Facebook Virus

Also Known As: Facebook malware
Type: Adware
Distribution: Low
Damage level: Medium

Facebook Virus removal instructions

What is Facebook Virus?

Facebook Virus is a generic name for all Facebook social network-related viruses. The list of Facebook-related malware is rather long. These viruses are typically proliferated via Facebook messenger - criminals hijack random user accounts and proliferate viruses via private messages. Note that the behavior of these viruses is not identical.

Facebook Virus adware

As mentioned above, extensive malware is distributed via the Facebook social network. Although behavior differs, most of this malware has at least one thing in common: it typically records sensitive data (keystrokes, logins/passwords, etc.) We also stated that these viruses are typically proliferated using random user accounts. Cyber criminals design malicious scripts to hijack Facebook accounts and send various links to all contacts. In most cases, these links appear legitimate, since criminals also insert text and emojis to make the messages more believable and friendly. In fact, after clicking these links, users' friends often visit malicious websites or execute other scripts that infect their computers and web browsers. In some cases, users are redirected to fraudulent sites that offer "fantastic deals", however, criminals employ these sites only to to extort money from unsuspecting users and/or steal confidential information. In addition, some Facebook viruses are distributed using posts on Facebook walls. Hijacked Facebook accounts post deceptive posts on their (or friends') timelines, however, as with private messages, these posts also contain links to malicious sites. The result is identical.

An older, popular example of a Facebook virus is "Ryanair Scam". First released in 2016, the scam model is simple: users receive a message stating that the Ryanair airline is celebrating its 35th birthday and, therefore, users can supposedly win tickets for two free flights. This company was founded in 1994 and, thus, at time of the "Raynair Scam" release, the airline was 32-years-old. The post contains a fake boarding pass with the Ryanair logo and redirects to a variety of other malicious sites that encourage users to fill in forms requiring personal details. Unsuspecting users are often tricked and actually provide this information, thereby putting their privacy at risk - cyber criminals can easily misuse personal data (e.g., banking information, etc.) with the intention of generating revenue.

Another popular Facebook virus is called "Ray Ban Scam". Criminals proliferate private messages with malicious links that promote dubious websites that supposedly sell Ray Ban eye-wear at very low prices, however, after submitting payment, users receive nothing in return and lose their money. In most cases, users infected with this virus have a type of 'keygen' (which gathers various passwords and sends them to cyber criminals' servers) installed on their computers. This malware also employs hijacked accounts to promote these websites (for example, it creates events, chat groups, posts deals on the timeline, and tags victims' friends, etc.) In the case of such an infection, immediately change your account passwords and cancel all submitted payments/transactions.

First noticed in South Korea, the most recent (and probably, most sophisticated) Facebook Virus is designed to infect computers with cryptocurrency-mining malware called Digmine. The malware, however, is now considered to be a worldwide problem. Cyber criminals spread Digmine via private messages. It only targets users using the Google Chrome web browser or Messenger desktop applications (users with mobile devices cannot be infected). Criminals hijack user accounts and send a message to all contacts. The message contains a "video_[random_digits].zip" file (e.g., "video_5833.zip"). Other users are typically tricked into believing that it is a compressed video file, however, it is a malicious executable that, once opened, connects to developers' Command and Control (C&C) server and starts the infection chain, essentially downloading a number of files (malicious Google Chrome attachments and Digmine miner). The program then stealthily install the malicious extensions and runs or re-runs Google Chrome (note that it only works if the user maintains the "Stay Logged In" feature). In addition, the script configures auto-run settings for Digminer, so it automatically runs on each system boot. The extension is used to continually spread the malicious zip file. Furthermore, Digmine misuses system resources to mine Monero cryptocurrency. All these actions are performed without users' consent. In addition, mining consumes many system resources, reducing response times to the point where the system becomes impossible to use, whilst other applications crash or do not even load. If your computer has been infected with this malware, immediately reset the Google Chrome browser (malicious extensions typically prevent users from removing installed plug-ins and, thus, resetting is the best option) and scan your system with a legitimate anti-virus suite. We also recommend that you read the article, cryptocurrency-mining viruses.

How did potentially unwanted programs install on my computer?

As mentioned above, Facebook viruses are often distributed via private messages or deceptive Facebook posts. Both typically contain links to malicious websites or scripts (stored on various servers). Many users click links, especially when they are sent or posted by close friends. Clicking links promoted by Facebook viruses exposes systems to risk of various infections and compromises users' privacy.

How to avoid installation of potentially unwanted applications?

To prevent this situation, be very cautious when opening pages promoted on Facebook. If a friend sends a private message or posts a suspicious link on your Facebook wall, you are strongly advised to demand confirmation if the link is legitimate. Message your friend to ensure that you only visit legitimate sites - if the friend does not respond, never click any promoted link. Note that these messages typically include a personal text or images (e.g., your profile picture). For example, it may say "Hey *user name*, is it really you?" together with a link leading to an unknown website. Criminals include this kind of text to make spam messages appear legitimate. You are also advised to use account-security tips given by Facebook Support. Keep your installed applications up-to-date and use a legitimate anti-virus/anti-spyware suite. The key to computer safety is caution.

List of examples of other Facebook viruses:

"Congratulations! Your profile has been selected by Facebook" Scam;
"Your page will be unpublished" Virus;
Facebook "Following Me" Scam;
Facebook "hahaha" Virus;
Facebook Automatic Wall Post Virus;
Facebook Change Color Virus;
Facebook Child Porn Virus;
Facebook French Tech Support Scam;
Facebook Friend Request Virus ;
Facebook Message Virus;
Facebook Money Scam;
Facebook Stalker Virus;
Facebook Suspension Virus;
Facebook Video Virus;
Faceliker Virus;
Invitation Facebook Virus;
Jayden K. Smith Scam;

Screenshots of deceptive posts promoting various Facebook viruses or scams:

Facebook Virus scam (sample 1) Facebook Virus scam (sample 2) Facebook Virus scam (sample 3) Facebook Virus scam (sample 4)

Instant automatic removal of Facebook malware: Manual threat removal might be a lengthy and complicated process that requires advanced computer skills. Reimage Repair is a professional automatic malware removal tool that is recommended to get rid of Facebook malware. Download it by clicking the button below:
▼ DOWNLOAD Reimage Repair By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. Free scanner checks if your computer is infected. To remove malware, you have to purchase the full version of Reimage Repair.

Quick menu:

Removal of potentially unwanted programs:

Windows 7 users:

Accessing Programs and Features (uninstall) in Windows 7

Click Start (Windows Logo at the bottom left corner of your desktop), choose Control Panel. Locate Programs and click Uninstall a program.

Windows XP users:

Accessing Add or Remove Programs in Windows XP

Click Start, choose Settings and click Control Panel. Locate and click Add or Remove Programs.

Windows 10 and Windows 8 users:

Accessing Programs and Features (uninstall) in Windows 8

Right-click in the lower left corner of the screen, in the Quick Access Menu select Control Panel. In the opened window choose Programs and Features.

Mac OSX users:

Uninstall app in OSX (Mac)

Click Finder, in the opened screen select Applications. Drag the app from the Applications folder to the Trash (located in your Dock), then right click the Trash icon and select Empty Trash.

Facebook Virus adware uninstall via Control Panel

In the uninstall programs window, look for any suspicious/recently-installed applications, select these entries and click "Uninstall" or "Remove".

After uninstalling the potentially unwanted program, scan your computer for any remaining unwanted components or possible malware infections. To scan your computer, use recommended malware removal software.

Remove rogue extensions from Internet browsers:

Video showing how to remove potentially unwanted browser add-ons:

Internet Explorer logoRemove malicious add-ons from Internet Explorer:

Removing Facebook Virus ads from Internet Explorer step 1

Click the "gear" icon Internet Explorer options icon (at the top right corner of Internet Explorer), select "Manage Add-ons". Look for any recently-installed suspicious browser extensions, select these entries and click "Remove".

Removing Facebook Virus ads from Internet Explorer step 2

Optional method:

If you continue to have problems with removal of the facebook malware, reset your Internet Explorer settings to default.

Windows XP users: Click Start, click Run, in the opened window type inetcpl.cpl In the opened window click the Advanced tab, then click Reset.

Resetting Internet Explorer settings to default on Windows XP

Windows Vista and Windows 7 users: Click the Windows logo, in the start search box type inetcpl.cpl and click enter. In the opened window click the Advanced tab, then click Reset.

Resetting Internet Explorer settings to default on Windows 7

Windows 8 users: Open Internet Explorer and click the gear icon. Select Internet Options.

Reseting Internet Explorer settings to default in Windows 8 - accessing

In the opened window, select the Advanced tab.

Resetting Internet Explorer settings to default on Windows 8 - Internet options advanced tab

Click the Reset button.

Resetting Internet Explorer settings to default on Windows 8 - click the Reset button in the Internet options advanced tab

Confirm that you wish to reset Internet Explorer settings to default by clicking the Reset button.

Resetting Internet Explorer settings to default on Windows 8 - confirm settings reset to default by clicking the reset button

Google Chrome logoRemove malicious extensions from Google Chrome:

Removing Facebook Virus  ads from Google Chrome step 1

Click the Chrome menu icon Google Chrome menu icon (at the top right corner of Google Chrome), select "More tools" and click "Extensions". Locate all recently-installed suspicious browser add-ons, select these entries and click the trash can icon.

Removing Facebook Virus ads from Google Chrome step 2

Optional method:

If you continue to have problems with removal of the facebook malware, reset your Google Chrome browser settings. Click the Chrome menu icon Google Chrome menu icon (at the top right corner of Google Chrome) and select Settings. Scroll down to the bottom of the screen. Click the Advanced… link.

Google Chrome settings reset step 1

After scrolling to the bottom of the screen, click the Reset (Restore settings to their original defaults) button.

Google Chrome settings reset step 2

In the opened window, confirm that you wish to reset Google Chrome settings to default by clicking the Reset button.

Google Chrome settings reset step 3

Mozilla Firefox logoRemove malicious plug-ins from Mozilla Firefox:

Removing Facebook Virus ads from Mozilla Firefox step 1

Click the Firefox menu firefox menu icon (at the top right corner of the main window), select "Add-ons". Click on "Extensions", in the opened window, remove all recently-installed suspicious browser plug-ins.

Removing Facebook Virus ads from Mozilla Firefox step 2

Optional method:

Computer users who have problems with facebook malware removal can reset their Mozilla Firefox settings.

Open Mozilla Firefox, at the top right corner of the main window, click the Firefox menu, firefox menu icon in the opened menu, click Help.

Accessing settings (Reset Firefox to default settings step 1)

Select Troubleshooting Information.

Accessing Troubleshooting Information (Reset Firefox to default settings step 2)

In the opened window, click the Refresh Firefox button.

Clicking on Refresh Firefox button (Reset Firefox to default settings step 3)

In the opened window, confirm that you wish to reset Mozilla Firefox settings to default by clicking the Refresh Firefox button.

Confirm your want to reset Firefox settings to default (Reset Firefox to default settings step 4)

safari browser logoRemove malicious extensions from Safari:

removing adware from safari step 1 - accessing preferences

Make sure your Safari browser is active, click Safari menu, and select Preferences....

removing adware from safari step 2 - removing extensions

In the opened window click Extensions, locate any recently installed suspicious extension, select it and click Uninstall.

Optional method:

Make sure your Safari browser is active and click on Safari menu. From the drop down menu select Clear History and Website Data...

resetting safari step 1

In the opened window select all history and click the Clear History button.

resetting safari step 2

Microsoft Edge logoRemove malicious add-ons from Microsoft Edge:

Removing browser hijackers from Microsoft Edge step 1

Click the three horizontal dots icon edge more icon (at the top right corner of Microsoft Edge), select "Extensions". Look for any recently-installed suspicious extensions, right click your mouse on these entries and click "Uninstall".

Removing browser hijackers from Microsoft Edge step 2

Optional method:

Click the three horizontal dots icon edge more icon (at the top right corner of Microsoft Edge), and select Settings.

Resetting Microsoft Edge settings step 1

In the opened tab, click the "Choose what to clear" button.

Resetting Microsoft Edge settings step 2

Click Show more and select everything, and then click the "Clear" button.

Resetting Microsoft Edge settings step 3

  • If this didn't help, please follow these alternative instructions explaining how to reset Microsoft Edge browser.

Summary:

declining installation of adware while downloading free software sampleCommonly, adware or potentially unwanted applications infiltrate Internet browsers through free software downloads. Note that the safest source for downloading free software is via developers' websites only. To avoid installation of adware, be very attentive when downloading and installing free software. When installing previously-downloaded free programs, choose the custom or advanced installation options – this step will reveal any potentially unwanted applications listed for installation together with your chosen free program.

Removal assistance:
If you are experiencing problems while trying to remove facebook malware from your computer, please ask for assistance in our malware support forum.

Post a comment:
If you have additional information on facebook malware or it's removal please share your knowledge in the comments section below.