Facebook “hahaha” virus (Virus Removal Instructions) - Feb 2020 update
Facebook “hahaha” virus Removal Guide
What is Facebook “hahaha” virus?
Facebook “hahaha” virus is an attempt to scam users into downloading malicious software
Facebook “hahaha” virus is a social engineering[1] attack and a spam campaign aimed at users who frequent this social network. In most cases, a phishing message is delivered via the Messenger application, although it often comes from victims' friends or friends of friends accounts, which makes the scam so much more believable. The PM includes the “hahaha” phase and a link that allegedly would lead users to a video about them. Unfortunately, once the link is clicked, the Facebook “hahaha” virus will continue sending spam to target's friends, and might even result in more serious malware infections.
| Name | Facebook “hahaha” virus |
| Type | Account hijacking, malware, scam |
| Distribution | Malicious messages with embedded links come via Facebook's Messenger app |
| Symptoms | Spam is being sent from your Facebook account to friends and friends of friends; malware infection symptoms vary and highly depend on the infection type (from an increased amount of ads encountered online to severe computer slowdowns and system crashes) |
| Dangers | Sensitive information disclosure to cybercriminals (privacy issues), identity theft, other malware infections, money loss, etc. |
| Downloaded files | Pictr_357.Zip, Copy_0027.Zip, Image0905.Zip |
| Termination | If you have been affected by Facebook “hahaha” virus, you should immediately change the password of your Facebook account and perform a full system scan with anti-malware software |
| System fix | Malware infections might seriously damage Windows operating systems |
The “hahaha” virus is one of many Facebook virus versions that seeks to infect users' computers with malware, extort sensitive information, use their machine for spam, open a backdoor, or gain access to their Facebook account to spread the threat further. Facebook “hahaha” virus removal highly depends on what the malicious link was programmed to do. For example, in some cases, changing a Facebook account password would suffice, while malware infection should be terminated with security software.
Besides hijacking the victim's account, Facebook “hahaha” virus might also direct users to malicious websites where an automatic download of files like Pictr_357.Zip, Copy_0027.Zip, Image0905.Zip, or similar ones, might be initiated. If launched, these could result in severe malware infections, decrease the system's defenses, etc.
Both Facebook and Messenger are popular platforms used by millions of people, which makes it a perfect target for cybercriminals. Social engineering is that makes it easier for them to make users click on malicious links, as the Facebook “hahaha” virus message is meant to spark curiosity – users believe that there is actually a video about them that might be potentially incriminating or shameful.
Here are some Facebook “hahaha” virus examples of messages delivered to users:
Hi (Name),
(Person's name) commented on your status.
(Person) wrote: “hahahaha (Person's Name) i can not belieeve whaaat you did in thisss videeooo its so embarrassing its all over face book!!!!!
Cooopyy and Paasteee the link below in to your web browserr to seeeee , it's ********!!!
Remove the Spaacess —> www. funreelvids. in”
Omg hahah have you seen this photo u got tagged in LOL —>
As soon as any of the previously mentioned .Zip files are downloaded, and the .Jar file is launched, this malware starts its activity. Several malware types could be associated with Facebook “hahaha” virus, including:
- Cryptojackers – these parasites are designed to suck up your CPU and/or GPU in order to mine cryptocurrency for malicious actors and deliver the funds directly into their crypto-wallets;
- RATs (Remote Access Trojans) – these malicious programs allow the attackers to gain remote access of your machine;
- Backdoors serve as a link between malicious servers and the host machine – they are often used to proliferate other malware or include the computer into a massive botnet;
- Redirect viruses can intercept the HTTP traffic and links users to potentially malicious sites, generating profits for cybercriminals in the meantime;
- Info-stealers can be used to track every keyboard press made by the victim and also read sensitive information on sites like online banking.
It is believed that Facebook “hahaha” virus is mostly used for Bitcoin mining. However, it can be involved in other dangerous activities as well, as mentioned above. If you noticed that your computer speed decreased and your Facebook account started sending “hahaha” or similar messages to your friends, your PC is infected with this serious malware.
To remove Facebook “hahaha” virus, immediately scan your machine with reputable anti-malware software, reset the installed web browsers, change your Facebook password, and use ReimageIntego to fix the damage done by malware.
Facebook “hahaha” virus infection methods
As we have already mentioned, Facebook “hahaha” virus is spread via “hahaha” messages that are sent via Facebook's private messaging. In most of the cases, it looks like they belong to your friends, so there is no surprise why this malware has been successfully spreading around. If you click on this fake message, you are involuntarily involved in the distribution of Facebook “hahaha” virus, and your friends can also be infected no matter which OS, Windows, or Mac, they use.
In addition to that, your computer is turned into a bitcoin mining machine and used for other dangerous activities. Please, avoid such fake messages, no matter how trustworthy or tempting they look. If you have already clicked on its attachment, you should check your PC for Facebook “hahaha” virus. Read the following paragraph to get more info about that.
Facebook “hahaha” virus removal instructions
First of all, if you click on the malicious Facebook “hahaha” link, you should immediately take action to secure your account. However, before that, you need to ensure that, by clicking on the link, you did not installed malware on your computer. For that, we suggest you scan it with powerful and up-to-date software like SpyHunter 5Combo Cleaner or Malwarebytes – these tools should be able to detect and eliminate all types of malware, including RATs, Backdoors, Cryptojackers, and others. Note that some viruses might disable your security tools – access Safe Mode with Networking, as explained below.
In case you do not remove Facebook “hahaha” virus on time, you might face severe consequences, such as system slowdowns, money loss, or even identity theft.
After Facebook “hahaha” virus removal, you should change your Facebook password immediately, as malicious actors can keep using your social media account for many other malicious purposes. If you had a credit card linked to your account, they could misuse it to steal money from you. To change your Facebook password, follow these instructions:
- Login to your Facebook account
- Click on the arrow at the top-right of the window
- Select Settings
- Pick Security and Login on the left
- On the right side, locate Change password and click Edit
- Type in the current password and a new one (use alphanumeric characters for complexity)
- Click Save Changes
Getting rid of Facebook “hahaha” virus. Follow these steps
Manual removal using Safe Mode
In case malware interferes with your security software, access Safe Mode with Networking:
Important! →
Manual removal guide might be too complicated for regular computer users. It requires advanced IT knowledge to be performed correctly (if vital system files are removed or damaged, it might result in full Windows compromise), and it also might take hours to complete. Therefore, we highly advise using the automatic method provided above instead.
Step 1. Access Safe Mode with Networking
Manual malware removal should be best performed in the Safe Mode environment.
Windows 7 / Vista / XP
- Click Start > Shutdown > Restart > OK.
- When your computer becomes active, start pressing F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
- Select Safe Mode with Networking from the list.
Windows 10 / Windows 8
- Right-click on Start button and select Settings.
- Scroll down to pick Update & Security.
- On the left side of the window, pick Recovery.
- Now scroll down to find Advanced Startup section.
- Click Restart now.
- Select Troubleshoot.
- Go to Advanced options.
- Select Startup Settings.
- Press Restart.
- Now press 5 or click 5) Enable Safe Mode with Networking.
Step 2. Shut down suspicious processes
Windows Task Manager is a useful tool that shows all the processes running in the background. If malware is running a process, you need to shut it down:
- Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
- Click on More details.
- Scroll down to Background processes section, and look for anything suspicious.
- Right-click and select Open file location.
- Go back to the process, right-click and pick End Task.
- Delete the contents of the malicious folder.
Step 3. Check program Startup
- Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
- Go to Startup tab.
- Right-click on the suspicious program and pick Disable.
Step 4. Delete virus files
Malware-related files can be found in various places within your computer. Here are instructions that could help you find them:
- Type in Disk Cleanup in Windows search and press Enter.
- Select the drive you want to clean (C: is your main drive by default and is likely to be the one that has malicious files in).
- Scroll through the Files to delete list and select the following:
Temporary Internet Files
Downloads
Recycle Bin
Temporary files - Pick Clean up system files.
- You can also look for other malicious files hidden in the following folders (type these entries in Windows Search and press Enter):
%AppData%
%LocalAppData%
%ProgramData%
%WinDir%
After you are finished, reboot the PC in normal mode.
Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Facebook “hahaha” and other ransomwares, use a reputable anti-spyware, such as ReimageIntego, SpyHunter 5Combo Cleaner or Malwarebytes
How to prevent from getting malware
Access your website securely from any location
When you work on the domain, site, blog, or different project that requires constant management, content creation, or coding, you may need to connect to the server and content management service more often. The best solution for creating a tighter network could be a dedicated/fixed IP address.
If you make your IP address static and set to your device, you can connect to the CMS from any location and do not create any additional issues for the server or network manager that needs to monitor connections and activities. VPN software providers like Private Internet Access can help you with such settings and offer the option to control the online reputation and manage projects easily from any part of the world.
Recover files after data-affecting malware attacks
While much of the data can be accidentally deleted due to various reasons, malware is one of the main culprits that can cause loss of pictures, documents, videos, and other important files. More serious malware infections lead to significant data loss when your documents, system files, and images get encrypted. In particular, ransomware is is a type of malware that focuses on such functions, so your files become useless without an ability to access them.
Even though there is little to no possibility to recover after file-locking threats, some applications have features for data recovery in the system. In some cases, Data Recovery Pro can also help to recover at least some portion of your data after data-locking virus infection or general cyber infection.
If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.
- ^ What is Social Engineering?. Webroot. Security blog.