Facebook Virus removal instructions
What is Facebook Virus?
Facebook Virus is a generic name for all Facebook social network-related viruses. The list of Facebook-related malware is rather long. These viruses are typically proliferated via Facebook messenger - criminals hijack random user accounts and proliferate viruses via private messages. Note that the behavior of these viruses is not identical.
As mentioned above, extensive malware is distributed via the Facebook social network. Although behavior differs, most of this malware has at least one thing in common: it typically records sensitive data (keystrokes, logins/passwords, etc.) We also stated that these viruses are typically proliferated using random user accounts. Cyber criminals design malicious scripts to hijack Facebook accounts and send various links to all contacts. In most cases, these links appear legitimate, since criminals also insert text and emojis to make the messages more believable and friendly. In fact, after clicking these links, users' friends often visit malicious websites or execute other scripts that infect their computers and web browsers. In some cases, users are redirected to fraudulent sites that offer "fantastic deals", however, criminals employ these sites only to to extort money from unsuspecting users and/or steal confidential information. In addition, some Facebook viruses are distributed using posts on Facebook walls. Hijacked Facebook accounts post deceptive posts on their (or friends') timelines, however, as with private messages, these posts also contain links to malicious sites. The result is identical.
An older, popular example of a Facebook virus is "Ryanair Scam". First released in 2016, the scam model is simple: users receive a message stating that the Ryanair airline is celebrating its 35th birthday and, therefore, users can supposedly win tickets for two free flights. This company was founded in 1994 and, thus, at time of the "Raynair Scam" release, the airline was 32-years-old. The post contains a fake boarding pass with the Ryanair logo and redirects to a variety of other malicious sites that encourage users to fill in forms requiring personal details. Unsuspecting users are often tricked and actually provide this information, thereby putting their privacy at risk - cyber criminals can easily misuse personal data (e.g., banking information, etc.) with the intention of generating revenue.
Another popular Facebook virus is called "Ray Ban Scam". Criminals proliferate private messages with malicious links that promote dubious websites that supposedly sell Ray Ban eye-wear at very low prices, however, after submitting payment, users receive nothing in return and lose their money. In most cases, users infected with this virus have a type of 'keygen' (which gathers various passwords and sends them to cyber criminals' servers) installed on their computers. This malware also employs hijacked accounts to promote these websites (for example, it creates events, chat groups, posts deals on the timeline, and tags victims' friends, etc.) In the case of such an infection, immediately change your account passwords and cancel all submitted payments/transactions.
First noticed in South Korea, the most recent (and probably, most sophisticated) Facebook Virus is designed to infect computers with cryptocurrency-mining malware called Digmine. The malware, however, is now considered to be a worldwide problem. Cyber criminals spread Digmine via private messages. It only targets users using the Google Chrome web browser or Messenger desktop applications (users with mobile devices cannot be infected). Criminals hijack user accounts and send a message to all contacts. The message contains a "video_[random_digits].zip" file (e.g., "video_5833.zip"). Other users are typically tricked into believing that it is a compressed video file, however, it is a malicious executable that, once opened, connects to developers' Command and Control (C&C) server and starts the infection chain, essentially downloading a number of files (malicious Google Chrome attachments and Digmine miner). The program then stealthily install the malicious extensions and runs or re-runs Google Chrome (note that it only works if the user maintains the "Stay Logged In" feature). In addition, the script configures auto-run settings for Digminer, so it automatically runs on each system boot. The extension is used to continually spread the malicious zip file. Furthermore, Digmine misuses system resources to mine Monero cryptocurrency. All these actions are performed without users' consent. In addition, mining consumes many system resources, reducing response times to the point where the system becomes impossible to use, whilst other applications crash or do not even load. If your computer has been infected with this malware, immediately reset the Google Chrome browser (malicious extensions typically prevent users from removing installed plug-ins and, thus, resetting is the best option) and scan your system with a legitimate anti-virus suite. We also recommend that you read the article, cryptocurrency-mining viruses.
How did potentially unwanted programs install on my computer?
As mentioned above, Facebook viruses are often distributed via private messages or deceptive Facebook posts. Both typically contain links to malicious websites or scripts (stored on various servers). Many users click links, especially when they are sent or posted by close friends. Clicking links promoted by Facebook viruses exposes systems to risk of various infections and compromises users' privacy.
How to avoid installation of potentially unwanted applications?
To prevent this situation, be very cautious when opening pages promoted on Facebook. If a friend sends a private message or posts a suspicious link on your Facebook wall, you are strongly advised to demand confirmation if the link is legitimate. Message your friend to ensure that you only visit legitimate sites - if the friend does not respond, never click any promoted link. Note that these messages typically include a personal text or images (e.g., your profile picture). For example, it may say "Hey *user name*, is it really you?" together with a link leading to an unknown website. Criminals include this kind of text to make spam messages appear legitimate. You are also advised to use account-security tips given by Facebook Support. Keep your installed applications up-to-date and use a legitimate anti-virus/anti-spyware suite. The key to computer safety is caution.
List of examples of other Facebook viruses:
"Congratulations! Your profile has been selected by Facebook" Scam;
"Your page will be unpublished" Virus;
Facebook "Following Me" Scam;
Facebook "hahaha" Virus;
Facebook Automatic Wall Post Virus;
Facebook Change Color Virus;
Facebook Child Porn Virus;
Facebook French Tech Support Scam;
Facebook Friend Request Virus ;
Facebook Message Virus;
Facebook Money Scam;
Facebook Stalker Virus;
Facebook Suspension Virus;
Facebook Video Virus;
Invitation Facebook Virus;
Jayden K. Smith Scam;
Screenshots of deceptive posts promoting various Facebook viruses or scams:
- What is Facebook Virus?
- STEP 1. Uninstall deceptive applications using Control Panel.
- STEP 2. Remove adware from Internet Explorer.
- STEP 3. Remove rogue extensions from Google Chrome.
- STEP 4. Remove potentially unwanted plug-ins from Mozilla Firefox.
- STEP 5. Remove rogue extensions from Safari.
- STEP 6. Remove rogue plug-ins from Microsoft Edge.
Removal of potentially unwanted programs:
Windows 7 users:
Click Start (Windows Logo at the bottom left corner of your desktop), choose Control Panel. Locate Programs and click Uninstall a program.
Windows XP users:
Click Start, choose Settings and click Control Panel. Locate and click Add or Remove Programs.
Windows 10 and Windows 8 users:
Right-click in the lower left corner of the screen, in the Quick Access Menu select Control Panel. In the opened window choose Programs and Features.
Mac OSX users:
Click Finder, in the opened screen select Applications. Drag the app from the Applications folder to the Trash (located in your Dock), then right click the Trash icon and select Empty Trash.
In the uninstall programs window, look for any suspicious/recently-installed applications, select these entries and click "Uninstall" or "Remove".
After uninstalling the potentially unwanted program, scan your computer for any remaining unwanted components or possible malware infections. To scan your computer, use recommended malware removal software.
Download remover for Facebook malware
1) Download and install 2) Run system scan 3) Enjoy your clean computer!
Remove rogue extensions from Internet browsers:
Video showing how to remove potentially unwanted browser add-ons:
Remove malicious add-ons from Internet Explorer:
Click the "gear" icon (at the top right corner of Internet Explorer), select "Manage Add-ons". Look for any recently-installed suspicious browser extensions, select these entries and click "Remove".
If you continue to have problems with removal of the facebook malware, reset your Internet Explorer settings to default.
Windows XP users: Click Start, click Run, in the opened window type inetcpl.cpl In the opened window click the Advanced tab, then click Reset.
Windows Vista and Windows 7 users: Click the Windows logo, in the start search box type inetcpl.cpl and click enter. In the opened window click the Advanced tab, then click Reset.
Windows 8 users: Open Internet Explorer and click the gear icon. Select Internet Options.
In the opened window, select the Advanced tab.
Click the Reset button.
Confirm that you wish to reset Internet Explorer settings to default by clicking the Reset button.
Remove malicious extensions from Google Chrome:
Click the Chrome menu icon (at the top right corner of Google Chrome), select "More tools" and click "Extensions". Locate all recently-installed suspicious browser add-ons, select these entries and click the trash can icon.
If you continue to have problems with removal of the facebook malware, reset your Google Chrome browser settings. Click the Chrome menu icon (at the top right corner of Google Chrome) and select Settings. Scroll down to the bottom of the screen. Click the Advanced… link.
After scrolling to the bottom of the screen, click the Reset (Restore settings to their original defaults) button.
In the opened window, confirm that you wish to reset Google Chrome settings to default by clicking the Reset button.
Remove malicious plug-ins from Mozilla Firefox:
Click the Firefox menu (at the top right corner of the main window), select "Add-ons". Click on "Extensions", in the opened window, remove all recently-installed suspicious browser plug-ins.
Computer users who have problems with facebook malware removal can reset their Mozilla Firefox settings.
Open Mozilla Firefox, at the top right corner of the main window, click the Firefox menu, in the opened menu, click Help.
Select Troubleshooting Information.
In the opened window, click the Refresh Firefox button.
In the opened window, confirm that you wish to reset Mozilla Firefox settings to default by clicking the Refresh Firefox button.
Remove malicious extensions from Safari:
Make sure your Safari browser is active, click Safari menu, and select Preferences....
In the opened window click Extensions, locate any recently installed suspicious extension, select it and click Uninstall.
Make sure your Safari browser is active and click on Safari menu. From the drop down menu select Clear History and Website Data...
In the opened window select all history and click the Clear History button.
Remove malicious add-ons from Microsoft Edge:
Click the three horizontal dots icon (at the top right corner of Microsoft Edge), select "Extensions". Look for any recently-installed suspicious extensions, right click your mouse on these entries and click "Uninstall".
Click the three horizontal dots icon (at the top right corner of Microsoft Edge), and select Settings.
In the opened tab, click the "Choose what to clear" button.
Click Show more and select everything, and then click the "Clear" button.
- If this didn't help, please follow these alternative instructions explaining how to reset Microsoft Edge browser.
Commonly, adware or potentially unwanted applications infiltrate Internet browsers through free software downloads. Note that the safest source for downloading free software is via developers' websites only. To avoid installation of adware, be very attentive when downloading and installing free software. When installing previously-downloaded free programs, choose the custom or advanced installation options – this step will reveal any potentially unwanted applications listed for installation together with your chosen free program.
If you are experiencing problems while trying to remove facebook malware from your computer, please ask for assistance in our malware support forum.
Post a comment:
If you have additional information on facebook malware or it's removal please share your knowledge in the comments section below.