Elimination of infection that automatically post on our Facebook site

Hey friends, in today's tutorial I decided to purposely virus to see how we get rid of the infection that automatically post messages on our Facebook categorizing our friends and making spamm.
How do you get infected with "Update Flash Player"?
An already infected friend posts on the wall or a message with a link to his photo (to make the post as credible as possible) and the message "Private Friend Name XXX [VIDEO] no: 6" or "WTF see me naked". Once you click on the link in the infected friend's post, you will reach a page that looks very much like the official YouTube page. There you are shown a few seconds of a video clip in which a girl dances indecently in front of a webcam and in a few seconds the video stops and you are updated to the Flash Player plugin by clicking on a blue button "Update Flash Player ”to watch the rest of the video.
Once you click on the blue "Update Flash Player" button, an executable will be downloaded to your computer which, once run, will install an extension in your Google Chrome browser. Once the browser arrives, it takes control of your browser, blocks access to the Extensions section of the browser menu so you can't uninstall it, and then automatically starts posting messages to your Facebook page to infect your friends on your list. .
This type of infection can evolve over time, I personally gave two versions of it. The first version is offered to you directly install a browser extension for Google Chrome or Mozilla Firefox and the 2 has to offer you to download a small executable size (about 446 KB). This executable uses the official Adobe icon to convince you that it is an official update for Flash Player from Adobe. Once you run the executable it will automatically install the Chrome browser (because I've noticed it only temporarily affected by the second version of the infection) an extension that will automatically post messages on Facebook and you will block access to the option Extensions / Extensions Google Chrome menu.
Aa few tips to protect yourself from this type of infection
Even if you click on the link in a friend's post, once you reach that page, look carefully in the address bar and try to understand the name of the site to see if its name makes sense. Don't be fooled by the elements on the web page you have reached! Many of the sites that spread such infections call the browser tab "YouTube" and put the official YouTube logo as a favicon for the site in the hope that it will mislead you. In most cases, the sites that spread these infections do not have a logical name in the browser's address bar, a word that can be pronounced but a string, random numbers that do not form a word as can be seen in video tutorial.
Most of the time the sites that spread infections are made on free domains, one of them and the worst seen in this chapter is the free domain ".tk"
Another thing that you must know is that only browsers Firefox, Safari or Opera still need Flash Player plugin. Google Chrome and Internet Explorer 10 11 or Windows operating system or Windows 8 8.1 come with Flash Player plugin already installed. Google Chrome comes with Flash Player plugin regardless of operating system used.
Just gotta know to avoid this confusion and because more people were using malicious update Flash Player in the browser, Adobe has decided for some time that Flash Player will no longer be forced to make the update the new version in the browser but in a separate window. Nowadays, if you change the settings in the installation wizard-ul/pasii Flash Player will automatically check for us updates at startup and every time. If new versions or updates for Flash Player will be available that will make them automatically, regardless of the browser in a separate window, without notice to you, just to avoid confusion an official update with a fake update that does is to infect your computer.
Another clue by which we can see that the update is a fake designed to infect us is the fact that the video was played for a few seconds then stopped. It makes sense that if we did not have flash player updated daily, the video would not even have to start playing those 4-5 seconds.
In the end very careful what you click, allow the necessary time to read the site name displayed in the address bar (address bar) of your web browser, do not rush to install what you are offering for download. Keep in mind that these infections could evolve over time as we have seen in this tutorial.
That being said I invite you to watch the video tutorial to see exactly how we remove the infection spamm messages automatically posting on our Facebook and our labels / tags uieste friends.

[media id = 1106 width = 480 height = 223]

Related Tutorials

about Adrian

Flemish information and knowledge, I like everything about art and share my knowledge with great pleasure. Those who give themselves to others will lose themselves but usefully, leaving something useful fellows. I enjoying this privilege, I will never say "do not know" but "not yet know"!


  1. Adrian as well as who has yet to specify extensible synchronization settings must delete and last synchronization repspective accounts. Otherwise delete that after you clean that extension could call back the next sync in pc. Tell me if I'm wrong yeah I install after formatting browservaru PCU when I login to accounts and sync my extensions reset all settings made last time back.

  2. Crikey we 4 Rebate squeezer C: \ Users \ Valentin \ AppData \ Local \ Google \ Chrome \ User Data \ Default \ Extensions very good tutorial thanks a lot for the tutorial

  3. recover imei galaxy like a s3, I flash him forget, and i have android 4.1.2 4.3 I put u and i have lost IMEI, it can not use the phone.

  4. View Product said

    In order to achieve the performance of being a virus in this way, you have to be inexperienced enough… not to say otherwise.

    1. First appears unintelligible address with a domain tk oughta put you think.
    2. Some executable files can be integrated digital signature certifying that that file is from a recognized manufacturer and installation kit no further changes. Right click, properties, digital signatures and verify that it is ok or digital signature. It does not mean that if an executable without a digital signature, it is malicious, but a file originated from a company the size of Adobe clearly should have an integrated digital signature.
    3. If you come across a webpage that tells you that you don't have a flash player or that it isn't up to date, do you really have to believe this at first? Open another tab, go to a videosharing site, turn on the clip and right-click on the running clip, then on "about adobe flash player". A new page (official page) with additional information will open.

    4. In general you should look with suspicion or banner ads sites that tell you that you should install a particular plugin that you can see a specific video. Often advertising banners are made and placed so that they do not predict banners.
    5. Attention to torrent sites: many of them you click on something to download, instead you provide a file with the. Torrent, provides one with. Exe.
    6. Often behind a so-called clip that starts running, there may be a common gif animation. A right click on the image should reveal this. Well, it could be there and something based on html 5 or even use the flash player plugin that the browser runs.

    Additional tips:
    1. Set windows explorer to always show you file extensions. By default he hides them. Many use this to mislead you with "double extension" files. If you google search "set windows explorer to show file extensions" you will surely find enough results.
    2. Disable browser modules that you do not use frequently. Many web pages use certain vulnerabilities in these modules to enter your computer in one way or another. The java module is considered to be the most vulnerable in terms of "zero day vulnerability". If you do not really need it, it is better not to install java… or at least keep the modules deactivated, and you will activate them temporarily when you need them. Try to update them as often as possible.
    How do you disable?
    For example, if you use google chrome, then type in the "about: plugins" address bar without the quotation marks. In firefox, click the orange icon — add-ons — modules. For example, I only leave the flash player activated and that's about it. There would also be such a module configuration menu in Internet explorer (mechanical key — internet options — programs —- manage additionals programs), but it seems to me quite rigid in terms of functionality, I don't really have the option to deactivate what I would like… . However, they do not use it frequently and many say that the internet explorer browser is more vulnerable than other browsers.

    3. I have spoken on other occasions about the "digesec hashing utility" program. It can calculate the hashes of different files that you download from the internet. Once you have calculated a sha-1 hash for a specific file, you can open a browser and enter that hash in google. Do a few searches and find out if that file is trustworthy or not. I don't know if there are many who will understand what I meant.

    • Adrian Gudus said

      Know that there are extremely many users who fall into these traps. Every day I am labeled in dozens of such messages. It's incredible, although many times I have publicly posted on Facebook some screenshots with indications on the pages that imitate YouTube and that blue button "Update Flash Player" or "Upgrade Now" is a fake one.

  5. Vlad Andrei 1456 said

    Very useful tutorial even needed such information in connection with such viruses.
    Something similar happened to me, it was all a virus that sent xxx pictures on Facebook's chat, in my name. . . but ultimately it was gone by itself or I did something without realizing and we got rid of the damn virus
    Thank you Adrian, do an excellent job!

  6. Petrus_16 said

    Hello ! I have a Goclever TAB A104 tablet. of 10 ″ for about a year and I was satisfied, I could watch movies from Fimehd.net, without interruptions. On Opera, perfect. you tube! Here, in the end I deleted the updates and then I installed them again and it works. I tried with Opera and I can't install it anymore, as well as with Google Chrome, it tells me that something is missing but not say what, even though it's taken from the Google Play Market! It's true, I also installed Flash Player and then I deleted it, it told me that it is not compatible with Android 4.4. Eventually I installed Opera Mini and Google Chrome Beta, but it still doesn't play any movies. Basically, I don't know what can I do! If anyone can help me, thank you in advance! Petrus_16

    • Adrian Gudus said

      Write in the search box top right: how to install flash player on android 4.4 kitkat, press Enter and you will find the tutorial

  7. And if I got tagged by the person who got the virus, I can take?

    • Adrian Gudus said

      No, you will catch a virus if you click on the link in the post you were tagged and install the extension or executable that will be offered for download

  8. Hello

    I'm thinking of doing a tutorial on how to install windows 7 on a Samsung 840 SSD.

    • Adrian Gudus said

      It sets up just like a hard drive. After installation you can follow our tutorial about optimizing ssd you find the search box in the top right

  9. I think that if you used and had installed the MBAM from the beginning, you had no chance to "infect" your PC. I tried to access the link in question but I could not my MBAM did not let me

    • Adrian Gudus said

      Malwarebytes free version has real-time scanning, real-time scanning version is commercial and Malwarebytes pro version only real-time scanning protects / warns you if you're about to install / to access a malicious.

      • Adrian Gudus said

        Malwarebytes Pro can be used free of charge only 14 days then must purchase a license which costs dollars 25

  10. yeah I knew, but I forgot to say this thing, let's say I've been using the PRO version from MBAM for a few years, and everything is ok so far, but the free version is ok, if someone still infects their computer with this "Virus" at a "quick scan" MBAM finds it and does exactly what you did in this tutorial. However, the tutorial is very useful and I will warn my friends about this "virus".

  11. hi adrian if you can and want I want you to do me the link asta.multumesc multhttp untutorial :/ / www.onlinesat-tv.com/

  12. What said @ par entitle him and besides Malvarebytes's always good to have a good antivirus like avg free chear and Avira and Avast. and who wants antivirus pro versions can try to delete ail after the trial with revo express some antivirusuri going to be reinstalte after the revo clean leftovers (is and tutorials about revo). is true and Malvarebytes but it goes I do not know I have not tried. But anyway and give free full scan and find virus or spam extensions.

  13. Burdujan George said

    Allow me to ask a question here. If I am wrong please forgive me. Can you explain (possibly a tutorial) how to make casino games (slots)? It is a game model stas or author can fix it and how to be earnings? How frequent? And how big?

    • yes all probabilities using pseudo random usual to limit gains and losses for them.
      the more a device not provided a long gain even increase the chance of winning but then there is a probability not provide a gain

  14. Regards interesting things you can do with a Samsung Galaxy Chat calculatorul.Am Android 4.1.2 system and want to know myself what I could do software connection between your computer and phone I can achieve data transfer.

    • Adrian Gudus said

      Your phone should have come bundled with a data cable. If not, you can go to shop and search data cable for Samsung. Certainly you will find

      • Adrian Gudus said

        If you have a wireless router at home can use AirDroid application that we have presented a video tutorial that you will find the search box in the top right. AirDroid lets you transfer files between your PC and the wireless phone

    • or you can connect your phone to pc with Airdroid by WFI WFI if you home modem and from what I remember is the tutorial about Airdroid

  15. Unfortunately, a lot of people fell into this trap. Be careful what you click on Facebook and on any other site

  16. I repeated scz neuronal responses I saw @ Adrian and he said the same thing

  17. Valentin said

    I would like to point out that this beginning of the year is a huge disaster for this site. If last year was an absolutely exceptional year for "videotutorial.ro" this year is an extreme fall, a disaster without a doubt. I say these words because the tutorial developers on this site, respectively Cristi and Adrian, are the best in the country and cannot accept this situation without making certain observations. I respect the two enormously, but the tutorials published this year are not of their caliber. It's their fault because they accustomed us to absolutely exceptional tutorials, tutorials from which I at least learned a lot. I sincerely hope that this ominous period will be as short as possible and I want you to become again the ones we appreciate enormously, from whom we have a lot to learn.
    Good luck!

  18. A tutorial on OllyDbg, shall we?
    Respect for everything you do.

  19. Tutorials have become rarer lately… What's going on?

  20. Costelina said

    come on guys it's been two weeks since you have not done tutorial

    • Anderson said

      Probably only have subjects or others took their face and they now only do nothing, or do not have time.

  21. Come on guys I think you should give an explanation to know what happened to you because the tutorials have become rare I think we all deserve to know. Respectfully…

  22. What are topics? There's a lot to do, like how to reverse surveys bypass surveys when downloading something or get ride or skip. Or as the old interface back to facebook (for soon to the new implent some not all)
    Or how to get rid of the bugs in Windows.
    How to repair Windows if something broke or without installation DVD and more

  23. I said since I've seen the tutorial to look and I see, and my surprise was infected chrome and I could get into bed,,

  24. Thanks guys very helpful…

  25. Does antivirusurile quality and Kaspersky Internet Security 2014 such viruses cope?

  26. Good evening! I have a question: What if the link was accessed from the Facebook profile of the phone application, what to do to get rid of him?

  27. can malwarebytes work with antivirus?

    • Adrian Gudus said

      Yeah that if you use Malwarebytes free version (without real-time scanning)
      Even in this case, I noticed that when you want to install antivirus Avira Free and Malwarebytes already installed, Avira will recommend to uninstall Malwarebytes. Simply keep Avira installation steps and ignore the warning. No nothing bad will happen.

  28. how to get rid of the virus that fail???

  29. Natalia said

    Fail. I have Windows XP and can not find the second Google to AppData.

    • If you entered the Program Files and deleted what was supposed to go in Documents and Settings => The name you assigned to the PC (in my case XPMUser because I use XP Mode) => Local Settings => Application Data => Google => Chrome => User Data => Default => Extensions.

  30. Adrian, the min still not let me in the extensions. You can help by TeamViewer?

  31. I have a virus on Facebook that posts messages in my name… I changed my password, I deleted apps, what can I do to get rid of it? do I need to reinstall windows?

  32. Adrian Gudus said

    Yes play the tutorial video and browser check to see whether you have a dubious extension as shown in the video tutorial. Also scan with Malwarebytes to remove any infections. If you do not know how to use Malwarebytes, have tutorial about it. I find the search box in the top right

  33. Buna.Aceeasi problem is and I am on facebook with this virus.Problema is now only can see the tutorial there was no problema.Azi tau.Ieri I downloaded Abobe Flash player and does not happen anything, all I can see .what can do? Thank you.

  34. I do not have any virus application installed because all are disabled

  35. Cristina said

    I do not find those extensions and yet if I want to download something Apre error says it is because of bed, what?

  36. Cristina said

    When I gave the Chrome settings on my extension is blank, just google gives me all over again!

  37. adrian greeting can not see videotutorialul with elimination of infection that automatically post on our Facebook

    rtmpt: // 80 / simplevideostreaming / mp4: /

    • Empty the browser cache and flash and running.
      I have said many times, the browser + flash player no team must complete port after streaming server address. The port is normally 1935, 80 not. 80 port is for the web.

  38. John Ylä said

    All well and good but to win 10 what? Regards.

  39. costy67 said

    Thank you Adrian, thanks to your tutorial we succeeded. to get rid of viruses on facebook.

  40. Hello why when I get on crhome show me pages and viruses as they appear

    • Caracudovici Minodora said

      Why are posted pornographic video at me? I do not know how you can send these viruses without my permission! /

Speak Your Mind