Let me start by saying I hate Facebook ..... and even more so after this experience. I was talked into opening a Facebook account by SWMBO, so that I could keep in touch with her family .... stupid I know but we do these things.

This morning I got this email :

HEADERS
Delivered-To: [email protected]
Received: by 10.216.165.204 with SMTP id e54cs1147wel;
Tue, 2 Feb 2010 18:48:27 -0800 (PST)
Received: by 10.140.57.5 with SMTP id f5mr4773777rva.132.1265165306717;
Tue, 02 Feb 2010 18:48:26 -0800 (PST)
Return-Path: <[email protected]>
Received: from mx-out.facebook.com (outmail012.snc1.tfbnw.net [69.63.178.171])
by mx.google.com with ESMTP id 6si25168259pzk.103.2010.02.02.18.48.25;
Tue, 02 Feb 2010 18:48:25 -0800 (PST)
Received-SPF: pass (google.com: domain of [email protected] designates 69.63.178.171 as permitted sender) client-ip=69.63.178.171;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of [email protected] designates 69.63.178.171 as permitted sender) [email protected]; dkim=pass [email protected]
Return-Path: <[email protected]>
DKIM-Signature: v=1; a=rsa-sha1; d=facebookmail.com; s=q1-2009b; c=relaxed/relaxed;
q=dns/txt; [email protected]; t=1265165289;
h=From:Subject:Date:To:MIME-Version:Content-Type;
bh=cY+0KXrYQ9RmRUL89KDLcelTBXo=;
b=XZsdHb+6e+t/FZeBWJpoZyh91O4M7SDHEu8t6nHOqQ4vUIC8gPJBc9mo8gFzf/4v
PwrHJygKUmBttMW97EWZPw==;
Received: from [10.18.255.130] ([10.18.255.130:54395])
by mta309.snc1.facebook.com (envelope-from <[email protected]>)
(ecelerity 3.0.19.34928 r(34928)) with ECSTREAM
id 54/4F-29886-9E3E86B4; Tue, 02 Feb 2010 18:48:09 -0800
X-Facebook: from zuckmail ([NzQuNTAuMTA4LjE2NQ==])
by m.facebook.com with HTTP (ZuckMail);
Date: Tue, 2 Feb 2010 18:48:09 -0800
To: xxxxxx Cape Town <[email protected]>
From: Facebook <[email protected]>
Reply-to: noreply <[email protected]>
Subject: Carme xxxxxxx sent you a message on Facebook...
Message-ID: <[email protected]>
X-Priority: 3
X-Mailer: ZuckMail [version 1.00]
X-Facebook-Notify: msg; from=1623486772; t=1086001167528; mailid=1d2e117G29f2ab85G57a37f0G0
Errors-To: [email protected]
X-FACEBOOK-PRIORITY: 0
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="UTF-8"



Carme sent you a message.

Subject: tua foto

"es esta su foto?! Leaving Facebook... | Facebook (http://www.facebook.com/l/a85d7;readinfo99995791974886.media-paradise.net/id735rp/)
Con amor!!!"

To reply to this message, follow the link below:
http://www.facebook.com/n/?inbox%2Freadmessage.php&t=1086001167528&mid=1d2e117G29f2ab85G57a37f0G0

___
Find people from your Gmail address book on Facebook! Go to: Find Your Friends on Facebook | Facebook (http://www.facebook.com/find-friends/?ref=email)

This message was intended for [email protected]. Want to control which emails you receive from Facebook? Go to:
Login | Facebook (http://www.facebook.com/editaccount.php?notifications=1&md=bXNnO2Zyb209MTYyMzQ4Njc3Mjt0PTEwODYwMDExNjc1Mjg7dG89NzAzN zY5NDc3)
Facebook's offices are located at 1601 S. California Ave., Palo Alto, CA 94304.

The sender (Carme) is a close and trusted family member and as the links started with Welcome to Facebook | Facebook (http://www.facebook.com) I clicked on one and it took me to the Facebook Sign in page - at least it looked genuine. I signed in and then got a pop up saying I needed to download a new version of Adobe, but there was a grammatical error in that which made me suspicious, so I didn't click on that link or go any further.

Carme has subsequently confirmed that she did not send that message.

Next I got a warning message saying that my Firewall was turned off, this has happened before for no apparent reason, so I wouldn't have been unduly concerned were it not for the preceding situation. I turned the firewall back on (XP) and a few minutes later got this popup, which recurs from time to time :

http://img693.imageshack.us/img693/7873/newpicture2d.png (http://img693.imageshack.us/i/newpicture2d.png/)

Have I got a Trojan/Virus or am I being paranoid? I have done a full AVG scan and it comes up clean.

Would really appreciate any advice on this. Thanks.

We probably need to know a bit more about your 'usage'of your machine. If it is just a 'home machine' then I think you should start here (http://social.answers.microsoft.com/Forums/en-US/xpsecurity/thread/5a9bb327-039e-4743-b913-9fe71dadb60e) with this topic?

Thanks for the response.

Yes, it's a home usage machine. It's not on a LAN, it's connected to the internet with sn Ethernet cable froma Belkin router, which also has a wifi of which we run 3 or 4 other machines.

It's running on XP, and I only use Mozilla Firefox, Outlook Express, IE7, and the MS Office stuff on it. AVG Anti Virus Free.

I'm going to go through the stuff on that link and see where we go from there. I'm mainly concerned that security may be compromised as I use the machine for banking and so on.

Capetonian:

Download Spybot - Search and Destroy. It will find your problem. I rely on Spybot for some of my Windows security needs. (On the rare occasions I run Windows!)

Go here to get it:

Spybot - Search & Destroy Free Download and Reviews - Fileforum (http://fileforum.betanews.com/detail/Spybot-Search-Destroy/1043809773/1)

MalwareBytes and Hijack This.

SD

Your friend's Facebook account has almost certainly been hacked.

My daughter's was, a couple of weeks ago. She hadn't used Facebook for a very long time. Then I got a Facebook message from her, but worded in a way she would never use. I phoned her - no, she hadn't been on Facebook for some months. She logged in, deleted all the stuff in her name, changed the password, and left again.

As the others said, tun Spybot and Malwarebytes. When they are done, no harm in also running Housecall. That stuff looks very fishy.

Looks quite untoward to me. I would be investigating it from a malware point of view, for sure.
MBAM (http://www.malwarebytes.org/) (download the free version) is a program similar in function to Spybot or AdAware, but a bit more up to date and generally capable.
Install it, update it, run a quick scan, then have it remove everything found.
If stuff was found, repeat a scan, then reboot and rescan, until it comes up clean. Post back with the results. (If the malware is re-created after each reboot, more work at a help forum might be indicated.)

I would not use a machine for banking that was protected only by an inbound firewall. XP's firewall is good, but only one way. Reason being is that if you do get some malware, the outbound control could be the last chance you get to prevent it connecting out, sending your info or gathering reinforcements.
I suggest you get a two way firewall. I use PCTools, partly because it does the job, and partly because it's easy to use. There are links and info sections about firewalls (and many other apps) Here. (http://andymanchesta.com/) Look to the top centre area for free firewalls.
Consider also getting a behaviour blocker or HIPS (included as a module with some firewalls, such as OA or Comodo) and a hosts file, to block known bad sites/domains.

"Download a new version of Adobe" sounds like it might possible be the Koobface worm.

Thanks to all of you who offerdd help and wisdom.

I ran Spybot, it found 3 or 4 things the first time, rebooted, ran again, it found 1, repeated, and it now appears clean.

I'm going to get my computer guy to look at it properly for me as I'm useless at these things, meantime I'm going to be using another machine for anything sensitive.

Related, does anyone know how (if possible) to set the router (Belkin ADSL2+ Wireless G) to restrict access to certain sites so that I can prevent my partner, our son and his friends from using Facebook on the network. I've been through the menus and find all sorts of options but there doesn't seem to be one to block a specific site.

I know I can do it on the browsers but we have 4 or 5 computers that are used regularly in the house.

Some Belkins support URL blocking. In the web interface, it will be somewhere like "Access Control" or "Schedule": in the former case, you link the rule to the MAC address of the individual computer. In the latter case, you'd create a rule (which would apply to all computers) blocking access to Facebook, and schedule it to run 24x7. It's a long time since I played with Belkin, though. The manual or Belkin's website should be able to help.

Thanks, but it doesn't look as if mine does - anyway I'm about to get a new router to support wireless N so I'll look for that feature.

I can block MAC addresses as certain times, so my son's is disabled between 2100 and 0600 for example, but it doesn't seem to support blocking specific sites.

Thanks anway.

Download and install Zonealarm (Free) on the relevant PCs and select 'disallow' and 'remember this setting' for the facebook activation/access programme - that might do it without delving into your router. It will not stop any family geeks changing it back,:) however.

It will not stop any family geeks changing it back, however.

In other words it won't stop my teenage son and his mates, but I might do it anyway on pain of pocket money suspension. I can tell him I have a programme which shows me all websites accessed from any machine on the network.

Not that it's any of our business, but why would you want to prevent your son visiting facebook on (presumably) his own computer? It's tipping into a behavioural issue rather than technical.

If it's because of the amount of bandwidth used, and you have a capped allowance, simply charge him for access, maybe. Or get him to set up his own account with an ISP.

My experience with internet-savvy teenagers (the next-door duo) is that nothing will stop them. The 14 year old daughter of the family hacked the Admin password of her mum's computer, loaded some software, and neatly trashed the whole machine.

There are routers that can be "secured", but they aren't called Belkin or Netgear. You're talking significantly more expensive devices, such as my Draytek. Even then, a total reset will allow the enthusiastic teen to reload the logon and password bit (assuming those aren't already secret) while disabling the rest of the security.

The only "fix" is to protect your PC and not allow them near it.

Not that it's any of our business, but why would you want to prevent your son visiting facebook on (presumably) his own computer? It's tipping into a behavioural issue rather than technical.

Because it spreads viruses and trojans, as I discovered to my cost. His computer operates on my network, which I use professionally, and I do not wish to take the risk. I have no concerns over bandwidth.

I appreciate that FB may have valid uses, but I fear that it is turning a generation into social cripples who believe that they have ´friends´via a virtual medium of communication. Fortunately my son has a normal social life, goes out, plays sports, and has real friends, but I know others who spend every waking hour on Facebook and it is most unhealthy mentally an physically.

If I may use the term "Pseudo Facebook" then that is a great spreader of viruses. I receive many emails, as I know do others, inviting them to click this link to activate new Facebook Secuity Procedures or some such nonsense. For me it is easy to see through the scam; I don't have a FaceBook account. For others, and maybe the younger generation can be more easily led, the dangers are there.

I can understand the desire to keep these things at bay the other side of the firewall.