What is Flash-paivitys?
The Malwarebytes research team has determined that Flash-paivitys is adware and a spamtool. This particular one installs a Facebook app that consequently sends out spam messages to all the user groups you belong to.
The Facebook apps will have a name that users do not immediately associate with messaging like HTC Sense, Spotify, or Pandora.
How do I know if my computer is affected by Flash-paivitys?
You may see these warnings during install:
and you may notice this Firefox extension:
After the install you may see spam mesages go out that look similar to this:
The message is in (non-fluent) Finnish and tells readers to Google for a certain key-phrase. At prime time of the infection there would be a sponsored result waiting for them, but now they will find a Scam Alert.
The intended landing page would try to scam users into buying fake or non-existing high-end products.
This particular one was offered as a fake Flash update (in Finnish).
How do I remove Flash-paivitys?
Our program Malwarebytes can detect and remove this unwanted program.
- Please download Malwarebytes to your desktop.
- Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
- Then click Finish.
- Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
- If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
- When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
- Restart your computer when prompted to do so.
- No, Malwarebytes removes Flash-paivitys completely.
- Affected users will have to find and remove the offending app from their Facebook account.
We hope our application and this guide have helped you eradicate this fraudulent extension.
We protect our customers from these extensions by blocking the sites that spread them:
Technical details for experts
Possible signs in FRST logs:
FF Extension: No Name - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\[email protected] [2018-04-05]Alterations made by the installer:
File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions Adds the file [email protected]"="4/5/2018 10:45 AM, 102813 bytes, AMalwarebytes log:
Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 4/5/18 Scan Time: 10:58 AM Log File: 90e4efa1-38af-11e8-abc9-080027235d76.json Administrator: Yes -Software Information- Version: 3.3.1.2183 Components Version: 1.0.262 Update Package Version: 1.0.4624 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 245049 Threats Detected: 1 Threats Quarantined: 1 Time Elapsed: 2 min, 43 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Adware.FBSpammer, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\EXTENSIONS\[email protected], Quarantined, [1704], [506269],1.0.4624 Physical Sector: 0 (No malicious items detected) (end)As mentioned before the full version of Malwarebytes could have protected your computer against this threat.
We use different ways of protecting your computer(s):
- Dynamically Blocks Malware Sites & Servers
- Malware Execution Prevention