Sign in with
Sign up | Sign in
Your question

Spyware adware help-- I'm infected

Last response: in Windows 7
July 13, 2011 6:16:06 AM

As far as I can tell this is only on Facebook.

I have run scans with

avg free



house call trend micro

I don't know what to do.

Thanks for any help!!

here are the screen shots

July 13, 2011 7:12:39 AM

For clarity I'm talking about the giant Facebook ads that are not supposed to be there. Swiching browsers does not help
a b 8 Security
a b $ Windows 7
July 13, 2011 6:02:25 PM

Have you used the facebook privacy settings to opt out of adverts?
Related resources
July 13, 2011 6:27:59 PM

no this is some kind of adware because it advertises fake anti virus programs and such.... and I don't get this on my other computers logged into the same account... facebook ads do not look like this....

this is malware bytes log after I ran it in safe mode

can type: Full scan (C:\|)
Objects scanned: 386824
Time elapsed: 32 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{70C6E9DE-F30E-4A40-8A6F-9572C2328320} (PUP.FCTPlugin) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{70C6E9DE-F30E-4A40-8A6F-9572C2328320} (PUP.FCTPlugin) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{70C6E9DE-F30E-4A40-8A6F-9572C2328320} (PUP.FCTPlugin) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{70C6E9DE-F30E-4A40-8A6F-9572C2328320} (PUP.FCTPlugin) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{70C6E9DE-F30E-4A40-8A6F-9572C2328320} (PUP.FCTPlugin) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files (x86)\Object\bho_project.dll (PUP.FCTPlugin) -> Quarantined and deleted successfully.
a b $ Windows 7
July 13, 2011 7:00:24 PM

Look like normal ads to me
a b 8 Security
a c 372 $ Windows 7
July 13, 2011 7:03:21 PM

plus 1 ^
July 13, 2011 7:39:09 PM

taking me to a fake avg website is not a normal ad... anyone that uses facebook will see there is something wrong
a b 8 Security
a b $ Windows 7
July 17, 2011 11:21:22 AM

Im having the same problem, scanned with AVG, Malwarebytes, nod32, and ad-aware still getting them on IE and firefox.
August 15, 2011 2:56:20 AM

I started experiencing these odd pop ups while on Newegg... thing is I use No Script on Firefox so they always looked the same and didn't function properly. I thought it was No script blocking a Newegg promo but I started seeing them on other non associated legit websites. Anyway after running malwarebytes I got two "pup.fctplugin" hits. I got rid of the pop ups using these instructions at "". Worked like a charm. Note read the forum post completely before starting. You'll see the guy say he lost his firefox and explorer capability etc but it was restored after reboot. Its just combofix doing its job. Good luck, hopefully it works for you.