Possible infection from accessing FB URL?

[Depo1964]

For the last month or so, whenever i enter the Facebook URL www.facebook.com or https://www.facebook.com into my navigation toolbar box (Firefox 21. or IE 9.) my entire notebook PC (HP Pavilion dv6500) locks up completely.

I can't use the mouse or click on anything else for around 45 seconds when the Facebook login screen appears.

i am running Vista Home Premium SP2.

This only happens the first time that i attempt to access facebook after either a reboot or when first starting up my notebook for the day.

I always close my browser after leaving facebook.

But when i try to access the facebook URL the following times (even if i use FF the first time and then IE the second), it only takes a couple of seconds for the FB login screen to appear.

This is the only URL which this is happening with.

With FB (in the lower left hand corner of my screen using Firefox) i see the following part of a URL before the entire PC locks up: "fbstatic-a.akamaihd.net...".

On the FB help pages this URL is supposed to be used to house such things as your photos, videos, etc. However, i haven't even entered my logon info, so how would the FB app know whose photo, etc. info to retrieve???

I have tried several things to fix this problem.

1. Full scan with malwarebytes. 0 problems.

2. Full scan with my antivirus sw. 0 problems.

3. scan of my registry searching for facebook. Did turn up several occurences mostly having to do with the Bing toolbar which I then removed.

Also, removed older references of FB in my registry. It is now void of any referrences to FB.

4. searched the Windows Event viewer Logs for the precise time that I hit Enter to go to the FB URL and could not find anything in the APP or SYS logs at that specific time.

5. left a request on FB Help for this problem, for which i received no "human" response.

All google references to the above URL indicate that FB uses this server address to load member photos and such.

But, as mention above, i haven't even logged into FB when the above problem occurs.

I have downloaded the mbam-check and dds execs, turned off my Firewall and Anti-virus SW and run these apps.

I am attaching the results.

If I can't find the answer to this problem, I am going to close my FB account. This, to me, is scary stuff.

Any other ideas of something else I might try to fix this problem?

thx.

CheckResults.txt

attach.txt

dds.txt

[Maurice Naggar]

Hello Depo and welcome to the MalwareBytes forum.

My name is Maurice Naggar.

I will be helping you today.

Please do a backup of any documents/personal files that you cannot afford to lose.

Malware cleanups can sometimes be unpredictable. So do a backup to Offline media as a precaution.

If this is not your computer, or if it belongs to a company or organization then please Stop and tell me.

Using Internet Explorer browser (only!) go to http://support.microsoft.com/kb/923737

[ignore any DOES NOT APPLY warning as well as the APPLIES TO section],

run the Fix It and then reboot.

Tip: For optimal results, enable the Delete personal settings option.

Also,

1. Open Internet Explorer.

2. Click "Tools," and then click "Internet Options."

3. Click "Connections," and then click "LAN Settings."

4. Make sure the check boxes for "Automatically detect settings" and "Use automatic configuration script" are not selected.

5. Make sure Proxy servers block is not selected (not checkmarked).

6. Apply changes & OK

While in IE, press Shift+CTRL+Delete keys and delete temporary internet cache files.

Step 2

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT by doing a Right-Click on it & select Run As Admisnistrator

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 3

Show all files:

• Click the Start button, and then click Computer.
  
• On the Organize menu, click Folder and Search Options.
  
• Click the View tab.
  
• Locate and uncheck Hide file extensions for known file types.
  
• Locate and uncheck Hide protected operating system files (Recommended).
  
• Locate and click Show hidden files and folders.
  
• Click Apply > OK.

Step 4

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

1. Close any/all open internet browsers. Save any open documents you have open & close programs you started.
   
2. Click on START>All Programs>Malwarebytes' Anti-Malware>Tools>Malwarebytes Anti-Malware Chameleon
   On Windows 7, press Windows-key, then start typing in text box

Malwarebytes[code] then select/click [b]Malwarebytes Anti-Malware Chameleon[/b]

Once the Help file opens, click on a [b]Chameleon[/b] button (starting with #1)
If running on Vista, Windows 7, press the Yes button when prompted at the UAC prompt to allow to run.
You should see a black Command-prompt-window that remains open and says [b]MBAM-chameleon ver. 1.6[/b] at the top
Press any key to continue as it says in the window {space-bar will do}
If the Chameleon button you tried does not work, try the next Chameleon button shown. (There are 12 in all).
Have infinite patience during this process
Malwarebytes Chameleon will proceed to update Malwarebytes Anti-Malware, so ensure that you are connected to the internet if possible
Once the update completes and it says your database is updated, click on [b]OK[/b] button so that process can continue
Malwarebytes Chameleon will then terminate any threats running in memory, which may take a while, so please be patient.
After that, Malwarebytes Anti-Malware will open automatically and perform a Quick scan
A quick scan will take a few minutes, possibly 5 or so minutes. Have infinite patience.
Once the scan is complete, click on [b]Show Results[/b] and remove any threats that are found by clicking [b]Remove Selected[/b]
If prompted to restart your computer to complete the removal process, click [b]Yes[/b]
If no threats are found, press OK button & press EXIT to end MBAM. Press the space-bar (or another key) to exit the command-prompt-window.
After your computer restarts, open [b]Malwarebytes Anti-Malware[/b] and perform one last Quick scan to verify that there are no remaining threats

Reply with copy of the MBAM scan log for review.

[Maurice Naggar]

Hello,

Have you resolved your issue? Do you still need help ?

[Depo1964]

Hi Maurice,

I want to run step 4 but there is no Start>All Programs..  item/folder for Malwarebytes.

However, there is a mbam-chameleon.exe in folder c:/Program Files/Malewarebytes' Anti-Malware/Chameleon/mbam-chameleon.exe.

Can I run it from there?

[Maurice Naggar]

Yes. sure. Do that.

[Depo1964]

The results of running the tests is that no infections were found.

i should point out, however, that for the last several days, when entering the facebook URL into my browser  ( and even after logging into FB) no lockups occured.

If these lockups begin to occur again, rest assured that I will run these test again immediately.

thank you for your help.

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!