Jack Yan
Global  |  Leadership  |  Experience  |  Media  |  Videos
Blog  |  Gallery  |  Contact
  Follow me on Mastodon Follow me on Linkedin Follow me on Weibo Subscribe to my blog’s RSS feed  


Share this page

Quick links

Surf to the online edition of Lucire
Autocade, the car cyclopdia


Add feed


The Persuader

My personal blog, started in 2006. No paid or guest posts, no link sales.

« | »


Facebook forced me to download their anti-malware, and my own antivirus gets knocked out

You are currently browsing comments. If you would like to return to the full story, you can read the full entry here: “Facebook forced me to download their anti-malware, and my own antivirus gets knocked out”.

Filed under: internet, technology, USA—Jack Yan @ 06.10

195 Responses to ‘Facebook forced me to download their anti-malware, and my own antivirus gets knocked out’

  1. Hi Jack,

    Thanks a lot for sharing this post with me on twitter! I linked it to the end of my forum post: Facebook is forcing to use Kaspersky Anti-Virus.

    I have written there instructions for all the victims of this scam. To summarize, you have 3 options: 1) wait two days before you are allowed to login again, 2) install/use another browser, or 3) quit using Facebook. The 3rd option is the only permanent fix.



  2. DDalton says:

    Me installing an older Google Chrome profile worked beautifully. I call it option 4. I figured it out after waiting 5 days with no luck.

  3. Hi Don,

    Thanks for the info. When did that happen to you?

    I tried both older and newer chrome 1 week ago without luck. It has to be a different browser. Also the 48 hours time cap seems to be very recent development.



  4. DDalton says:

    Global Nomads,
    This happened to me about two weeks ago. I used a 5 month old profile. I guess this issue has a random solution for everyone. :(
    Hope you get you accessibility back soon.

  5. I have been reading these accounts for a few days now starting from 2014 and they seems to differ a lot which implies that Facebook is tweaking their anti-virus marketing tool. Those fixes I listed on the forum fix the issues right now and I have confirmed them from multiple, independent sources, but there is no guarantee that remedies will change again in future. I can confirm you that changing the browser version did not work for me. Only certain thing is that as long as we keep using Facebook, anything can happen.

  6. DDalton says:

    Global Nomads,
    Changing the browser version won’t do it. You need to change the browser “Profile” that is made when you first start using the browser. You’ll need to have saved one before the issues started. I detailed the instructions above but the short and skinny is (on a Windows computer) you go to your “roaming/local” file (WinKey + %appdata%). Delete the folder titled “Google” then copy and paste your previously saved/archived “Google” profile folder in its place. Just deleting this folder won’t do it. Importing bookmarks and passwords from a browser that’s working won’t do it. I seriously hope that the wait is only 2 days now. It was almost 3x that for me.

  7. I can’t test your fix as I don’t take backups of system files or save old profiles. Windows is so badly made and messy that it’s easier to re-install it than trying to return system backups

    I re-installed chrome first wiping it out clean, but that did not help. The time is now 48 hours and you can speed that up by installing another browser which should work. This attack appears to be browser specific.

  8. Bonnie Smith says:

    “We’ve written before about how antivirus software is not only resource-intensive but in some cases can make you less secure because it can be hacked itself. Now there’s new evidence that Kaspersky Lab’s antivirus software contains bugs which could be remotely exploited in targeted attacks, as Thomas Fox-Brewster reported yesterday. Some of these bugs are detailed in a blog post written by information security engineer Tavis Ormandy, a member of Google’s Project Zero vulnerability research team.

  9. Bonnie Smith says:

    # 1 just worked for me! Thanks

  10. Hi Don,

    I just finished testing your profile fix by making again a completely clean installation (with profiles and all traces of Chrome removed, and replacing with a profile I had earlier that already started to work on Facebook), and Facebook to is banning again my login with Chrome. I am afraid the trick does not work anymore :(



  11. DDalton says:

    I had tried doing a clean install of Chrome and it didn’t work for me either. The only thing that worked (besides downloading the scanner) was to use a saved profile from a few months earlier when I had no problems.

  12. DDalton says:

    I’ve noticed some confusion in the steps I provided so I’m going to add some detail.

    I realize the average user does not backup their computer but this is absolutely necessary for the following steps.

    0) Copy your earlier/archived Chrome user file named “Google” to the desktop.
    1) Press the “Start/Win” key.
    2) Type %appdata% (with the % sign).
    3) Click up one folder. You should see the following folders “Local”, “LocalLow”, and “Roaming”.
    4) Open “Local” and find the folder named “Google”. This is your user profile for Chrome.
    5) Delete it. There should now no longer be a “Google” folder in “Local”.
    6) Copy your Google Profile backup that you saved onto the desktop in step “0” above into the “Local” folder and you should be good to go.
    7) When you attempt to login to Facebook, it will most likely offer you to recover your account. DO THIS!
    8) After you’ve recovered your account, you should now be able to use Facebook on Chrome.

  13. Jack Yan says:

    Thank you, Don, I hope some people will follow your recommendations.

  14. Don,

    I had a clean profile, but not a few months old. That profile worked for accessing Facebook. I don’t see how the age of the profile could be a factor here. Facebook has no way of accessing the time stamps of the profile files to detect their age.



  15. DDalton says:

    Jack, I hope they Help.

    From my experience, whatever this is gets into the users profile. I imported my passwords and bookmarks from my Chrome account into Firefox and was instantly locked out. When I removed that profile, I was instantly able to get into my account through FireFox. Whatever causes this lockout is rather insidious and acts like a virus/maleware. My scans were unable to detect it.

  16. Don,

    I don’t think this has anything to do with malware, other than Facebook which is malware in many sense.

    It seems to me that Facebook is randomly picking Facebook users and flagging them (using browser signature to identify the victim) as potential customers for anti-virus, then forcing them to download, install and a crippleware version of anti-virus (Kaspersky or Trend Micro), which will force users to pay for an update to a full version (ransomware).

    I bet Facebook gets their share of revenue and this is nothing but a marketing stunt to make more money with unsuspecting Facebook users. This is not the first plunder Facebook has done and for sure not the last.



  17. DDalton says:

    I can totally see that as the case. I’m just glad blog threads like this exist that offer possible solutions. :D

  18. Lori B says:

    so i get the whole profile/cookies explanation …however none of this is working, have tried the virgin firefox log in, virgin ms edge log in, no importation, no cookies, even tried on different pcs and still get the ‘unclean unclean’ message….even went so far as to download and use this trend micro russian program and it just sat there for 2 days and did nothing….and there is no work around….there is no place to say i cant do this right now….im soooooooo very frustrated cause the android mobile version of fb is working like a charm….and the account is peruse only, no posting and very little comments….so how abouts some new pearls of wisdom for me ?? thanks in advance… LB

  19. Jack Yan says:

    Lori, Facebook blocked the deletion of cookies as a solution in April 2016. Downloading their questionable software is troublesome—I really recommend removing it as noted in the original post (it’s in a hidden Windows directory), because we don’t know what it’s doing inside there. As noted in one of the postscripts and a few of the comments, the most reliable method appears to be altering your headers: I’ve only heard one person in the comments who said it didn’t work for him. If it’s too technical, then another way is to wait it out, which can take between three days and a month: even if you did regain access, there’s no guarantee you can comment, like or post (something that happens a lot with Facebook, even before they started telling people falsely that they had malware—this is so clearly Facebook’s bug). One other person on this blog said she used the Windows Facebook app, though that does mean loading more Facebook software on to your computer, and I don’t think that’s a good thing.

  20. Lori B says:

    Jack…thanks for the clarification….i will keep working on it….

  21. […] Lori B on Facebook forced me to download their anti-malware, and my own antivirus gets knocked out […]

  22. […] is sick. Forced downloads through a malware scanner that doesn’t show up in your installed programs’ list, collection of preferences even after users have opted out, kicking out people using aliases for […]

  23. […] page here on Facebook.    And of course I’ll continue writing, but not on a site that feeds malware to people (Facebook has bragged about this officially), tracks your preferences after opting out, tolerates […]

  24. SMN5507 says:

    This is a form of ransomware, IMHO.


  25. Jack Yan says:

    It’s definitely that. They lie about why we need to download it. Once installed (because I was stupid enough to say yes), it resides in a hidden directory on your computer, which computer-savvy people can find but most probably will not. It never shows up in your installed programs’ list. When pressed, none of Facebook’s co-conspirators answer questions about it, even when they respond to you about other things. While we’re not asked for money, I believe the program extracts data from us without our consent, and that is our “payment”. One user above said she got around it by installing the Facebook app for Windows 10—which, of course, does the same thing. Facebook got what they wanted when she did that: a program that resides on her machine, probably constantly giving them data.

  26. […] than Facebook claimed it could reach. (That desperation, incidentally, could be the reason the company lies about malware detection on websites.)    Twitter has had a bot problem from the start, as it’s very easy for someone to […]

  27. Facebook just forced the ESET to run on my machine. I’m sure it was due to me using Dashlane to login (just a guess though).

    What I dislike the most is how it said it found and removed 4 files, but I get no info on what the files are… seriously, they just stealthily remove 4 files?!

    After the above I’m able to use Facebook as normal in my normal browser etc..

  28. […] Morten Nielsen on Facebook forced me to download their anti-malware, and my own antivirus gets knocked out […]

  29. Jack Yan says:

    Thank you for your update, Morten. There doesn’t seem to be a set pattern to whom this affects, but it will be interesting if others come by and say they are using Dashlane as well.

  30. […] There was also a driver from Malwarebytes, which I downloaded after expert advice in the wake of the damage done by Facebook and its forced download in 2016. Malwarebytes had to be removed with a program called mb-clean as it didn’t show up in the […]

  31. […] again, just because Facebook might prompt you to do something doesn’t mean you should. I was suckered in once,* not going to happen […]

  32. […] Why you shouldn’t sign up for Facebook’s two-factor authentication « Jack Yan: the Persuader Blog on Facebook forced me to download their anti-malware, and my own antivirus gets knocked out […]

  33. […] seems that this isn’t a single incident, because forums (Norton), Twitter, Reddit and personal blogs are full of posts from frustrated Facebook users reporting such experiences. In brief: […]

  34. […] The mess with Facebook’s ‘malware protection’ | Born's Tech and Windows World on Facebook forced me to download their anti-malware, and my own antivirus gets knocked out […]

  35. […] you who read this blog know: Facebook is full of bots, with false claims about their audience, and engages in actual distribution of questionable invasive software, charges I’ve levelled at the company for many years, long before the world even heard of […]

  36. […] what was behind all of this. It does give my theories over the years a lot of weight: namely that Facebook targets individuals and its “rules” are applied with no reference to actual stated policies. Essentially, the […]

  37. […] Just as Facebook said it would support the drag community while kicking off its members, just as Facebook forced highly suspicious downloads on people after false claims of malware detection, just as Facebook says you can opt-out of its ad targeting while collecting more data on you, its […]

  38. […] kick up as big a stink about it as I did with, say, Google’s Ads’ Preferences Manager or the forced fake-malware downloads from Facebook.    But what is interesting is how Verizon ownership is infecting Tumblr. I see now that […]

  39. […] Louise Matsakis’s story on Facebook’s malware scanner came out in Wired, the number of hits to my pieces about my experience has dwindled.    This can mean one of two things: (a) Wired’s getting the hits, which I […]

  40. […] Has Facebook stopped forcing its “malware scanner” on to users after being busted by Wired? « Jack Yan: the Persuader Blog on Facebook forced me to download their anti-malware, and my own antivirus gets knocked out […]

  41. […] language and facial expression reveal their dismay, and their words don’t match.    I discover first-hand that Facebook is forcing downloads on people with the guise of ‘anti-malware…, even though this claim is dubious, and Facebook admits data are transferred back to the mother […]

  42. […] not easy to report fake accounts, and when you do, Facebook keeps many of them up.    2. Facebook behaves like scam artists anyway.    3. Facebook enjoys fake accounts and uses them. (In fact, Facebook claims to have […]

  43. […] demographics than there are people. I’ve said this for a long, long time.    Third: Facebook tricked users for years into installing a ‘malware scanner’ with purposes it would not go into. But it essentially admitted their scanners collected data from […]

  44. […] The scanner never appeared in one’s installed programs’ list, either, and in my case, knocked out my real antivirus software. We also know that when Facebook accused certain people of having malware, the company was lying. […]

  45. […] is going to kill their primary one. I was locked out for 69 hours in 2014 because of a bug, then Facebook decided to force malware on to me in 2016 in the guise of a malware ‘scanner’. Wouldn’t you have a second back-door account?    The Wall Street Journal also notes […]

Leave a reply