Just spent a late evening removing gunk for a PCC student. He’d fallen for a link from a FaceBook friend along the lines of “you’re in the movies”, that led to, apparently, a YouTube video, that said he had to install a new video player, et voila!, he’s got problems.
As seems to be the case quite often these days, he wound up with multiple popups, all claiming to have found lots of ReallyBadStuff(â„¢) on his machine. They’d even remove the Really Bad Stuff, if he only paid them 49 bucks (and quite possibly given them carte blanche to charge the moon on his credit/debit card).
Wound up removing most of it with MalwareBytes Malware Removal Tool (the free version!), followed by another cleanup run with ComboFix. Then I got to remove some other marginal bits – “Fast Web Search” and MyWebTattoo’s “Search Protector”. These were a result, apparently, of yet another FaceBook meme – Web Tattos. These were removal via the Programs Control Panel, and changing search providers in IE.
Moral of the story? Be careful what you click on.