Required Facebook Malware Scanner?
May 2, 2016 11:44 AM Subscribe
I have encountered a Facebook "malware scanning checkpoint" that is trying to force me to download something it claims is Kaspersky Malware Scanner. That's got to be a hack, right? How do I get rid of it?
This seems like a fairly obvious hack or phishing attempt to me, even though Google reveals some results that suggest it is legitimate, and my Windows Defender isn't finding anything, and I'm not finding Google results suggesting it is a hack.
I just wanted a reality check and some advice. The EULA isn't at kaspersky.com, it's at www.kaspersky-labs.com Obviously, I don't plan to download something like that from FB, but I'm a little mystified at the effectiveness of this hack. And I also was under the impression that Windows 10 (which I'm using with Chrome+AdBlockPlus, though the checkpoint reappears with the builtin Edge browser) didn't need separate antivirus and malware protection. So what should I be using?
This seems like a fairly obvious hack or phishing attempt to me, even though Google reveals some results that suggest it is legitimate, and my Windows Defender isn't finding anything, and I'm not finding Google results suggesting it is a hack.
I just wanted a reality check and some advice. The EULA isn't at kaspersky.com, it's at www.kaspersky-labs.com Obviously, I don't plan to download something like that from FB, but I'm a little mystified at the effectiveness of this hack. And I also was under the impression that Windows 10 (which I'm using with Chrome+AdBlockPlus, though the checkpoint reappears with the builtin Edge browser) didn't need separate antivirus and malware protection. So what should I be using?
Response by poster: This is the download link:
https://scontent.fphl1-1.fna.fbcdn.net/t39.2507-6/12350980_1090520137625873_1623044505_n.exe/Kaspersky_T10110695023908244T_.exe
posted by anotherpanacea at 11:53 AM on May 2, 2016
https://scontent.fphl1-1.fna.fbcdn.net/t39.2507-6/12350980_1090520137625873_1623044505_n.exe/Kaspersky_T10110695023908244T_.exe
posted by anotherpanacea at 11:53 AM on May 2, 2016
Response by poster: fbcdn.net appears to be registered to Facebook.
So does that mean this is real?
posted by anotherpanacea at 11:58 AM on May 2, 2016
So does that mean this is real?
posted by anotherpanacea at 11:58 AM on May 2, 2016
fbcdn.net is the domain that Facebook uses for their CDN. That is also legit.
You probably actually had/have malware on your computer that is trying to exploit your Facebook account in some way (posting spam to the timelines of groups and/or friends, sending phishing messages to friends, etc.).
Personally, I'd try Malwarebytes, but since they don't have an agreement with Facebook like Kaspersky have, scanning with it may not unlock your account.
posted by zsazsa at 12:01 PM on May 2, 2016
You probably actually had/have malware on your computer that is trying to exploit your Facebook account in some way (posting spam to the timelines of groups and/or friends, sending phishing messages to friends, etc.).
Personally, I'd try Malwarebytes, but since they don't have an agreement with Facebook like Kaspersky have, scanning with it may not unlock your account.
posted by zsazsa at 12:01 PM on May 2, 2016
Sounds like something's on your computer.
Give MalwareBytes and HitManPro a run. Links are here.
posted by deezil at 12:08 PM on May 2, 2016 [1 favorite]
Give MalwareBytes and HitManPro a run. Links are here.
posted by deezil at 12:08 PM on May 2, 2016 [1 favorite]
Response by poster: Huh. It seems really weird to me that Facebook would use this kind of "forced download" method.
Thanks for your help, everyone!
posted by anotherpanacea at 12:21 PM on May 2, 2016
Thanks for your help, everyone!
posted by anotherpanacea at 12:21 PM on May 2, 2016
Surprisingly, it appears to be legit, here's Facebook's description of what they are doing.
You would think, though, that they'd include a link to that in the checkpoint pop-up to make it clear this is legit.
posted by beagle at 1:00 PM on May 2, 2016
You would think, though, that they'd include a link to that in the checkpoint pop-up to make it clear this is legit.
posted by beagle at 1:00 PM on May 2, 2016
Here's a 2015 Facebook post about using Kaspersky. I'm still not sure I would fully trust this download; just because something is at fbcdn.net doesn't mean it's necessarily trustworthy. If it were me I'd run some trusted other malware scanner that I downloaded myself from a trusted source.
posted by Nelson at 4:08 PM on May 2, 2016
posted by Nelson at 4:08 PM on May 2, 2016
Response by poster: So, I ran MalwareBytes and it's still blocking me.
Do I need HitManPro as well?
posted by anotherpanacea at 4:20 PM on May 2, 2016
Do I need HitManPro as well?
posted by anotherpanacea at 4:20 PM on May 2, 2016
Response by poster: So Facebook blocked me on my mobile Facebook Messenger, which told me that this wasn't a standard computer virus pretending to be Facebook. I downloaded the file from FB and ran it and FB immediately started letting me use it again.
I still feel like an idiot, but Kaspersky is currently running and supposedly scanning. My plan is to kill the process and uninstall when I'm sure it's done its work.
posted by anotherpanacea at 5:06 AM on May 3, 2016
I still feel like an idiot, but Kaspersky is currently running and supposedly scanning. My plan is to kill the process and uninstall when I'm sure it's done its work.
posted by anotherpanacea at 5:06 AM on May 3, 2016
This thread is closed to new comments.
Domain Name: kaspersky-labs.com
Registrar WHOIS Server: whois.markmonitor.com
Registrar URL: http://www.markmonitor.com
Updated Date: 2015-10-24T04:00:05-0700
Creation Date: 1999-09-13T03:57:49-0700
Registrar Registration Expiration Date: 2016-09-13T00:00:00-0700
Registrar: MarkMonitor, Inc.
Registrant Name: Domain Administrator
Registrant Organization: Kaspersky Lab ZAO
Registrant Street: Leningradskoye sh, 39A building 3
Registrant City: Moscow
Registrant State/Province: RF
Registrant Postal Code: 125212
Registrant Country: RU
Registrant Phone: +7.4957978700
Registrant Phone Ext:
Registrant Fax: +7.4957978700
Registrant Fax Ext:
Registrant Email: domain-management@kaspersky.com
Where's the download link trying to pull from?
posted by hanov3r at 11:49 AM on May 2, 2016