Thursday, October 4, 2012 Facebook virus

Few days ago you may have received a suspicious link from someone you know on Facebook. It usually looked like ffg

or a variation of that. This is an old Facebook virus, but someone modified the code so it was undetectable with anti-viruses few days ago. Of course, it's detected as a worm now.

First thing I did, I downloaded the file and opened it in a sandbox. It was a zip file, named I unpacked it, and found an exe disguised in a .scr extension file. That stands for the ScreenSaver file format. I opened the file, and first thing it did was, it disappeared from the desktop. I believe it either attached to some process or it created new exe file and executed it.
Anyway, I noticed my laptop started showing the "Working" cursor. I knew the virus was working on something, so I turned off the Internet. After some examination, I found a new process, which was very similar to the ones Windows is using. 
Microsoft Security Essentials didn't detect the virus at first, but few hours after the infestation it did.

I managed to clean my computer by installing Malwarebytes Anti-Malware, and MSE as antivirus. Make sure you have the latest updates for each of them, and run a full scan after that.

NOTE: The virus might kill your MSE process and you'll have to download another antivirus for that time. My friend downloaded Kaspersky Free Virus scan, and it did the job for him.


Post a Comment


WindowsBro | Windows tips, fixes, help.. Copyright 2008 All Rights Reserved Revolution Two Church theme by Brian Gardner Converted into Blogger Template by Bloganol dot com