Facebook video virus scam strategy explained (2021 guide)
Facebook video virus Removal Guide
What is Facebook video virus?
Facebook video virus – a scam campaign tricking users into installing malware or questionable applications
Facebook video virus a group of fake video links that are being sent via Messenger or posted on News Feed.
Facebook video virus represents a variety of malware that can be acquired by clicking a fake video link on this popular social media platform. This campaign is related to Facebook virus and can also be used as means to make users disclose their login details or other sensitive information. Beware that there are numerous Facebook scams that can lead to identity theft or loss of huge amounts of money.
Facebook video virus is a term used to describe a wide group of cyber infections spreading on the world’s largest social network. Various variations of the malware are known for several years. However, in 2021, researchers reported about increased activity of:
- Private video Facebook virus
- Exclusive video Facebook virus
- Special Video Facebook virus
Summary of the cyber threat | |
---|---|
Name | Facebook video virus |
Family | Facebook virus |
Type | Malware |
Danger level | High. Might hack the Facebook account, steal credentials or identity, install malware on the computer or smartphone |
Targeted OS | Windows, Mac OS X, iOS, Android |
Affected browsers | Google Chrome, Mozilla Firefox, Safari |
Distribution | Malicious links sent via Messenger or posted on the News Feed, fake browser extensions |
Most popular versions |
|
There are numerous things to check to ensure that Facebook video virus removal is done completely. Change your Facebook password, run a full system scan with the anti-spyware software, and FortectIntego for fixing virus damage |
Despite several differences, all version of this cyber threat spread as a fake video link via Messenger or on the News Feed. Once clicked, it redirects to a malicious site where victims are asked to install a specific plugin which leads to the hijacked account and continues sending the same message automatically on behalf of the victim.[1]
This cyber threat is one of the versions of the Facebook virus and is closely related to Facebook Messenger virus[2] because malicious video links are usually being spread via this communication app. However, Facebook video virus might post obfuscated links on the News Feed too.
Typically, the malicious link is followed by a short message that includes these words:
- My video
- My first video
- Private video
- Exclusive video
- Special video
Cybercriminals usually use spoofed links that trick users that received link are from YouTube or other popular websites. However, after being clicked, this link redirects its victim to a malicious website seeking to infect a device. Usually, this site asks to install some Google Chrome or Mozilla Firefox extension or update. Once they do that, the virus hijacks the Facebook account and spreads the same malicious message to the victim’s friend list.
Users are warned to be careful with received messages and do not open any malicious link. However, if you already did it, you should remove Facebook video virus ASAP. No matter that malware spreads on a social network, once you clicked the link or installed a particular plugin, malicious components might be installed on your device.
Facebook video virus might affect all devices that run on Windows, macOS, iOS, and Android operating systems. Thus, if you have clicked on a malicious link and installed some component, make sure you do not open your Facebook account using another device. If you did so, please check it with anti-malware software as well.
Facebook video virus is a cyber threat that aims to trick users into installing malicious extensions or programs to their devices.
2019. The resurface of “Special” and “Exclusive” video viruses
First detected in August 2017, Facebook's special video virus came back in June 2019. This version of the virus spreads and acts similarly to other cyber threats that belong to this category. Users either receive a message from their Facebook contacts or get tagged in a post that includes a link to a “Special” or “Exclusive” video. Some variations of this hoax include the victim’s name and emoji.
Originally, the virus mostly attacks users in English; however, the Special Video Facebook virus “speaks” to the users via their local languages. Active distribution campaigns were reported in the Netherlands,[3] Spain,[4] Germany,[5] Lithuania,[6], and other European countries. When users click on the affected link, they are redirected to a malicious link, which might redirect to different websites based on the victim’s location, browser, operating system, or other details.
Mozilla Firefox users on both Mac and Windows operating systems are redirected to a website that asks to install Flash Player. However, instead of installing the program, users install adware or even malware on the PC.[7] Safari users might be redirected to the malicious website that asks to download the Flash Media Player download site. If Mac users click the “Install” button, they download the .dmg file directly to their computer, which is nothing else but adware.
Facebook video virus might also post malicious links on the News Feed.
Meanwhile, Chrome users are redirected to a fake YouTube website that requires installing a malicious extension called “GitHub Real Names,” “Dictionario,” and others. According to the recent data, this extension works as adware and tries to collect users' Facebook account information. When users install this malicious add-on, the virus hacks the account spread the same video message to the contact list.
Researchers reported that the Exclusive Video Facebook virus is actively spreading in Argentina.[8] The virus posts a compromised video link on Facebook News Feed on behalf of the hacked account and tags a dozen of people in the post.
The malicious link has the title “Exclusive Video” or “Special Video” and the picture of the victim. The link behind the post seems to redirect to storage.googleapis.com or a similar site, but in reality, it tricks users into visiting a compromised site. It looks similar to YouTube but asks to install Google Chrome extension in order to see the video. However, instead of installing a needed plugin, people download data-stealing malware that also floods the affected browser with ads.
Therefore, it’s crucial to get rid of the Facebook video virus immediately and change your passwords. We have provided instructions on how to uninstall malicious Chrome or Firefox extensions at the end of the article. It is reported that these nasty extensions cannot be deleted that easily.
Facebook video virus often delivers shocking or explicit video links.
Some versions of the Facebook video virus lead to the fake Ace Stream Web extension
One of the firsts versions of the Facebook video virus spread on the News Feed (former Timeline). It automatically shares new posts that are titled “My private video,” “My first video,” or “Private video.” Virus tags about 20 friends in the post, attempting to draw other Facebook users’ attention.
Although some researchers claim that all you need to do is remove suspicious browser extensions from the web browser, such an explanation is not precise enough. In fact, we have discovered that Facebook video malware shuts down the open browser tabs and opens a new window when the victim attempts to open “Extensions” settings.
Obviously, this virus tries to prevent the user from deleting the malicious browser extension. We have discovered that the browser extension related to this virus was Ace Stream Web Extension. However, before you can remove this extension, you must find and eliminate components related to this extension from your computer system. First of all, we recommend you open the Windows Task Manager (Control + Shift + Esc) and review all suspicious processes on the computer.
The computer that we have tested had an ace_engine.exe process running on it, which appeared to be responsible for the browser’s malfunction when trying to access the “Extensions” panel. However, that is not the end; we have also discovered that there was Ace Stream Media 3.1.0 installed on the system, which was also related to Facebook video virus.
After uninstalling this program and ending the ace_engine.exe process, you can finally access browser settings and delete Ace Stream Web Extension from the Extensions section. We must say that this virus can be related to other programs and browser extensions since the official version of Ace Stream is not a malicious program.
Cybercriminals often tend to corrupt legitimate programs by adding malicious components to them and spread them on the Internet. We also recommend you review and delete all suspicious FB applications that you have recently given permission to access your Facebook account.
Facebook video virus sends a link that redirects to a compromised website that asks to install a specific browser extension.
Spoofed links are actively used to generate Facebook users' clicks
In October 2017, security researcher Barak Tawily discovered a flaw that allows attackers to spoof links.[9] Facebook always scans the shared link and looks for the Open Graph meta tags that allow showing the title of the link, description, image, and URL. For this reason, Facebook checks “og:url,” “og:image,” and “og:title” tags and displays previously mentioned entries.
The problem might occur when attackers decide to replace one of these components even though pages do not have an editing feature since July 2017, when it was banned to reduce the amount of fake news and scams. However, the detected flaw still allows modifications. The issue is that Facebook does not check if the link in the “og:url” tag actually redirects to the particular website. Therefore, scammers can enter whatever domain they want and hide it under YouTube's or other popular video streaming website's name.
It didn't take long for the social media giant to disable this feature. However, cybercriminals are continuously working on new techniques to bypass Facebook's security and spread malicious content. Therefore, it's important to be cautious when using this social network and does not rush clicking any links.
Facebook video virus usually includes target's name in the message.
Tips to avoid Facebook video virus
The virus spreads so quickly because the majority of Facebook users fail to identify these posts and messages as deceptive and malicious content. You should never click on posts or links that your friends send to you if you have even the slightest suspicion that your friend would not share such content on Facebook.
Unfortunately, many computer users click on such content exactly because they cannot believe that their friend has shared such a post. Unfortunately, clicking on these malicious video links downloads malware into the computer that takes control over the victim’s Facebook account.
- To avoid Facebook video virus infiltration, you should not click on suspicious posts or links sent by your friends. If such content raises your suspicion, ask your friend whether he/she shared it by their choice.
- Another thing you should know is that videos shared on this social network (no matter if they are uploaded directly to the site or if they are shared via YouTube) play after you click on them. If, after clicking on a video, you are redirected to some suspicious website that asks you to provide permission to access your Facebook timeline or to download an application to your computer, most likely that Facebook post contained a malicious link.
- You may also install a virus along with other free programs. We strongly recommend avoiding downloading software from questionable file-sharing websites because you risk downloading a bundled software. Bundled software is basically a pack of programs, including one main program and several optional downloads that can be installed alongside the main program. These optional downloads usually appear to be dangerous applications, so it is advisable to opt them out. You can do that via Advanced/Custom installation settings.
Facebook video virus removal guide
To remove the Facebook video virus completely, you have to employ professional security software, such as SpyHunter 5Combo Cleaner. Malware might install or trick you into installing malicious files, browser extensions, or fake plugins to the computer and web browsers. Manual detection and elimination of these components might be complicated because the virus might block access to browser extensions or reinstall itself once you access your Facebook account. Nonetheless, if you would like to proceed with manual elimination, we provide all the relevant details below.
However, if you are still willing to remove the virus manually, you have to delete all suspicious components from the computer and web browsers. You should also reset the browsers in order to make sure that all malicious components were uninstalled entirely and then restore files affected by the virus to fix virus damage. This can be done with FortectIntego.
After Facebook video virus removal, you must reset the Facebook password. Besides, you should also change the passwords of other accounts. The malware is capable of tracking user's login data, so cybercriminals may have gotten access to other accounts as well.
Getting rid of Facebook video virus. Follow these steps
Uninstall from Windows
Instructions for Windows 10/8 machines:
- Enter Control Panel into Windows search box and hit Enter or click on the search result.
- Under Programs, select Uninstall a program.
- From the list, find the entry of the suspicious program.
- Right-click on the application and select Uninstall.
- If User Account Control shows up, click Yes.
- Wait till uninstallation process is complete and click OK.
If you are Windows 7/XP user, proceed with the following instructions:
- Click on Windows Start > Control Panel located on the right pane (if you are Windows XP user, click on Add/Remove Programs).
- In Control Panel, select Programs > Uninstall a program.
- Pick the unwanted application by clicking on it once.
- At the top, click Uninstall/Change.
- In the confirmation prompt, pick Yes.
- Click OK once the removal process is finished.
Delete from macOS
Remove items from Applications folder:
- From the menu bar, select Go > Applications.
- In the Applications folder, look for all related entries.
- Click on the app and drag it to Trash (or right-click and pick Move to Trash)
To fully remove an unwanted app, you need to access Application Support, LaunchAgents, and LaunchDaemons folders and delete relevant files:
- Select Go > Go to Folder.
- Enter /Library/Application Support and click Go or press Enter.
- In the Application Support folder, look for any dubious entries and then delete them.
- Now enter /Library/LaunchAgents and /Library/LaunchDaemons folders the same way and terminate all the related .plist files.
Uninstall from Android
Uninstall unwanted programs from Android device:
- Go to Settings -> Apps/Applications.
- Expand the full list of the installed apps.
- Scroll through the list and tap on a suspicious application once.
- Tap on it and select Uninstall.
- Reboot the device.
Clear Storage and data files on Android from Google Chrome or other apps:
- Go to Settings > Apps/Applications.
- Expand the full list of the installed apps.
- Tap on Chrome and select Storage & cache.
- Clear storage and clear cache of the app.
If you are seeing ads on top of other apps but are not sure what is causing it, perform the following steps:
- Go to Apps/Applications.
- Tap Advanced.
- Select Special App access.
- Tap on Display over other apps.
- Eliminate apps with these access rights enabled.
Remove from Microsoft Edge
Delete unwanted extensions from MS Edge:
- Select Menu (three horizontal dots at the top-right of the browser window) and pick Extensions.
- From the list, pick the extension and click on the Gear icon.
- Click on Uninstall at the bottom.
Clear cookies and other browser data:
- Click on the Menu (three horizontal dots at the top-right of the browser window) and select Privacy & security.
- Under Clear browsing data, pick Choose what to clear.
- Select everything (apart from passwords, although you might want to include Media licenses as well, if applicable) and click on Clear.
Restore new tab and homepage settings:
- Click the menu icon and choose Settings.
- Then find On startup section.
- Click Disable if you found any suspicious domain.
Reset MS Edge if the above steps did not work:
- Press on Ctrl + Shift + Esc to open Task Manager.
- Click on More details arrow at the bottom of the window.
- Select Details tab.
- Now scroll down and locate every entry with Microsoft Edge name in it. Right-click on each of them and select End Task to stop MS Edge from running.
If this solution failed to help you, you need to use an advanced Edge reset method. Note that you need to backup your data before proceeding.
- Find the following folder on your computer: C:\\Users\\%username%\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe.
- Press Ctrl + A on your keyboard to select all folders.
- Right-click on them and pick Delete
- Now right-click on the Start button and pick Windows PowerShell (Admin).
- When the new window opens, copy and paste the following command, and then press Enter:
Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register “$($_.InstallLocation)\\AppXManifest.xml” -Verbose
Instructions for Chromium-based Edge
Delete extensions from MS Edge (Chromium):
- Open Edge and click select Settings > Extensions.
- Delete unwanted extensions by clicking Remove.
Clear cache and site data:
- Click on Menu and go to Settings.
- Select Privacy, search and services.
- Under Clear browsing data, pick Choose what to clear.
- Under Time range, pick All time.
- Select Clear now.
Reset Chromium-based MS Edge:
- Click on Menu and select Settings.
- On the left side, pick Reset settings.
- Select Restore settings to their default values.
- Confirm with Reset.
Remove from Mozilla Firefox (FF)
Remove dangerous extensions:
- Open Mozilla Firefox browser and click on the Menu (three horizontal lines at the top-right of the window).
- Select Add-ons.
- In here, select unwanted plugin and click Remove.
Reset the homepage:
- Click three horizontal lines at the top right corner to open the menu.
- Choose Options.
- Under Home options, enter your preferred site that will open every time you newly open the Mozilla Firefox.
Clear cookies and site data:
- Click Menu and pick Settings.
- Go to Privacy & Security section.
- Scroll down to locate Cookies and Site Data.
- Click on Clear Data…
- Select Cookies and Site Data, as well as Cached Web Content and press Clear.
Reset Mozilla Firefox
If clearing the browser as explained above did not help, reset Mozilla Firefox:
- Open Mozilla Firefox browser and click the Menu.
- Go to Help and then choose Troubleshooting Information.
- Under Give Firefox a tune up section, click on Refresh Firefox…
- Once the pop-up shows up, confirm the action by pressing on Refresh Firefox.
Remove from Google Chrome
Delete malicious extensions from Google Chrome:
- Open Google Chrome, click on the Menu (three vertical dots at the top-right corner) and select More tools > Extensions.
- In the newly opened window, you will see all the installed extensions. Uninstall all the suspicious plugins that might be related to the unwanted program by clicking Remove.
Clear cache and web data from Chrome:
- Click on Menu and pick Settings.
- Under Privacy and security, select Clear browsing data.
- Select Browsing history, Cookies and other site data, as well as Cached images and files.
- Click Clear data.
Change your homepage:
- Click menu and choose Settings.
- Look for a suspicious site in the On startup section.
- Click on Open a specific or set of pages and click on three dots to find the Remove option.
Reset Google Chrome:
If the previous methods did not help you, reset Google Chrome to eliminate all the unwanted components:
- Click on Menu and select Settings.
- In the Settings, scroll down and click Advanced.
- Scroll down and locate Reset and clean up section.
- Now click Restore settings to their original defaults.
- Confirm with Reset settings.
Delete from Safari
Remove unwanted extensions from Safari:
- Click Safari > Preferences…
- In the new window, pick Extensions.
- Select the unwanted extension and select Uninstall.
Clear cookies and other website data from Safari:
- Click Safari > Clear History…
- From the drop-down menu under Clear, pick all history.
- Confirm with Clear History.
Reset Safari if the above-mentioned steps did not help you:
- Click Safari > Preferences…
- Go to Advanced tab.
- Tick the Show Develop menu in menu bar.
- From the menu bar, click Develop, and then select Empty Caches.
Scan your system with anti-malware
If you are a victim of ransomware, you should employ anti-malware software for its removal. Some ransomware can self-destruct after the file encryption process is finished. Even in such cases, malware might leave various data-stealing modules or could operate in conjunction with other malicious programs on your device.
SpyHunter 5Combo Cleaner or Malwarebytes can detect and eliminate all ransomware-related files, additional modules, along with other viruses that could be hiding on your system. The security software is really easy to use and does not require any prior IT knowledge to succeed in the malware removal process.
Repair damaged system components
Once a computer is infected with malware, its system is changed to operate differently. For example, an infection can alter the Windows registry database, damage vital bootup and other sections, delete or corrupt DLL files, etc. Once a system file is damaged by malware, antivirus software is not capable of doing anything about it, leaving it just the way it is. Consequently, users might experience performance, stability, and usability issues, to the point where a full Windows reinstall is required.
Therefore, we highly recommend using a one-of-a-kind, patented technology of FortectIntego repair. Not only can it fix virus damage after the infection, but it is also capable of removing malware that has already broken into the system thanks to several engines used by the program. Besides, the application is also capable of fixing various Windows-related issues that are not caused by malware infections, for example, Blue Screen errors, freezes, registry errors, damaged DLLs, etc.
- Download the application by clicking on the link above
- Click on the ReimageRepair.exe
- If User Account Control (UAC) shows up, select Yes
- Press Install and wait till the program finishes the installation process
- The analysis of your machine will begin immediately
- Once complete, check the results – they will be listed in the Summary
- You can now click on each of the issues and fix them manually
- If you see many problems that you find difficult to fix, we recommend you purchase the license and fix them automatically.
By employing FortectIntego, you would not have to worry about future computer issues, as most of them could be fixed quickly by performing a full system scan at any time. Most importantly, you could avoid the tedious process of Windows reinstallation in case things go very wrong due to one reason or another.
Manual removal using Safe Mode
Important! →
Manual removal guide might be too complicated for regular computer users. It requires advanced IT knowledge to be performed correctly (if vital system files are removed or damaged, it might result in full Windows compromise), and it also might take hours to complete. Therefore, we highly advise using the automatic method provided above instead.
Step 1. Access Safe Mode with Networking
Manual malware removal should be best performed in the Safe Mode environment.
Windows 7 / Vista / XP
- Click Start > Shutdown > Restart > OK.
- When your computer becomes active, start pressing F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
- Select Safe Mode with Networking from the list.
Windows 10 / Windows 8
- Right-click on Start button and select Settings.
- Scroll down to pick Update & Security.
- On the left side of the window, pick Recovery.
- Now scroll down to find Advanced Startup section.
- Click Restart now.
- Select Troubleshoot.
- Go to Advanced options.
- Select Startup Settings.
- Press Restart.
- Now press 5 or click 5) Enable Safe Mode with Networking.
Step 2. Shut down suspicious processes
Windows Task Manager is a useful tool that shows all the processes running in the background. If malware is running a process, you need to shut it down:
- Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
- Click on More details.
- Scroll down to Background processes section, and look for anything suspicious.
- Right-click and select Open file location.
- Go back to the process, right-click and pick End Task.
- Delete the contents of the malicious folder.
Step 3. Check program Startup
- Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
- Go to Startup tab.
- Right-click on the suspicious program and pick Disable.
Step 4. Delete virus files
Malware-related files can be found in various places within your computer. Here are instructions that could help you find them:
- Type in Disk Cleanup in Windows search and press Enter.
- Select the drive you want to clean (C: is your main drive by default and is likely to be the one that has malicious files in).
- Scroll through the Files to delete list and select the following:
Temporary Internet Files
Downloads
Recycle Bin
Temporary files - Pick Clean up system files.
- You can also look for other malicious files hidden in the following folders (type these entries in Windows Search and press Enter):
%AppData%
%LocalAppData%
%ProgramData%
%WinDir%
After you are finished, reboot the PC in normal mode.
How to prevent from getting malware
Stream videos without limitations, no matter where you are
There are multiple parties that could find out almost anything about you by checking your online activity. While this is highly unlikely, advertisers and tech companies are constantly tracking you online. The first step to privacy should be a secure browser that focuses on tracker reduction to a minimum.
Even if you employ a secure browser, you will not be able to access websites that are restricted due to local government laws or other reasons. In other words, you may not be able to stream Disney+ or US-based Netflix in some countries. To bypass these restrictions, you can employ a powerful Private Internet Access VPN, which provides dedicated servers for torrenting and streaming, not slowing you down in the process.
Data backups are important – recover your lost files
Ransomware is one of the biggest threats to personal data. Once it is executed on a machine, it launches a sophisticated encryption algorithm that locks all your files, although it does not destroy them. The most common misconception is that anti-malware software can return files to their previous states. This is not true, however, and data remains locked after the malicious payload is deleted.
While regular data backups are the only secure method to recover your files after a ransomware attack, tools such as Data Recovery Pro can also be effective and restore at least some of your lost data.
- ^ Zara Whelan. Facebook users warned as messenger video virus spreads across North Wales. Daily Post. Latest North Wales News, Sport, What's on and Business.
- ^ Lee Bell. A Trojan is circulating through Facebook Messenger. TheINQUIRER. News, Reviews and Opinion for Tech Buffs.
- ^ Dorien Vervoort. Zo geraak je van een Facebook-virus af. TechPulse. Elke dag de vinger aan de pols van de technologiewereld.
- ^ Virus en Facebook: ten cuidado con el video que llega a tu bandeja de mensajes. Diario Correo. Spanish news website.
- ^ Achtung! Dieser fiese Facebook-Virus verbreitet sich gerade massenhaft. Express. Aktuelle Nachrichten aus Köln, der Welt sowie Neues vom Sport und der Welt der Promis.
- ^ Linas Kiguolis. Facebook video virusas. Kaip pašalinti? (Pašalinimo instrukcijos). Virusai. Security news from Lithuania.
- ^ David Jacoby. New multi platform malware/adware spreading via Facebook Messenger. Securelist. Information about viruses, hackers and spam.
- ^ "Exclusive Video", el peligroso virus de Facebook que también circula por Tucumán. El tucumano. Argentinian news website.
- ^ Mohit Kumar. Wait, Do You Really Think That’s A YouTube URL? Spoofing Links On Facebook. The Hacker News. Cyber security and hacking news.