the site, and despite reporting them, Facebook lets them stay. It will make a statement saying it would no longer kick off drag queens and kings, then proceed to kick off drag queens and kings. So when I was blocked last night from using Facebook on my Windows 10 computer, after using a website with a Facebook messaging plug-in, with the claim that there was malware on the system, I knew something was fishy.
Like Google’s false malware accusations—so serious that people have lost websites over them—I knew to take this one with a massive grain of salt. However, I didn’t have a choice: in order to get in to the site, I had to download a Kaspersky malware program, and let it run. The program never appeared in my installed list in Windows. I let it run overnight, for seven hours, whereupon it was frozen at 62 per cent. Restarting the computer, I was back to square one.
Here’s where things started getting very strange. Windows 10 began saying I had no antivirus, anti-malware, or firewall up. Normally I would use McAfee. However, no matter how many times I tried to choose it, the warnings kept coming, thick and fast. In one case, it chose Windows Defender for me—only because I decided to let it run—and would not permit me to change it back through the settings. The timing of these events was all too suspicious.
There was a rumour, denied by Kaspersky, that it was creating malware to throw off its competitors. The jury’s still out, but it’s just odd that while Kaspersky is running its Facebook scan, of what I knew to be non-existent malware, that McAfee would be inaccessible. I went to the McAfee website to file this.
Unlike most people, I have options open to me, so I began to go on to Facebook using several different methods. A VirtualBox containing XP on the same computer was fine, if incredibly slow while Kaspersky was doing its thing. (Think about Windows XP on a 386.) Lubuntu was fine as well, as was Mac OS X. I Tweeted the McAfee community link, and thought it odd that it did not appear in Facebook (I have my Twitter set up to post there). I then tried to paste the link into Facebook manually, whereupon, in Lubuntu and Mac OS, I was told that my computer was now infected with either a virus or malware. Unlike Windows, I had the option of telling them they were in error, and I was able to continue using the machines.
This really sounds like Facebook and Kaspersky have it in for McAfee and, possibly, rival products, if the scan knocks out your choice of antivirus and anti-malware program, and if the mere mention of mcafee.com inside Facebook results in a warning box saying your computer is infected.
Eventually, the entire system froze, and while I could still move the mouse about, I couldn’t access the task bar or go to other programs.
I was forced to do a hard reboot.
But you’re asking now: was I ever infected? No. It’s Google all over again.
Peter, the very knowledgeable McAfee support tech who came to my aid many years ago, was present again and put me on to two other programs after this restart. Getsusp analysed my system for malware, and, you guessed it, found nothing. Malware Bytes did the same, and found some PUPs (potentially unwanted programs), all of which I knew about, and I had intentionally installed. They’ve been present for years. In other words, two other malware scanners told me my system was clean. Malware Bytes did, however, restore McAfee as the correct antivirus program, exactly as Peter had predicted.
He also suggested a system restore, which sadly failed, with Windows giving the reason that an antivirus program was running. Having restored this system once before (after some bad advice from Microsoft), I knew it couldn’t be McAfee. The only difference on this computer: I had had Kaspersky doing its Facebook scan. It appears that Facebook and Kaspersky don’t want you restoring your system.
I had fixed the newer issues, but the original one remained: I couldn’t get on to Facebook. The Kaspersky scan never finishes, incidentally—you’re stuck on 62, 73 or 98 per cent—and while not having a personal Facebook is no great loss, I have businesses that have presences there.
I stumbled across a Reddit thread where others had been forced to download antivirus programs by Facebook, and, fortunately, a woman there had found where hers resided. In my case, it was at C:\Users\USERNAME\AppData\Local\Temp\FBScanner_331840299. Deleting this, and all cookies mentioning Facebook and Kaspersky, restored my access.
What to do if you ever come across this? My advice is to, first, run Malware Bytes, but ensure you run the free version, and do not opt for the trials. Once you’re satisfied your computer is clean, head into your cookies and delete all the Facebook ones, and any from the antivirus provider it recommends. This second Reddit thread may be helpful, too. I don’t know if this will work completely, but anything is preferable to following Facebook’s instructions and wasting your time. I really need to stop following instructions from these big firms—you’d think after all these years, I’d know better.
PS.: I found this video from last July which suggests the malware accusations have nothing to do with your computer set-up:
In addition, I cannot paste any links in Facebook. The situation began deteriorating after I regained access. Initially, I could paste and like a few things, but that facility eventually disappeared. Regardless of platform, I get the same error I did on the Mac yesterday (see screen shot above). Liking things results in the below error, and the wisdom there is to wait it out till Facebook staff get back to work on Monday.
P.PS.: Holly Jahangiri confronted the same issue as I did a few days later. She was smarter than me: she didn’t download the anti-malware malware. Have a read of her post here: other than that one difference, it’s almost play for play what happened to me for four days. She’s also rightly frustrated, as I am, by Facebook’s inaction when it’s legitimately needed.
P.P.PS.: Not only does Kaspersky delete your comment when you ask on its blog how to remove the malware scanner, they also clam up when you ask them on Twitter.
P.P.P.PS.: I’m beginning to hear that deleting cookies will not work (April 26). Facebook seems intent on having you download their suspicious junk. In those cases, people have switched to another browser.
P.P.P.P.PS.: Andrew McPherson was hit with this more recently, with Facebook blocking the cookie-deleting method in some cases, and advises, ‘If you get this, you will need to change your Facebook password to something very long (a phrase will do), delete and clear your browsers cache and history, then delete your browser, then renew your IP address to a different number and then reinstall your browsers.’ If you cannot change your IP address but are using a router, then he suggests refreshing the address on that. Basically, Facebook is making it harder and harder for us to work around their bug. Once again, if you sign on using a different account using the same “infected” computer, there are no problems—which means the finger of blame should remain squarely pointed at Facebook.
P.P.P.P.P.PS.: June 17: for those who might find Andrew’s method too technical, the current wisdom is to wait it out. It does appear to take days, however. Reminds me of the time Facebook stopped working for me for 69 hours in 2014.
— MrsMcCharms (@MrsMcCharms) June 16, 2016
— Kimberly Jennery (@hobbinator) June 16, 2016
P.P.P.P.P.P.PS.: January 28, 2017: David has come up with a great solution in the comments (no. 103). You can fool Facebook into thinking you are using a Mac by changing the user-agent. He suggests a Chrome Extension. I have Modify Headers for Firefox, which might work, too.
P.P.P.P.P.P.P.PS.: May 9: Stephan, on my other thread on this topic (comment no. 66), confirms that David’s solution worked and has posted a few more details, including extensions for Firefox, Safari and Chrome.
P.P.P.P.P.P.P.P.PS.: October 24: Don Dalton found that he was able to replace his Chrome profile with an older one to bypass Facebook’s block. Have a read of his comment here.
P.P.P.P.P.P.P.P.P.PS.: February 18, 2018: over the last few weeks, Mac users have been getting hit hard with this fake warning, and are being offered Windows software to download (which, of course will not work). Some have reported that changing browsers gets them around this. Downloading the equivalent anti-malware program from the same provider (e.g. Eset) does nothing, since the one user I know of who has done this came up with a clean Mac—because, as we already know, the warnings are fake.
P.P.P.P.P.P.P.P.P.P.PS.: February 18, 2018: let’s see if Wesley Shields, security engineer at Facebook, will tell us what’s going on. He’s been asking for more staff to join his malware detection team.
Hi Wesley, I’ve seen a lot of people being told their machines have malware, but they run scans and they are clean. Happened to me in 2016. Is this something that your department has created? I’d like to learn more, but of course tagging Facebook doesn’t net a reply.
— Jack Yan 甄爵恩 (@jackyan) February 17, 2018
P.P.P.P.P.P.P.P.P.P.PS.: February 23, 2018: finally, a journalist has taken this seriously! Louise Matsakis, a writer for Wired covering the security and social media beats, has looked into the latest round of Facebook malware warnings being forced on Mac users. Facebook is still lying, in my opinion, claiming there could really have been malware (lie number one), but the company’s probably so used to saying one thing and doing another by now. Louise is right to seize upon the fact that no one knows what data are sent to Facebook during the scan. It’s a fine article, and I highly recommend it.