Facebook F-Secure malware scanner

Richmond
Richmond Posts: 1 Observer

I logged on Facebook and it said my account is infected with malware so I have to click on a button and download F-Secure malware removal software and solve the problem. I did that and run it but 2-3 hours later nothing is happening and plus I can't log to my facebook. How can I resolve this problem?

«13

Comments

  • Simon
    Simon Posts: 2,667 Superuser

    I'm usually wary of downloading from buttons telling me my computer is infected, as often, the buttons themselves contain the malware, then it's a hell of a job to remove it.

     

    I have no idea if the 'F-Secure malware removal software' you downloaded is genuine, but I would suggest that you download and run the Online Scanner, from the link below, which is definitely legit:

     

    https://www.f-secure.com/en_GB/web/home_gb/online-scanner

     

    Come back to us if that doesn't resolve things, and we may have to dig a bit deeper into your problem.

  • Phil17
    Phil17 Posts: 2 Observer

    Like another poster this morning, when I attempt to log-in to Facebook, I get a message that my computer may have Malware that is affecting my computer and I'm unable to log in. It then brings up a link for F-Secure Online Scanner. When I attempted to download it, nothing ever happened so I discontinued the download process and went directly to the F-Secure website where I successfully downloaded the scanner. After running the scan, it said that nothing harmful was found. However, i still am unable to log in to Facebook and continue to get the message about the malware. Am not sure what to do at this point. Any advice will be much appreciated.--Phil

  • Simon
    Simon Posts: 2,667 Superuser
    @Ben - any thoughts on this? Is this button on Facebook genuine? Sorry, but I don't use it myself, so I can be of little help.

    Guys, have you tried another browser to access Facebook?
  • Hi,

     

    I am not really sure as this behavior sounds strange. A screenshot might help clarify the situation.

    You can also open a support ticket here so that we can review the details better.

  • mbridgham
    mbridgham Posts: 7 Explorer

    I, too, started getting this Facebook message this week.  They appear to cycle through several on-line scanners from Kasperksy, ESET and today it was F-Secure On-Line Scanner.  I've been researching this all week and decided it was legitimate.  So I downloaded the F-Secure scanner as instructed but it will not run.  I've tried running it as a the administrator, opening it in different ways but it will not run.  I'm running Windows 8.1.  So I am cut off from my Facebook account and there doesn't seem to be any way to contact them.  Very frustrated and angry.  I was already angry that they were demanding I download something to my computer and then to concede and have it not work.  Can you give me any advice?

  • mbridgham
    mbridgham Posts: 7 Explorer

    Well, I just downloaded the F-Secure Scanner program that was suggestedin this message thread and it worked fine and found no problems.  So now I don't know what to do about Facebook.

  • Phil17
    Phil17 Posts: 2 Observer

    There seems to be no way to contact Facebook via their own website/forums so yesterday I filed a complaint against them thru the Better Business Bureau covering Palo Alto, California where their headquarters is located. I suggest you do the same. If they get enough complaints I'd think they would have to take action. You can do it online at this URL:   www.bbb.org

     

    Phil

  • Simon
    Simon Posts: 2,667 Superuser
    From what has been said about the 'rotating' products being offered by the Facebook button, my thoughts are that this is not legitimate, and that there is a very real possibility that your Facebook login details have been compromised. I would first suggest changing your Facebook passwords, but I wouldn't know where to go from there.
  • mbridgham
    mbridgham Posts: 7 Explorer

    I'm now thinking that I didn't use the link correctly yesterday - because the instructions turn out to be woefully vague and misleading.  Today the scanner of choice was ESET so I decided to try again.  At first I had the same experience as with F-Secure.  I would download the scanner but it wouldn't open.  then I noticed that the initial linkage/instruction screen was showing a rotating cursor so I just let that run and sure enough it was actually already scanning and cleaning and eventually said it had found nothing amiss and I was able to get back onto FB with now problem.  So now I'm thinking I didn't let F-Secure run long enough.  So I believe the link was genunie horribly misguided and wrong in how FB went about it.  And I find it appalling that in this day and age a on-line service has absolutely zero way to contact them for help.  So even though this has been resolved I am going to follow Phil's suggestion and report them through the BBB.   There is/was still no way to determine if this was actually legitimate or not.  My research seems to suggest that it was but it is not conclusive.  Without a contact pathway there is no way to find out.


     

  • mbridgham
    mbridgham Posts: 7 Explorer

    @mbridgham wrote:

    I'm now thinking that I didn't use the link correctly yesterday - because the instructions turn out to be woefully vague and misleading.  Today the scanner of choice was ESET so I decided to try again.  At first I had the same experience as with F-Secure.  I would download the scanner but it wouldn't open.  then I noticed that the initial linkage/instruction screen was showing a rotating cursor so I just let that run and sure enough it was actually already scanning and cleaning and eventually said it had found nothing amiss and I was able to get back onto FB with now problem.  So now I'm thinking I didn't let F-Secure run long enough.  So I believe the link was genunie horribly misguided and wrong in how FB went about it.  And I find it appalling that in this day and age a on-line service has absolutely zero way to contact them for help.  So even though this has been resolved I am going to follow Phil's suggestion and report them through the BBB.   There is/was still no way to determine if this was actually legitimate or not.  My research seems to suggest that it was but it is not conclusive.  Without a contact pathway there is no way to find out.

    corrections:  "with no problem"..."link was genuine but horribly misguided...

     


     

  • Simon
    Simon Posts: 2,667 Superuser
    It still sounds dodgy to me:

    1. If the FB link is some sort of sponsored ad, why would it rotate with different products?

    2. If these are the genuine scanners, why do they behave differently, as has been reported in the case of the F-Secure one, to when downloaded from the genuine sources?

    I hope you're right, but I would still be wary, and I would still consider changing my passwords as a precaution. Also, perhaps run a scan with www.malwarebytes.org to be on the safe side.
  • grk
    grk Posts: 3 Observer

    Exactly like another poster, when I attempt to log-in to Facebook, I get a message that my computer may have Malware that is affecting my computer and I'm unable to log in. The first time it brought up an option for a couple of links for Facebook malware scanners. I clicked on F-Secure Online Scanner. When I attempted to download it, nothing ever happened even though I let it run for several hours. I discontinued the download process and went directly to the F-Secure website where I successfully downloaded the scanner. After running the scan, it said that nothing harmful was found. I have changed my FB password and run numerous other scans on my computer. However, I still am unable to log in to Facebook and continue to get the message about the malware and to download F-Secure malware scanner. I tried to contact F-Secure support and FB support but there does not seem to be a way to talk to someone in person.  I am not sure what to do at this point. Any advice will be much appreciated. grk

  • Jack
    Jack Posts: 69 Active Engager

    Be sure when you use the legitimate F-Secure you run the "Full computer scan" because the shorter scan will not find most serious bugs already on your system.  The Full computer scan will take a few hours if you have much on your hard drive, so prepare to wait awhile.  It sounds to me you likely have a bug.  If you don't find it, you can download the Windows Safety Scanner, which is free, and it will also take hours but is very good and can run with other security software on your computer

  • mbridgham
    mbridgham Posts: 7 Explorer

    grk,

     

    your experience was exactly the same as mine.  I wasn't successful until the available scanners on FB changed to ESET.  Which as you can see from my earlier post worked fine when I let it run itself rather than clicking on the link.  I have had no trouble with either my computer or FB since.

  • _CyberGhosT_
    _CyberGhosT_ Posts: 18 Observer

    Adding something like Adguard to your security tools may not be a bad idea if your experiencing this kind of popup, it sounds like users are being baited using false alerts. (jmho)

    Never click on things like this.

  • grk
    grk Posts: 3 Observer

    The problem is that you are signing in to FB and all of the sudden you are locked out and re-directed to a page with several options of different vendor's scans.  

     

    In my case I pressed  F-Secure Online Scanner thinking that it was the most reputable of the options. The initial linkage/instruction screen was showing a rotating cursor so you don't know if it has started scanning.

     

    After a while, I would think that it is not scanning and I would download the scanner but it wouldn't open.  The initial linkage/instruction screen was still showing a rotating cursor so you don't know if it is downloading, having trouble downloading or actually processing.

     

    A couple of random times the downloaded scanner opened and I was given the option to press RUN. Nothing changed or lets you know that it is actually running and scanning. All the while the initial linkage/instruction screen was still showing a rotating cursor.

     

    The downloaded  "FB's F-Secure scanner" icon does not look the same as the official F-Secure Online Scanner.

     

    From that point forward you cannot reverse your decision and choose another vender's scan and you are still locked out of your FB account.

     

    I spent the entire day cleaning, updating and doing full scans on my computer,  including following your advice and running all possible F-Secure genuine scans www.malwarebytes.org. Each scan listed that nothing harmful was found. After each one, I would check if I could log into FB with another new password etc. I would be directed to limbo land, reminded that I had malware and redirected to the the initial linkage/instruction screen and the ongoing rotating cursor.

     

    I followed your advice, let it run without clicking on the scan link or any link. Hours later out of the blue, a few words in the message above the rotating cursor changed to "You can now log on to FB". If I hadn't, by chance, been looking at the screen at that moment and saw the change of wording take place, I maybe wouldn't have re-read the notice for the twentieth time and discovered that there was a way out of  "Jail".

     

    It does seem dodgy. You have no way of knowing if this is legitimate and scanning or if this IS the malware. I was so close to taking a hammer to my screen. Your support, guidance and thoughtful communications helped tremendously. THANK YOU kindly.

     

     

     

  • Simon
    Simon Posts: 2,667 Superuser
    It seems a lot of people are being affected by this. Read the comments underneath this article:

    https://m.facebook.com/notes/facebook-security/malware-checkpoint-for-facebook/10150902333195766

    The worrying thing is, this appears to be something Facebook know about, and have actually endorsed! Smiley Sad
  • Ukko
    Ukko Posts: 3,727 Superuser

    Hello,

     

    Sorry for my reply.

     

    How I remember... some (?) months ago.... there was articles about partnerships between F-Secure and Facebook.

    It was description about Online Scanner.. as tool.

     

    Such as... Facebook will be trigger pop-up about suspicious activities... and will be variants for users to scan their computers by Online Scanner by F-Secure (or another one company).

     

    It was official news under F-Secure website, blogs and other. Potentially.. current pop-up can be valid.. just because?! If not.. maybe it's should be already visible for F-Secure as phishing malicious actions against their reputation.

     

    Anyway.... potential reason for suspicious actions can be:

     

    -> Plugins, addons or other? If Online Scanner does not detect something... probably it's not enough. Need to scan by full security solution and with full scan-process. If it's does not get something.. maybe there suspicious addons/plugins and other. Such as Facebook security check... with false-positive around.

     

    -> A lot of leaks about credentials. And maybe it's just as "double check" for trigger "re-change password", which can be leaked by some of other sources or simply start be known for public (I remember something same about articles, where was words about "full check" for leaked accounts under social media and work about prevention steps for current accounts).

     

    Sorry for my reply again.

     

  • mbridgham
    mbridgham Posts: 7 Explorer

    This mirrors my experience exactly accept that I wasn't watching the screen long enough with F-Secure to see it resolve so assumed it hadn't.  When I did the same thing when ESET was the provider listed it also did the original cursor continuing to rotate thing while my clicking on the link did nothing.  But the original rotating cursor thing was scanning apparently and did resolve, it sounds as if much faster than the F-Secure Scanner did in your case.

  • mbridgham
    mbridgham Posts: 7 Explorer
    this message was directed grk.
  • grk
    grk Posts: 3 Observer

    Thank you for sharing this. I feel fortunate that I didn't see the FB comments earlier.  I would not have been so persistant in thinking there was  a solution. They are ready to rumble and I can totally sympathize.  All of you made me feel it was possible and that I just needed to find the right combination. Thank you.

  • Hello all,

     

    I found some information about the Facebook F-Secure Scanner in this link. The message is actually legitimate and the post will provide further details.

     

  • Simon
    Simon Posts: 2,667 Superuser
    The comments on that are also extremely negative. I'm quite disappointed that F-Secure have got involved with something like this, given that the general advice is not to download from pop-ups and banner ads.
  • _CyberGhosT_
    _CyberGhosT_ Posts: 18 Observer

    Even though legitimate, like Simon points out downloading from a popup is not advisable no matter what site your on,  common sense to the security conscience says "Don't Click".... Downloading from a FB popup, no one in my circles would do it while sober :)

    Even legitimate links are easily manipulated online, and FB is not known for its "stringent" security.

    Did you read the reception or reaction of the majority of the people in that thread wow lol.

     

    Windows 10 Insider & MalwareTips Contirbutor

  • Hi everyone, sorry to be a bit late in the discussion. Let me clarify some moments of Facebook remediation campaign.

     

    The purpose of the campaign is elimination of fraud. When Facebook sensors detect unusual activity on walls - frequent posting of malicious or fraudulent content from the same user, they assume the user has malware and put this profile into remediation flow.

     

    Yes, Facebook uses our F-Secure Online Scanner along with scanners from other vendors. Choice of scanner is somewhat automatic; it is based on remediation confidence against prevalent Facebook malware. Can be so that recently Facebook introduced page where user can choose which scanner to run, but I personally have never seen it.

     

    Yes, UX around the scan is not yet ideal. It is not really related to F-Secure or ESET, UX will be the same for all scanners. We work with Facebook to make it better but it is continious process and some steps can still be not so obvious to users. To make matters even more complicated, UX is different in different browsers. In your case it can be so that scanner got downloaded but not run, leaving profile in awaiting limbo state. Or even not downloaded, if you as any sane user in XXI century block popups :)

     

    Let me illustrate it with beatiful pictures.

     

    Beginning of the flow - here we don't expect problems.

     

    fbflow01.png

     

    When the scanner choice is done, here's the next page.

     

    fbflow02.png

    Still linear, isn't it. Click Download and here's where confusion starts.

     

    IE. You must click Run to proceed.

     

    fbflow03.png

     

    Another IE. You must click yellow popup line and allow the file to run.

     

    fbflow03a.png

     

    Mozilla. After the file is downloaded, you should double click it, otherwise it won't run.

     

    fbflow03b.png

     

    And so on. I agree, not so obvious sometimes. Unfortunately browsers and security models are different.

    When the scanner is running, you can see progress and yellow icon in the tray. Starting from this moment, you can logon to Facebook profile without waiting the end of scan. When scaner's done scanning, Facebook sends private message to user with results of scan.

     fbflow04.png

     

    I hope it helps to go through the flow.

     

    DK

  • _CyberGhosT_
    _CyberGhosT_ Posts: 18 Observer

    Thanks for that,
    I have not seen this either, but I run Adguard Premium alongside my F-Secure and MB Anti Exploit Premium.
    Both of which may block this popup.
    Is there a "safe" way to trigger this on FB to test ?

  • No. It can be triggered only for special FB accounts available to vendors for development.
  • _CyberGhosT_
    _CyberGhosT_ Posts: 18 Observer

    Can I share this This thread over at Malware Tips, I ask because I dont want to break or violate any forum policy ?

  • Sure, it's public.

  • _CyberGhosT_
    _CyberGhosT_ Posts: 18 Observer
    Thanks :)
This discussion has been closed.
Feedback on New Design