Microsoft security software detects and removes this threat.

This threat can perform 'likejacking' attacks. A 'likejacking' attack is when this threat 'likes' Facebook content without your knowledge or consent.

It can be installed on your PC by an exploit when you visit a malicious or hacked webpages.

Find out ways that malware can get on your PC.  

What to do now

Use the following free Microsoft software to detect and remove this threat:

You should also run a full scan. A full scan might find other hidden malware.

Enable MAPS 

Enable the Microsoft Active Protection Service (MAPS) on your system to protect your enterprise software security infrastructure in the cloud.

  1. Check if MAPS is enabled in your Microsoft security product:

    1. Select Settings and then select MAPS.

    2. Select Advanced membership, then click Save changes. With the MAPS option enabled, your Microsoft anti-malware security product can take full advantage of Microsoft's cloud protection service

  2. Join the Microsoft Active Protection Service Community.
Get more help

You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.

If you’re using Windows XP, see our Windows XP end of support page.

Threat behavior


This script runs if you visit a webpage containing it. The webpage might be a hacked legitimate page, or a malicious page set up by a hacker.


This script 'likes' Facebook content (like a page or a post) without your knowledge or consent. 'Liking' content on Facebook means that your friends in the network see this action, leading them to possibly view the content and also get infected.

This script has been found used by malicious websites to gather a lot of page visits for profit.

Analysis by Steven Zhou


The following could indicate that you have this threat on your PC:

  • You 'like' content on Facebook that you don't remember 'liking'


Alert level: Severe
This entry was first published on: Jan 08, 2014
This entry was updated on: Jun 02, 2015

This threat is also detected as:
No known aliases