Facebook video virus scam strategy explained (2021 guide)

Facebook video virus Removal Guide

What is Facebook video virus?

Facebook video virus – a scam campaign tricking users into installing malware or questionable applications

Facebook video virusFacebook video virus a group of fake video links that are being sent via Messenger or posted on News Feed.

Facebook video virus represents a variety of malware that can be acquired by clicking a fake video link on this popular social media platform. This campaign is related to Facebook virus and can also be used as means to make users disclose their login details or other sensitive information. Beware that there are numerous Facebook scams that can lead to identity theft or loss of huge amounts of money.

Facebook video virus is a term used to describe a wide group of cyber infections spreading on the world’s largest social network. Various variations of the malware are known for several years. However, in 2021, researchers reported about increased activity of:

  • Private video Facebook virus
  • Exclusive video Facebook virus
  • Special Video Facebook virus
Summary of the cyber threat
Name Facebook video virus
Family Facebook virus
Type Malware
Danger level High. Might hack the Facebook account, steal credentials or identity, install malware on the computer or smartphone
Targeted OS Windows, Mac OS X, iOS, Android
Affected browsers Google Chrome, Mozilla Firefox, Safari
Distribution Malicious links sent via Messenger or posted on the News Feed, fake browser extensions
Most popular versions
  • Private video Facebook virus
  • Exclusive video Facebook virus
  • Special video Facebook virus
There are numerous things to check to ensure that Facebook video virus removal is done completely. Change your Facebook password, run a full system scan with the anti-spyware software, and ReimageIntego for fixing virus damage

Despite several differences, all version of this cyber threat spread as a fake video link via Messenger or on the News Feed. Once clicked, it redirects to a malicious site where victims are asked to install a specific plugin which leads to the hijacked account and continues sending the same message automatically on behalf of the victim.[1]

This cyber threat is one of the versions of the Facebook virus and is closely related to Facebook Messenger virus[2] because malicious video links are usually being spread via this communication app. However, Facebook video virus might post obfuscated links on the News Feed too.

Typically, the malicious link is followed by a short message that includes these words:

  • My video
  • My first video
  • Private video
  • Exclusive video
  • Special video

Cybercriminals usually use spoofed links that trick users that received link are from YouTube or other popular websites. However, after being clicked, this link redirects its victim to a malicious website seeking to infect a device. Usually, this site asks to install some Google Chrome or Mozilla Firefox extension or update. Once they do that, the virus hijacks the Facebook account and spreads the same malicious message to the victim’s friend list.

Users are warned to be careful with received messages and do not open any malicious link. However, if you already did it, you should remove Facebook video virus ASAP. No matter that malware spreads on a social network, once you clicked the link or installed a particular plugin, malicious components might be installed on your device.

Facebook video virus might affect all devices that run on Windows, macOS, iOS, and Android operating systems. Thus, if you have clicked on a malicious link and installed some component, make sure you do not open your Facebook account using another device. If you did so, please check it with anti-malware software as well.

Facebook video virus imageFacebook video virus is a cyber threat that aims to trick users into installing malicious extensions or programs to their devices.

2019. The resurface of “Special” and “Exclusive” video viruses

First detected in August 2017, Facebook's special video virus came back in June 2019. This version of the virus spreads and acts similarly to other cyber threats that belong to this category. Users either receive a message from their Facebook contacts or get tagged in a post that includes a link to a “Special” or “Exclusive” video. Some variations of this hoax include the victim’s name and emoji.

Originally, the virus mostly attacks users in English; however, the Special Video Facebook virus “speaks” to the users via their local languages. Active distribution campaigns were reported in the Netherlands,[3] Spain,[4] Germany,[5] Lithuania,[6], and other European countries. When users click on the affected link, they are redirected to a malicious link, which might redirect to different websites based on the victim’s location, browser, operating system, or other details.

Mozilla Firefox users on both Mac and Windows operating systems are redirected to a website that asks to install Flash Player. However, instead of installing the program, users install adware or even malware on the PC.[7] Safari users might be redirected to the malicious website that asks to download the Flash Media Player download site. If Mac users click the “Install” button, they download the .dmg file directly to their computer, which is nothing else but adware.

Facebook video virus postsFacebook video virus might also post malicious links on the News Feed.

Meanwhile, Chrome users are redirected to a fake YouTube website that requires installing a malicious extension called “GitHub Real Names,” “Dictionario,” and others. According to the recent data, this extension works as adware and tries to collect users' Facebook account information. When users install this malicious add-on, the virus hacks the account spread the same video message to the contact list.

Researchers reported that the Exclusive Video Facebook virus is actively spreading in Argentina.[8] The virus posts a compromised video link on Facebook News Feed on behalf of the hacked account and tags a dozen of people in the post.

The malicious link has the title “Exclusive Video” or “Special Video” and the picture of the victim. The link behind the post seems to redirect to storage.googleapis.com or a similar site, but in reality, it tricks users into visiting a compromised site. It looks similar to YouTube but asks to install Google Chrome extension in order to see the video. However, instead of installing a needed plugin, people download data-stealing malware that also floods the affected browser with ads.

Therefore, it’s crucial to get rid of the Facebook video virus immediately and change your passwords. We have provided instructions on how to uninstall malicious Chrome or Firefox extensions at the end of the article. It is reported that these nasty extensions cannot be deleted that easily.

Facebook video virus on the News FeedFacebook video virus often delivers shocking or explicit video links.

Some versions of the Facebook video virus lead to the fake Ace Stream Web extension

One of the firsts versions of the Facebook video virus spread on the News Feed (former Timeline). It automatically shares new posts that are titled “My private video,” “My first video,” or “Private video.” Virus tags about 20 friends in the post, attempting to draw other Facebook users’ attention.

Although some researchers claim that all you need to do is remove suspicious browser extensions from the web browser, such an explanation is not precise enough. In fact, we have discovered that Facebook video malware shuts down the open browser tabs and opens a new window when the victim attempts to open “Extensions” settings.

Obviously, this virus tries to prevent the user from deleting the malicious browser extension. We have discovered that the browser extension related to this virus was Ace Stream Web Extension. However, before you can remove this extension, you must find and eliminate components related to this extension from your computer system. First of all, we recommend you open the Windows Task Manager (Control + Shift + Esc) and review all suspicious processes on the computer.

The computer that we have tested had an ace_engine.exe process running on it, which appeared to be responsible for the browser’s malfunction when trying to access the “Extensions” panel. However, that is not the end; we have also discovered that there was Ace Stream Media 3.1.0 installed on the system, which was also related to Facebook video virus.

After uninstalling this program and ending the ace_engine.exe process, you can finally access browser settings and delete Ace Stream Web Extension from the Extensions section. We must say that this virus can be related to other programs and browser extensions since the official version of Ace Stream is not a malicious program.

Cybercriminals often tend to corrupt legitimate programs by adding malicious components to them and spread them on the Internet. We also recommend you review and delete all suspicious FB applications that you have recently given permission to access your Facebook account.

Facebook video virus installationFacebook video virus sends a link that redirects to a compromised website that asks to install a specific browser extension.

Spoofed links are actively used to generate Facebook users' clicks

In October 2017, security researcher Barak Tawily discovered a flaw that allows attackers to spoof links.[9] Facebook always scans the shared link and looks for the Open Graph meta tags that allow showing the title of the link, description, image, and URL. For this reason, Facebook checks “og:url,” “og:image,” and “og:title” tags and displays previously mentioned entries.

The problem might occur when attackers decide to replace one of these components even though pages do not have an editing feature since July 2017, when it was banned to reduce the amount of fake news and scams. However, the detected flaw still allows modifications. The issue is that Facebook does not check if the link in the “og:url” tag actually redirects to the particular website. Therefore, scammers can enter whatever domain they want and hide it under YouTube's or other popular video streaming website's name.

It didn't take long for the social media giant to disable this feature. However, cybercriminals are continuously working on new techniques to bypass Facebook's security and spread malicious content. Therefore, it's important to be cautious when using this social network and does not rush clicking any links.

Facebook video virus examplesFacebook video virus usually includes target's name in the message.

Tips to avoid Facebook video virus

The virus spreads so quickly because the majority of Facebook users fail to identify these posts and messages as deceptive and malicious content. You should never click on posts or links that your friends send to you if you have even the slightest suspicion that your friend would not share such content on Facebook.

Unfortunately, many computer users click on such content exactly because they cannot believe that their friend has shared such a post. Unfortunately, clicking on these malicious video links downloads malware into the computer that takes control over the victim’s Facebook account.

  • To avoid Facebook video virus infiltration, you should not click on suspicious posts or links sent by your friends. If such content raises your suspicion, ask your friend whether he/she shared it by their choice.
  • Another thing you should know is that videos shared on this social network (no matter if they are uploaded directly to the site or if they are shared via YouTube) play after you click on them. If, after clicking on a video, you are redirected to some suspicious website that asks you to provide permission to access your Facebook timeline or to download an application to your computer, most likely that Facebook post contained a malicious link.
  • You may also install a virus along with other free programs. We strongly recommend avoiding downloading software from questionable file-sharing websites because you risk downloading a bundled software. Bundled software is basically a pack of programs, including one main program and several optional downloads that can be installed alongside the main program. These optional downloads usually appear to be dangerous applications, so it is advisable to opt them out. You can do that via Advanced/Custom installation settings.

Facebook video virus removal guide

To remove the Facebook video virus completely, you have to employ professional security software, such as SpyHunter 5Combo Cleaner. Malware might install or trick you into installing malicious files, browser extensions, or fake plugins to the computer and web browsers. Manual detection and elimination of these components might be complicated because the virus might block access to browser extensions or reinstall itself once you access your Facebook account. Nonetheless, if you would like to proceed with manual elimination, we provide all the relevant details below.

However, if you are still willing to remove the virus manually, you have to delete all suspicious components from the computer and web browsers. You should also reset the browsers in order to make sure that all malicious components were uninstalled entirely and then restore files affected by the virus to fix virus damage. This can be done with ReimageIntego.

After Facebook video virus removal, you must reset the Facebook password. Besides, you should also change the passwords of other accounts. The malware is capable of tracking user's login data, so cybercriminals may have gotten access to other accounts as well.

Offer
do it now!
Download
Reimage Happiness
Guarantee
Download
Intego Happiness
Guarantee
Compatible with Microsoft Windows Compatible with macOS
What to do if failed?
If you failed to remove virus damage using Reimage Intego, submit a question to our support team and provide as much details as possible.
Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

Getting rid of Facebook video virus. Follow these steps

Uninstall from Windows

Instructions for Windows 10/8  machines:

  1. Enter Control Panel into Windows search box and hit Enter or click on the search result.
  2. Under Programs, select Uninstall a program. Uninstall from Windows 1
  3. From the list, find the entry of the suspicious program.
  4. Right-click on the application and select Uninstall.
  5. If User Account Control shows up, click Yes.
  6. Wait till uninstallation process is complete and click OK. Uninstall from Windows 2

If you are Windows 7/XP user, proceed with the following instructions:

  1. Click on Windows Start > Control Panel located on the right pane (if you are Windows XP user, click on Add/Remove Programs).
  2. In Control Panel, select Programs > Uninstall a program. Uninstall from Windows 7/XP
  3. Pick the unwanted application by clicking on it once.
  4. At the top, click Uninstall/Change.
  5. In the confirmation prompt, pick Yes.
  6. Click OK once the removal process is finished.

Delete from macOS

Remove items from Applications folder:

  1. From the menu bar, select Go > Applications.
  2. In the Applications folder, look for all related entries.
  3. Click on the app and drag it to Trash (or right-click and pick Move to Trash) Uninstall from Mac 1

To fully remove an unwanted app, you need to access Application Support, LaunchAgents, and LaunchDaemons folders and delete relevant files:

  1. Select Go > Go to Folder.
  2. Enter /Library/Application Support and click Go or press Enter.
  3. In the Application Support folder, look for any dubious entries and then delete them.
  4. Now enter /Library/LaunchAgents and /Library/LaunchDaemons folders the same way and terminate all the related .plist files. Uninstall from Mac 2

Uninstall from Android

Uninstall unwanted programs from Android device:

  1. Go to Settings -> Apps/Applications.
  2. Expand the full list of the installed apps.
  3. Scroll through the list and tap on a suspicious application once.
  4. Tap on it and select Uninstall. Uninstall from Android
  5. Reboot the device.

Clear Storage and data files on Android from Google Chrome or other apps:

  1. Go to Settings > Apps/Applications.
  2. Expand the full list of the installed apps.
  3. Tap on Chrome and select Storage & cache.
  4. Clear storage and clear cache of the app. Clear Chrome cache and and data Android

If you are seeing ads on top of other apps but are not sure what is causing it, perform the following steps:

  1. Go to Apps/Applications.
  2. Tap Advanced.
  3. Select Special App access.
  4. Tap on Display over other apps. Check if can display over other Apps Android
  5. Eliminate apps with these access rights enabled.

Remove from Microsoft Edge

Delete unwanted extensions from MS Edge:

  1. Select Menu (three horizontal dots at the top-right of the browser window) and pick Extensions.
  2. From the list, pick the extension and click on the Gear icon.
  3. Click on Uninstall at the bottom. Remove extensions from Edge

Clear cookies and other browser data:

  1. Click on the Menu (three horizontal dots at the top-right of the browser window) and select Privacy & security.
  2. Under Clear browsing data, pick Choose what to clear.
  3. Select everything (apart from passwords, although you might want to include Media licenses as well, if applicable) and click on Clear. Clear Edge browsing data

Restore new tab and homepage settings:

  1. Click the menu icon and choose Settings.
  2. Then find On startup section.
  3. Click Disable if you found any suspicious domain.

Reset MS Edge if the above steps did not work:

  1. Press on Ctrl + Shift + Esc to open Task Manager.
  2. Click on More details arrow at the bottom of the window.
  3. Select Details tab.
  4. Now scroll down and locate every entry with Microsoft Edge name in it. Right-click on each of them and select End Task to stop MS Edge from running. Reset MS Edge

If this solution failed to help you, you need to use an advanced Edge reset method. Note that you need to backup your data before proceeding.

  1. Find the following folder on your computer: C:\\Users\\%username%\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe.
  2. Press Ctrl + A on your keyboard to select all folders.
  3. Right-click on them and pick Delete Advanced MS Edge reset 1
  4. Now right-click on the Start button and pick Windows PowerShell (Admin).
  5. When the new window opens, copy and paste the following command, and then press Enter:

    Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register “$($_.InstallLocation)\\AppXManifest.xml” -Verbose Advanced MS Edge reset 2

Instructions for Chromium-based Edge

Delete extensions from MS Edge (Chromium):

  1. Open Edge and click select Settings > Extensions.
  2. Delete unwanted extensions by clicking Remove. Remove extensions from Chromium Edge

Clear cache and site data:

  1. Click on Menu and go to Settings.
  2. Select Privacy and services.
  3. Under Clear browsing data, pick Choose what to clear.
  4. Under Time range, pick All time.
  5. Select Clear now. Clear browser data from Chroum Edge

Reset Chromium-based MS Edge:

  1. Click on Menu and select Settings.
  2. On the left side, pick Reset settings.
  3. Select Restore settings to their default values.
  4. Confirm with Reset. Reset Chromium Edge

Remove from Mozilla Firefox (FF)

Remove dangerous extensions:

  1. Open Mozilla Firefox browser and click on the Menu (three horizontal lines at the top-right of the window).
  2. Select Add-ons.
  3. In here, select unwanted plugin and click Remove. Remove extensions from Firefox

Reset the homepage:

  1. Click three horizontal lines at the top right corner to open the menu.
  2. Choose Options.
  3. Under Home options, enter your preferred site that will open every time you newly open the Mozilla Firefox.

Clear cookies and site data:

  1. Click Menu and pick Options.
  2. Go to Privacy & Security section.
  3. Scroll down to locate Cookies and Site Data.
  4. Click on Clear Data…
  5. Select Cookies and Site Data, as well as Cached Web Content and press Clear. Clear cookies and site data from Firefox

Reset Mozilla Firefox

If clearing the browser as explained above did not help, reset Mozilla Firefox:

  1. Open Mozilla Firefox browser and click the Menu.
  2. Go to Help and then choose Troubleshooting Information. Reset Firefox 1
  3. Under Give Firefox a tune up section, click on Refresh Firefox…
  4. Once the pop-up shows up, confirm the action by pressing on Refresh Firefox. Reset Firefox 2

Remove from Google Chrome

Delete malicious extensions from Google Chrome:

  1. Open Google Chrome, click on the Menu (three vertical dots at the top-right corner) and select More tools > Extensions.
  2. In the newly opened window, you will see all the installed extensions. Uninstall all the suspicious plugins that might be related to the unwanted program by clicking Remove. Remove extensions from Chrome

Clear cache and web data from Chrome:

  1. Click on Menu and pick Settings.
  2. Under Privacy and security, select Clear browsing data.
  3. Select Browsing history, Cookies and other site data, as well as Cached images and files.
  4. Click Clear data. Clear cache and web data from Chrome

Change your homepage:

  1. Click menu and choose Settings.
  2. Look for a suspicious site in the On startup section.
  3. Click on Open a specific or set of pages and click on three dots to find the Remove option.

Reset Google Chrome:

If the previous methods did not help you, reset Google Chrome to eliminate all the unwanted components:

  1. Click on Menu and select Settings.
  2. In the Settings, scroll down and click Advanced.
  3. Scroll down and locate Reset and clean up section.
  4. Now click Restore settings to their original defaults.
  5. Confirm with Reset settings. Reset Chrome 2

Delete from Safari

Remove unwanted extensions from Safari:

  1. Click Safari > Preferences…
  2. In the new window, pick Extensions.
  3. Select the unwanted extension and select Uninstall. Remove extensions from Safari

Clear cookies and other website data from Safari:

  1. Click Safari > Clear History…
  2. From the drop-down menu under Clear, pick all history.
  3. Confirm with Clear History. Clear cookies and website data from Safari

Reset Safari if the above-mentioned steps did not help you:

  1. Click Safari > Preferences…
  2. Go to Advanced tab.
  3. Tick the Show Develop menu in menu bar.
  4. From the menu bar, click Develop, and then select Empty Caches. Reset Safari

Scan your system with anti-malware

If you are a victim of ransomware, you should employ anti-malware software for its removal. Some ransomware can self-destruct after the file encryption process is finished. Even in such cases, malware might leave various data-stealing modules or could operate in conjunction with other malicious programs on your device. 

SpyHunter 5Combo Cleaner or Malwarebytes can detect and eliminate all ransomware-related files, additional modules, along with other viruses that could be hiding on your system. The security software is really easy to use and does not require any prior IT knowledge to succeed in the malware removal process.

Repair damaged system components

Once a computer is infected with malware such as ransomware, its system is changed to operate differently. For example, an infection can alter the Windows registry database, damage vital bootup, and other sections, delete or corrupt DLL files, etc. Once a system file is damaged by malware, antivirus software is not capable of doing anything about it, leaving it just the way it is. Consequently, users might experience performance, stability, and usability issues, to the point where a full Windows reinstall is required.

Therefore, we highly recommend using a one-of-a-kind, patented technology of ReimageIntego repair. Not only can it fix virus damage after the infection, but it is also capable of removing malware that has already broken into the system thanks to several engines used by the program. Besides, the application is also capable of fixing various Windows-related issues that are not caused by malware infections, for example, Blue Screen errors, freezes, registry errors, damaged DLLs, etc.

  • Download the application by clicking on the link above
  • Click on the ReimageRepair.exe
    Reimage download
  • If User Account Control (UAC) shows up, select Yes
  • Press Install and wait till the program finishes the installation process Reimage installation
  • The analysis of your machine with begin immediately Reimage scan
  • Once complete, check the results – they will be listed in the Summary
  • You can now click on each of the issues and fix them manually
  • If you see many problems that you find difficult to fix, we recommend you purchase the license and fix them automatically. Reimage results

By employing ReimageIntego, you would not have to worry about future computer issues, as most of them could be fixed quickly by performing a full system scan at any time. Most importantly, you could avoid the tedious process of the Windows reinstallation in case things go very wrong due to one reason or another.

Manual removal using Safe Mode

Important! →
Manual removal guide might be too complicated for regular computer users. It requires advanced IT knowledge to be performed correctly (if vital system files are removed or damaged, it might result in full Windows compromise), and it also might take hours to complete. Therefore, we highly advise using the automatic method provided above instead.

Step 1. Access Safe Mode with Networking

Manual malware removal should be best performed in the Safe Mode environment. 

Windows 7 / Vista / XP
  1. Click Start > Shutdown > Restart > OK.
  2. When your computer becomes active, start pressing F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
  3. Select Safe Mode with Networking from the list. Windows 7/XP
Windows 10 / Windows 8
  1. Right-click on Start button and select Settings.
    Settings
  2. Scroll down to pick Update & Security.
    Update and security
  3. On the left side of the window, pick Recovery.
  4. Now scroll down to find Advanced Startup section.
  5. Click Restart now.
    Reboot
  6. Select Troubleshoot. Choose an option
  7. Go to Advanced options. Advanced options
  8. Select Startup Settings. Startup settings
  9. Press Restart.
  10. Now press 5 or click 5) Enable Safe Mode with Networking. Enable safe mode

Step 2. Shut down suspicious processes

Windows Task Manager is a useful tool that shows all the processes running in the background. If malware is running a process, you need to shut it down:

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Click on More details.
    Open task manager
  3. Scroll down to Background processes section, and look for anything suspicious.
  4. Right-click and select Open file location.
    Open file location
  5. Go back to the process, right-click and pick End Task.
    End task
  6. Delete the contents of the malicious folder.

Step 3. Check program Startup

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Go to Startup tab.
  3. Right-click on the suspicious program and pick Disable.
    Startup

Step 4. Delete virus files

Malware-related files can be found in various places within your computer. Here are instructions that could help you find them:

  1. Type in Disk Cleanup in Windows search and press Enter.
    Disk cleanup
  2. Select the drive you want to clean (C: is your main drive by default and is likely to be the one that has malicious files in).
  3. Scroll through the Files to delete list and select the following:

    Temporary Internet Files
    Downloads
    Recycle Bin
    Temporary files

  4. Pick Clean up system files.
    Delete temp files
  5. You can also look for other malicious files hidden in the following folders (type these entries in Windows Search and press Enter):

    %AppData%
    %LocalAppData%
    %ProgramData%
    %WinDir%

After you are finished, reboot the PC in normal mode.

How to prevent from getting malware

Stream videos without limitations, no matter where you are

There are multiple parties that could find out almost anything about you by checking your online activity. While this is highly unlikely, advertisers and tech companies are constantly tracking you online. The first step to privacy should be a secure browser that focuses on tracker reduction to a minimum.

Even if you employ a secure browser, you will not be able to access websites that are restricted due to local government laws or other reasons. In other words, you may not be able to stream Disney+ or US-based Netflix in some countries. To bypass these restrictions, you can employ a powerful Private Internet Access VPN, which provides dedicated servers for torrenting and streaming, not slowing you down in the process.

Data backups are important – recover your lost files

Ransomware is one of the biggest threats to personal data. Once it is executed on a machine, it launches a sophisticated encryption algorithm that locks all your files, although it does not destroy them. The most common misconception is that anti-malware software can return files to their previous states. This is not true, however, and data remains locked after the malicious payload is deleted.

While regular data backups are the only secure method to recover your files after a ransomware attack, tools such as Data Recovery Pro can also be effective and restore at least some of your lost data.

About the author
Linas Kiguolis
Linas Kiguolis - Expert in social media

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Linas Kiguolis
About the company Esolutions

References
Removal guides in other languages