Monday, August 11, 2008

Malware on Facebook

Public Safety/Computer Safety message to Facebook users.

This shouldn't be a surprise to anyone but malware (i.e. virus, worm) is on Facebook, if you already know this and/or have had to deal with it what I call "runtime error 21" skip the rest of this post. If not here is how the scenario went at my house -

daughter - "Dad my computer is acting weird"

dad - "what is it doing?"

daughter - "it keeps giving me this message - Runtime error 21 followed by some numbers"

dad - "ok ... does it go away when you reboot"

daughter - "no"

dad - "ok, I'll look at your PC when I get home"

later that evening

dad - "so did you install anything new on your computer"

daughter - "no ... but I did click on this link on my Facebook wall from this girl I haven't talked to in about 2 years, it looked like some sort link to a funny joke or ecard"

dad - "oh wonderful"

initial investigation - well the Runtime error 21 is there and constantly repeats and System Restore doesn't get rid of it. None of the System Restore points work they all come up with nothing has changed even though System Restore clearly shows one new item installed earlier in the week. In addition as of 08/08/08 Norton 360 and PC Tools Spyware Doctor do not detect or remove it. So looking like time to restore from that last backup, glad I did that a few weeks ago.

dad - "do you remember a couple years ago when your sister clicked on that link in the IM message from some friend she rarely talked to"

daughter - "yeah I kind of remember that"

dad - "well it looks like someone is doing the same thing with messages on your wall, so please don't do that again."

resolution - well I just could not take the easy way and do a full restore, so instead I finally did find a link on Tech Support Guy Forum with info on what I needed to do to remove this malware. The problem with this information is my particular strain of malware required booting from a standalone BartPE disk otherwise it just kept reinstalling inself. So for many users creating a BartPE boot disk or some other standalone boot is not going to be something they want to tackle. So if I find a removal tool I will let you know, likewise if you find a removal tool please comment so everyone can clean this up quickly and easily. I have also sent a message to Max Kelly who according to this post on eSecurityPlanet.com is head of Security at Facebook asking for information on removing this malware but so far no answer.

Zemanta Pixie

1 comment:

Citrix Support Los Angeles said...

If you didn't set up your own domain, and have no idea where it might be hosted, then continue reading and I will show you how to find that information and regain control of it.