Severity scale:  

Facebook video virus scam strategy explained (2020 guide)

removal by Linas Kiguolis - - | Type: Malware

Facebook video virus – a scam campaign tricking users into installing malware or questionable applications

Facebook video virusFacebook video virus a group of fake video links that are being sent via Messenger or posted on News Feed.

Facebook video virus is the malware that infects systems with other malicious programs via malicious hyperlinks and content directly on a deceptive message. This campaign is related to Facebook virus and cannot be implemented without the fake messages containing videos and other content or even direct links and file attachments. Malware poses a serious danger because it can steal passwords, various credentials, and personal information. Beware that there are numerous Facebook scams that can lead to identity theft or loss of huge amounts of money. 

Questions about Facebook video virus

Facebook video virus is a term used to describe a wide group of cyber infections spreading on the world’s largest social network. Various variations of the malware are known for a couple of years. However, in 2019, researchers reported about increased activity of:

  • Private video Facebook virus
  • Exclusive video Facebook virus
  • Special Video Facebook virus
Summary of the cyber threat
Name Facebook video virus
Family Facebook viruses
Type Malware
Danger level High. Might hack the Facebook account, steal credentials or identity, install malware on the computer or smartphone
Targeted OS Windows, Mac OS X, iOS, Android
Affected browsers Google Chrome, Mozilla Firefox, Safari
Distribution Malicious links sent via Messenger or posted on the News Feed, fake browser extensions
Most popular versions
  • Private video Facebook virus
  • Exclusive video Facebook virus
  • Special video Facebook virus
There are numerous things to check to ensure that Facebook video virus removal is done completely. Change your Facebook password, run a full system scan with the anti-spyware software, and ReimageIntego for fixing virus damage

Despite several differences, all version of this cyber threat spread as a fake video link via Messenger or on the News Feed. Once clicked, it redirects to a malicious site where victims are asked to install a specific plugin which leads to the hijacked account and continues sending the same message automatically on behalf of the victim.[1]

This cyber threat is one of the versions of the Facebook virus and is closely related to Facebook Messenger virus[2] because malicious video links are usually being spread via this communication app. However, Facebook video virus might post obfuscated links on the News Feed too.

Typically, the malicious link is followed by a short message that includes these words:

  • My video
  • My first video
  • Private video
  • Exclusive video
  • Special video

Cybercriminals usually use spoofed links that trick users that received link are from YouTube or other popular websites. However, after being clicked, this link redirects its victim to a malicious website seeking to infect a device. Usually, this site asks to install some Google Chrome or Mozilla Firefox extension or update. Once they do that, the virus hijacks the Facebook account and spreads the same malicious message to the victim’s friend list.

Users are warned to be careful with received messages and do not open any malicious link. However, if you already did it, you should remove Facebook video virus ASAP. No matter that malware spreads on a social network, once you clicked the link or installed a particular plugin, malicious components might be installed on your device. 

Facebook video virus might affect all devices that run on Windows, Mac OS X, iOS, and Android operating systems. Thus, if you have clicked on a malicious link and installed some component, make sure you do not open your Facebook account using another device. If you did so, please check it with anti-malware software as well.

Facebook video virus imageFacebook video virus is a cyber threat that aims to trick users into installing malicious extensions or programs to their devices.

2019. The recovery of “Special” and “Exclusive” video viruses

First detected in August 2017, Facebook special video virus came back in June 2019. This version of the virus spreads and acts similarly like other cyber threats that belong to this category. Users either receive a message from their Facebook contacts or get tagged in a post that includes a link to “Special” or “Exclusive” video. Some variations of this hoax include the victim’s name and emoji.

Originally, the virus mostly attacks users in English; however, Special Video Facebook virus “speaks” to the users with their own languages. Active distribution campaigns were reported in the Netherlands,[3] Spain,[4] Germany,[5] Lithuania,[6] and other European countries. When users click on the affected link, they are redirected to a malicious link which might redirect to different websites based on the victim’s location, browser, and operating system or other details.

Mozilla Firefox users on both Mac and Windows operating systems are redirected to a website that asks to install Flash Player. However, instead of installing the program, users install adware or even malware to the PC.[7] Safari users might be redirected to the malicious website that asks to download the Flash Media Player download site. If Mac users click the “Install” button, they download .dmg file directly to their computer, which is nothing else but adware.

Facebook video virus postsFacebook video virus might also post malicious links on the News Feed.

Meanwhile, Chrome users are redirected to fake YouTube website that requires installing a malicious extension called “GitHub Real Names,” “Dictionario” and others. According to the recent data, this extension works as adware and tries to collect user’s Facebook account information. When users install this malicious add-on, the virus hacks the account spread the same video message to all his or her contact list.

Researchers reported that Exclusive Video Facebook virus is actively spreading in Argentina.[8] The virus posts a compromised video link on Facebook News Feed on behalf of the hacked account and tags a dozen of people in the post.

The malicious link has the title “Exclusive Video” or “Special Video” and the picture of the victim. The link behind the post seems to redirect to or a similar site, but in reality, it tricks users into visiting a compromised site. It looks similar to YouTube but asks to install Google Chrome extension in order to see the video. However, instead of installing a needed plugin, people download data-stealing malware that also floods the affected browser with ads.

Therefore, it’s crucial to get rid of Facebook video virus immediately and change your passwords. We have provided instructions on how to uninstall malicious Chrome or Firefox extensions at the end of the article. It is reported that these nasty extensions cannot be deleted that easily.

Facebook video virus on the News FeedFacebook video virus often delivers shocking or explicit video links.

Some versions of the Facebook video virus lead to the fake Ace Stream Web extension

One of the firsts versions of Facebook video virus spread on the News Feed (former Timeline). It automatically shares new posts that are titled “My private video,” “My first video,” or “Private video.” Virus tags about 20 friends in the post, attempting to draw other Facebook users’ attention.

Although some researchers claim that all you need to do is to remove suspicious browser extensions from the web browser, such an explanation is not precise enough. In fact, we have discovered that Facebook video malware shuts down the open browser tabs and opens a new window when the victim attempts to open “Extensions” settings.

Obviously, this virus tries to prevent the user from deleting the malicious browser extension. We have discovered that the browser extension related to this virus was Ace Stream Web Extension. However, before you can remove this extension, you have to find and eliminate components related to this extension from your computer system. First of all, we recommend you to open the Windows Task Manager (Control+Alt+Delete) and review all suspicious processes on the computer.

The computer that we have tested had an ace_engine.exe process running on it, which appeared to be responsible for the browser’s malfunction when trying to access the “Extensions” panel. However, that is not the end; we have also discovered that there was Ace Stream Media 3.1.0 installed on the system, which was also related to Facebook video virus.

After uninstalling this program and ending ace_engine.exe process, you can finally access browser settings and delete Ace Stream Web Extension from the Extensions section. We must say that this virus can be related to other programs and browser extensions since the official version of Ace Stream is NOT a malicious program.

Cyber criminals often tend to corrupt legitimate programs by adding malicious components to them and spread them on the Internet. We also recommend you review and delete all suspicious FB applications that you have recently given permissions to access your Facebook account.

Facebook video virus installationFacebook video virus sends a link that redirects to a compromised website that asks to install a specific browser extension.

Spoofed links are actively used to generate Facebook users' clicks

In October 2017, security researcher Barak Tawily discovered a flaw that allows attackers spoofing links.[9] Facebook always scans the shared link and looks for the Open Graph meta tags that allow showing the title of the link, description, image, and URL. For this reason, Facebook checks “og:url,” “og:image” and “og:title” tags and displays previously mentioned entries.

The problem might occur when attackers decide to replace one of these components even though pages do not have editing feature since the July 2017, when it was banned to reduce the amount of fake news and scams. However, the detected flaw still allows modifications. The issue is that Facebook does not check if the link in “og:url” tag actually redirects to the particular website. Therefore, scammers can enter whatever domain they want and hide it under YouTube's or other popular video streaming website's name.

It didn't take long for the social media giant to disable this feature. However, cybercriminals are continuously working on new techniques to bypass Facebook's security and spread malicious content. Therefore, it's important to be cautious when using this social network and does not rush clicking any links.

Facebook video virus examplesFacebook video virus usually includes target's name in the message.

Tips to avoid Facebook video virus

The virus spreads so quickly because the majority of Facebook users fail to identify these posts and messages as deceptive and malicious content. You should NEVER click on posts or links that your friends send to you if you have even the slightest suspicion that your friend would not share such content on Facebook.

Unfortunately, many computer users click on such content EXACTLY because they cannot believe that their friend has shared such post. Unfortunately, clicking on these malicious video links downloads malware into the computer that takes control over the victim’s Facebook account.

  • To avoid Facebook video virus infiltration, you should not click on suspicious posts or links sent by your friends. If such content raises your suspicion, ask your friend whether he/she shared it by their choice.
  • Another thing you should know is that videos shared on this social network (no matter if they are uploaded directly to the site or if they are shared via Youtube) play after you click on them. If after clicking on a video you are redirected to some suspicious website that asks you to provide permission to access your Facebook timeline or to download an application to your computer, most likely that Facebook post contained a malicious link.
  • You may also install a virus along with other free programs. We strongly recommend you to avoid downloading software from questionable file sharing websites, because you risk downloading a bundled software. Bundled software is basically a pack of programs, which includes one main program and several optional downloads that can be installed alongside the main program. These optional downloads usually appear to be dangerous applications, so it is advisable to opt them out. You can do that via Advanced/Custom installation settings.

Facebook video virus removal guide

To remove the Facebook video virus completely, you have to employ professional security software, such as SpyHunter 5Combo Cleaner. Malware might install or trick you into installing malicious files, browser extensions or fake plugins to the computer and web browsers. Manual detection and elimination of these components might be complicated because the virus might block access to browser extensions or reinstall itself once you access your Facebook account.

However, if you are still willing to remove the virus manually, you have to delete all suspicious components from the computer and web browsers. You should also reset the browsers in order to make sure that all malicious components were uninstalled entirely and then restore files affected by the virus to fix virus damage. This can be done with ReimageIntego.

After Facebook video virus removal, you must reset the Facebook password. Besides, you should also change the passwords of other accounts. The malware is capable of tracking user's login data, so cybercriminals may have gotten access to other accounts as well. 

do it now!
Reimage Happiness
Intego Happiness
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage Intego, submit a question to our support team and provide as much details as possible.
Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

Stream videos without limitations, no matter where you are

There are multiple parties that could find out almost anything about you by checking your online activity. While this is highly unlikely, advertisers and tech companies are constantly tracking you online. The first step to privacy should be a secure browser that focuses on tracker reduction to a minimum.

Even if you employ a secure browser, you will not be able to access websites that are restricted due to local government laws or other reasons. In other words, you may not be able to stream Disney+ or US-based Netflix in some countries. To bypass these restrictions, you can employ a powerful Private Internet Access VPN, which provides dedicated servers for torrenting and streaming, not slowing you down in the process.

Data backups are important – recover your lost files

Ransomware is one of the biggest threats to personal data. Once it is executed on a machine, it launches a sophisticated encryption algorithm that locks all your files, although it does not destroy them. The most common misconception is that anti-malware software can return files to their previous states. This is not true, however, and data remains locked after the malicious payload is deleted.

While regular data backups are the only secure method to recover your files after a ransomware attack, tools such as Data Recovery Pro can also be effective and restore at least some of your lost data.

About the author
Linas Kiguolis
Linas Kiguolis - Expert in social media

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Linas Kiguolis
About the company Esolutions

Removal guides in other languages

  1. sandraz says:
    April 20th, 2016 at 2:11 pm

    i cannot stop this virus!!

  2. marhunt says:
    April 20th, 2016 at 2:14 pm

    thanks god my case was the same and it was related to ace stream TS player. removed it and no more malicious acivity on my facebook. you guys saved my life, so i am definitely donating!

  3. Daniel Sevilla says:
    January 5th, 2017 at 2:34 pm

    What happens if its on a Mobile Phone???

Your opinion regarding Facebook video virus