• Please review our updated Terms and Rules here
  • Exhibitor application for VCF West 2022 is now open! If you are interested in exhibiting, please fill out the form here.
  • Here are the results of the VCF East 2022 Post Event Survey: Survey Results

Yo admins, do we have Fakebook integration?

ATSystems

Experienced Member
Joined
Dec 8, 2018
Messages
77
Location
Sydney, Australia
Howdy admins,

I have weird things going on with one of my laptops, can I just confirm that VCF does not use fakeook integration, and if I am seeing pic related under every topic, it's likely time to nuke my drive from orbit and start again?

fakebook.JPG

I can find no other signs of malware to explain the weirdness going on here, but if this junk is getting injected into my web pages that's good enough reason for me to get the ion cannon out. You couldn't pay me to use that rubbish.
 

1944GPW

Veteran Member
Joined
Apr 26, 2011
Messages
631
Location
Brisbane, Australia
Thankfully I don't see what you're getting. I do have over 80 Twitbook domain variants blocked in my hosts file plus I run 'Fanboys Social Blocking List' and their other lists as Adblock extensions (https://easylist.to/).
I think that helps a little but can't ever be certain I am completely insulated from that organisation.
 

g4ugm

Veteran Member
Joined
Feb 22, 2011
Messages
2,719
Location
NorthWest England (East Pondia)
Howdy admins,

I have weird things going on with one of my laptops, can I just confirm that VCF does not use fakeook integration, and if I am seeing pic related under every topic, it's likely time to nuke my drive from orbit and start again?

View attachment 50164

I can find no other signs of malware to explain the weirdness going on here, but if this junk is getting injected into my web pages that's good enough reason for me to get the ion cannon out. You couldn't pay me to use that rubbish.

As far as I can see Facebook integration is "ON" and those flags are normal.
 

ATSystems

Experienced Member
Joined
Dec 8, 2018
Messages
77
Location
Sydney, Australia
'Fanboys Social Blocking List' and their other lists as Adblock extensions.

My man, exactly what I'm running on all my machines via ublock, but it's only this laptop that I'm seeing the buttons on.

MeanwhileAtChernobyl.jpg

explorer.exe is chewing all the CPU time and procexp64 won't even run when this thing is redlining, which makes me think something nasty is going on in the background. The thing grinds to a complete halt, only action I can take is a hard shutdown.

As far as I can see Facebook integration is "ON" and those flags are normal.

I assume you're in a position to see under the hood as you don't bear the mark of the beast(s), perhaps something is doing an end run around my shields. It's a two year old OS build anyway, prolly time to do a wipe.

Also, eww, fakebook integration.
 

ATSystems

Experienced Member
Joined
Dec 8, 2018
Messages
77
Location
Sydney, Australia
Explorer in a loop is often hardware. Have you checked the event logs?

Yup, system only shows occasional DNS lookup failures followed closely by unexpected shutdown notifications from standing on the power button, the other categories are not showing me anything unusual. CPUID shows normal temperatures and no throttling during the events, memtest86 does not reveal any RAM drama. The thing will grind Prime95 all day long without bogging down too badly or redlining on temperature but within 5 minutes of opening any browser (IE, Chrome, Waterfox or Opera) the excrement hits the extractor. I could run wireshark and see whats happening in the background but I would likely loose GUI response before I could dump anything. Besides, the machine in question is my workshop toy, small application footprint, monthly SSD snapshots and all my user data is synced to my NAS. It would be more work to dig deeper on this than it would be to restore a snapshot from last month and see if it's still happening. That will at least tell me if it is hardware or not.

I only got suss on the faceblech buttons because I know some malware injects content into pages to try and get credentials by redirecting users to a shady URL when clicked on and I had not noticed them before, again, because it appears whatever this is is getting around uBlock somehow. As long as they are supposed to be there I'm not fussed.
 
Last edited:

g4ugm

Veteran Member
Joined
Feb 22, 2011
Messages
2,719
Location
NorthWest England (East Pondia)
Its very odd that ALL browsers are affected but its Explorer that goes ape when they are opened. Do they all have the same HomePage set? Has that got infected with something? I feel that you have blocked something that the system is paranoid about reaching. Microsoft Update? AV update?
 

ATSystems

Experienced Member
Joined
Dec 8, 2018
Messages
77
Location
Sydney, Australia
Yeah, it really is. I use the speed dial/most visited for new tabs/browser sessions and have google set as my homepage, there is nothing really common among them except for uBlock and a HTML5 autoplay blocker. I run a WSUS server for the 5 machines around my base; updates are updating and I don't normally run any AV short of MSE which is chugging along just fine. Any unknown applications or scripts get run in a VM sandbox, I haven't been pwnt for a good 10 years since setting all of this up and smartening up my practices. Having said that I've thrown Malwarebytes, Avast and Kaspersky at it with no hits. I did just check to see what the network utilisation looks like during these events, no real uptick in traffic and it still grinds to a halt even with WLAN disabled.

I've just completed a snapshot of the build as it stan, I might run it up in a VM once the laptop is stable and dig further. For now I just want to be able to use the internet in my workshop without everything catching fire :)
 

smp

Veteran Member
Joined
Oct 4, 2011
Messages
1,676
Location
Bedford, NH, USA
FWIW, I see those two buttons at the top of the first page of any thread that I open... AFAICT I've been seeing them for years, now. So long I just ignore them anyway.

I'm on a MacBook Pro with OS 10.14.2, and I use Safari.

smp
 

Stone

10k Member
Joined
Nov 3, 2009
Messages
12,814
Location
South Jersey, USA
I regularly see the address request, 'Waiting for facebook.com' in the status bar whenever I load a page here. What does that tell you?
 

rittwage

Veteran Member
Joined
Mar 6, 2012
Messages
883
Location
Augusta, Georgia, USA
Once in a while, my Chrome/Chromium user profile has some problem and I have to just wipe it out and start again. In modern times, the browser is pretty much an OS in itself...

However, I have never seen it cause Explorer.exe to spike. That seems unrelated unless you have a new and different issue.

You are saying that when you run a browser and go to certain sites, explorer.exe spikes?
 

Caleb Hansberry

Veteran Member
Joined
Mar 23, 2014
Messages
602
Location
Colorado Springs, CO
taIs9qM.png


I've always had the buttons.
 
Top