Hey friends, in today's tutorial I decided to purposely virus to see how we get rid of the infection that automatically post messages on our Facebook categorizing our friends and making spamm.
How do you get infected with "Update Flash Player"?
An already infected friend posts on the wall or a message with a link to his photo (to make the post as credible as possible) and the message "Private Friend Name XXX [VIDEO] no: 6" or "WTF see me naked". Once you click on the link in the infected friend's post, you will reach a page that looks very much like the official YouTube page. There you are shown a few seconds of a video clip in which a girl dances indecently in front of a webcam and in a few seconds the video stops and you are updated to the Flash Player plugin by clicking on a blue button "Update Flash Player ”to watch the rest of the video.
Once you click on the blue "Update Flash Player" button, an executable will be downloaded to your computer which, once run, will install an extension in your Google Chrome browser. Once the browser arrives, it takes control of your browser, blocks access to the Extensions section of the browser menu so you can't uninstall it, and then automatically starts posting messages to your Facebook page to infect your friends on your list. .
This type of infection can evolve over time, I personally gave two versions of it. The first version is offered to you directly install a browser extension for Google Chrome or Mozilla Firefox and the 2 has to offer you to download a small executable size (about 446 KB). This executable uses the official Adobe icon to convince you that it is an official update for Flash Player from Adobe. Once you run the executable it will automatically install the Chrome browser (because I've noticed it only temporarily affected by the second version of the infection) an extension that will automatically post messages on Facebook and you will block access to the option Extensions / Extensions Google Chrome menu.
Aa few tips to protect yourself from this type of infection
Even if you click on the link in a friend's post, once you reach that page, look carefully in the address bar and try to understand the name of the site to see if its name makes sense. Don't be fooled by the elements on the web page you have reached! Many of the sites that spread such infections call the browser tab "YouTube" and put the official YouTube logo as a favicon for the site in the hope that it will mislead you. In most cases, the sites that spread these infections do not have a logical name in the browser's address bar, a word that can be pronounced but a string, random numbers that do not form a word as can be seen in video tutorial.
Most of the time the sites that spread infections are made on free domains, one of them and the worst seen in this chapter is the free domain ".tk"
Another thing that you must know is that only browsers Firefox, Safari or Opera still need Flash Player plugin. Google Chrome and Internet Explorer 10 11 or Windows operating system or Windows 8 8.1 come with Flash Player plugin already installed. Google Chrome comes with Flash Player plugin regardless of operating system used.
Just gotta know to avoid this confusion and because more people were using malicious update Flash Player in the browser, Adobe has decided for some time that Flash Player will no longer be forced to make the update the new version in the browser but in a separate window. Nowadays, if you change the settings in the installation wizard-ul/pasii Flash Player will automatically check for us updates at startup and every time. If new versions or updates for Flash Player will be available that will make them automatically, regardless of the browser in a separate window, without notice to you, just to avoid confusion an official update with a fake update that does is to infect your computer.
Another clue that we can realize that the update is a fake one meant to infect us is the fact that the video was played for a few seconds and then stopped. It is logical that if we did not have the Flash Player updated, the video should not even have started playing those 4-5 seconds.
In the end very careful what you click, allow the necessary time to read the site name displayed in the address bar (address bar) of your web browser, do not rush to install what you are offering for download. Keep in mind that these infections could evolve over time as we have seen in this tutorial.
That being said I invite you to watch the video tutorial to see exactly how we remove the infection spamm messages automatically posting on our Facebook and our labels / tags uieste friends.
Elimination of infection that automatically post on our Facebook site
[media id = 1106 width = 480 height = 223]
View Comments (61)
Adrian would still like to specify that whoever has synchronization of the settings extensions must also delete the last synchronizations from the respective accounts. otherwise after deleting you clean that extension it could return to the next synchronization in the pc back. if I'm wrong, tell me yes, after I format pcu when I install browservaru and log in to the sync account, it restores all the extensions to the settings made last time back.
Crikey we 4 Rebate squeezer C: \ Users \ Valentin \ AppData \ Local \ Google \ Chrome \ User Data \ Default \ Extensions very good tutorial thanks a lot for the tutorial
recover imei galaxy like a s3, I flash him forget, and i have android 4.1.2 4.3 I put u and i have lost IMEI, it can not use the phone.
forgotten if you installed baseband or looking XDA forum certainly find the answer
And where basebandu see, how do I know if I installed it?
You can come and see it in settings in general tab there all dejos and write (on the phone) or there about device and shows baseband version if you write unknown means it's not installed
Thanks a lot, but it looks.
In order to achieve the performance of being a virus in this way, you have to be inexperienced enough ... not to say otherwise.
1. First appears unintelligible address with a domain tk oughta put you think.
2. Some executable files can be integrated digital signature certifying that that file is from a recognized manufacturer and installation kit no further changes. Right click, properties, digital signatures and verify that it is ok or digital signature. It does not mean that if an executable without a digital signature, it is malicious, but a file originated from a company the size of Adobe clearly should have an integrated digital signature.
3. If you come across a web page that tells you that you don't have a flash player or that it's not up to date, do you really have to believe this at first? Open another tab, go to a video sharing site, turn on the clip, and right-click exactly on the running clip, then "about adobe flash player." A new page will open (official page) with additional information.
4. In general, you should be suspicious of sites or banners that tell you that you should install a specific plugin so that you can see a particular video. Advertising banners are often made and placed in such a way that you do not even realize that they are advertising banners.
5. Attention to torrent sites: many of them you click on something to download, instead you provide a file with the. Torrent, provides one with. Exe.
6. Often behind a so-called clip that starts running, there may be a common gif animation. Right click on the image ---- see picture, it should reveal this. Okay ... it could be there and something based on html 5 or even use the flash player plugin that the browser runs.
Additional tips:
1. Set windows explorer to always show you file extensions. By default he hides them. Many use this to mislead you with "double extension" files. If you google search "set windows explorer to show file extensions" you will surely find enough results.
2. Disable browser modules that you do not use frequently. Many web pages use certain vulnerabilities in these modules to enter your computer in one way or another. The java module is generally considered to be the most vulnerable in the "zero day vulnerability" chapter. If you don't really need it, you'd better not install java ... or at least keep the modules off, and you'll be able to turn them on temporarily when you need them. Try to update them as often as possible.
How do you disable?
For example, if you use google chrome, then type in the "about: plugins" address bar without the quotation marks. In the firefox, click the orange icon --- supplements ---- modules. For example, I only leave the flash player activated and that's about it. There would also be such a module configuration menu in Internet explorer (mechanical key --- internet options --- programs ---- manage additionals programs), but it seems quite rigid in terms of functionality, I don't really have the option to disable what I would like .... However I do not use it frequently and many say that internet browser explorer is more vulnerable than other browsers.
3. I have spoken on other occasions about the "digesec hashing utility" program. It can calculate the hashes of different files that you download from the internet. After calculating a sha-1 hash for a specific file, you can open a browser and enter that hash in google. Do a few searches and find out if that file is trustworthy or not. I don't know if there are many who will understand what I meant.
Know that there are extremely many users who fall into these traps. Every day I am labeled in dozens of such messages. It's incredible, although many times I have publicly posted on Facebook some screenshots with indications on the pages that imitate YouTube and that the blue button "Update Flash Player" or "Upgrade Now" is a fake one.
Very useful tutorial even needed such information in connection with such viruses.
I suffered something similar, it was also a virus that sent xxx pictures, on the facebook chat, in my name. . . but in the end everything disappeared by itself or I did something without realizing it and I got rid of the damn virus: D
Thank you Adrian, do an excellent job!
Hello ! I have a Goclever TAB A104 tablet. 10 "for about a year and I was satisfied, I could watch movies from Fimehd.net, without interruptions. on Opera, perfect. For a few days, however, the page is loading, but the movie cannot be released; you tube! Here, in the end I deleted the updates and then I installed them again and it works. I tried with Opera and I can't install it anymore, as well as with Google Chrome, it tells me that something is missing but not says what, although it is taken from Google Play Market! It's true, I also installed Flash Player and then deleted it, it told me that it is not compatible with Android 4.4.In the end I installed Opera Mini and Google Chrome Beta, but I still don't play any movies. Basically, I don't know what to do! If anyone can help me, thank you in advance! Petrus_16
Write in the search box top right: how to install flash player on android 4.4 kitkat, press Enter and you will find the tutorial
And if I got tagged by the person who got the virus, I can take?
No, you will catch a virus if you click on the link in the post you were tagged and install the extension or executable that will be offered for download
Hello
...... I'm thinking of doing a tutorial on how to install windows 7 on a Samsung 840 SSD.
It sets up just like a hard drive. After installation you can follow our tutorial about optimizing ssd you find the search box in the top right
I think that if you used and had installed MBAM from the beginning, you had no chance to "infect" your PC. I tried to access the link in question but I could not my MBAM did not let me
Malwarebytes free version has real-time scanning, real-time scanning version is commercial and Malwarebytes pro version only real-time scanning protects / warns you if you're about to install / to access a malicious.
Malwarebytes Pro can be used free of charge only 14 days then must purchase a license which costs dollars 25
Yeah Al that sounds pretty crap to me, Looks like I've been using the PRO version at MBAM for a few years now, and it's okay now, "virus" at a "quick scan" MBAM finds it and does exactly what you did in this tutorial. anyway very useful tutorial and I will warn my friends about this "virus".