Severity scale:  
  (97/100)

How to remove Facebook virus. 25 variants revealed

removal by Jake Doevan - - | Type: Malware

Facebook virus is a term used to describe various scams and malware promoted via this social network

Facebook virus

Facebook virus is a term describing malware that has been spreading via this social network by using different shapes. This is a common term that includes a variety of malicious programs designed to attack users on this social media platform. The primary goal of the malware is to generate profit to cyber criminals by stealing sensitive data, credit card details, infiltrating the system with the malicious digital currency miners[1] or other dangerous cyber threats.[2] However, some versions just pollute Facebook network and annoy its users.

According to the experts, there are numerous malicious programs still spreading across this social network and it doesn't seem that hackers are going to stop. Users are still suffering from the type of Facebook virus asking if the video, virus alert from Facebook or sales summary is real.[3] However, the latest scams noticed on this social network are redirecting to Amazonaws domains after clicking on ads offering free Disneyland tickets, RayBan glasses or sales summary of 2019. Beware that these scams are often used to collect personal information or even credit card details.

The Amazonaws Facebook virus has been actively used to redirect users to fake websites impersonating Youtube, Twitter, or official domains offering users to update their “Adobe Flash Player”. Unfortunately, the file “flash player.dmg” was found to be infected.[4] Because of the Youtube name mentioned in the alert, this variant was named as Youtube Facebook virus.

Previously, Facebook virus reached its peak when it started spreading Digmine Monero cryptocurrency-mining botnet via Facebook Messenger.[5] The botnet was spread as a video_xxxx.zip file which is actually an executable of the miner. All in all, this is the most dangerous campaign related to this social network.

Questions about Facebook virus

Undoubtedly, Facebook video virus is the most popular version of malware that spreads via Messenger. With the help of a compromised account, criminals have been spreading a link named after the video_[random_characters].zip path. However, receiving files called video_5833.zip, video_6447.zip or similar is a clear sign that your contact’s account was victimized and the content provided in these files is harmful.

Name Facebook malware
Type Many different types: Malware, Password stealing virus, Phishing malware, Spyware, trojan, misleading browser extensions
Danger level High, varies depending of the type of facebook virus. example of infectious misleading domain:
m.facebook.com-vm-auwlyduxgo.brahimsfood[.]com
Distribution

Malicious texts via Messenger; infected links on unreliable pages; software-bundles; malicious spam emails; Browser extensions, software hacks

The damage and Most dangerous versions

Damage may vary by type of facebook malware, most common are identity thefts, overtaking victims computer, adding in to botnet or mining, stolen passwords, social accounts. beware of these versions:

  • Facebook Malware warning
  • “Is that you” Facebook virus
  • Facebook Messenger virus
  • Facebook video virus 
  • Congratulations! Your profile has been selected by Facebook;
  • Facebook Ray Ban virus
  • Clearance sales summary of 2019 Facebook
  • Facebook Amazonaws virus
Removal  You can not only uninstall Facebook virus because it is a term used to describe specific issues on this social network. After fixing your account, install Reimage to protect your system in the future

Facebook malware has numerous features, including:

  • Distributing spam messages to contact lists;
  • Promoting fake contests used to obtain users' private information;
  • Spreading spam via Facebook chat;
  • Distributing malware.

Scammers also take advantage of users using hoaxes by giving them hope to win two free Ryanair tickets and suggesting to purchase various things. Even if the announcement on Facebook claims that the offer is recommended by the reputable financial guru Martin Lewis, you should not fall for such Facebook scam. Also, people can be redirected to sites promoting iPhone for 1 Euro. This may happen after clicking on infected Google's search results. This way, scammers are trying to get personal information, including full name and credit card details. 

Facebook malware
Facebook virus is a term used to summarize malicious programs which are distributed on the social media platform. The term includes malware, scams, hoaxes, etc.

Unfortunately, serious viruses have also been noticed spreading on the social network – users have already been infected with a notorious Locky virus[6] which has been finding its way to target systems with the help of Nemucod downloader. This cyber threat was found hidden under SVG Image file using photo_[random numbers].svg name. If you happen to see files, such as photo_4837.svg, photo_999.svg or photo_8470.svg, in your Facebook Messages, make sure you stay away from it because its aim is to infect you with Locky ransomware.

If you don't take care of Facebook virus removal, you can infect your friends and encourage this malware for future crimes. Every user who clicks the malicious link is involved in the distribution scheme. Steps that you can use to fix your account and remove Facebook virus sending messages are provided below this post. 

After fixing it, don't forget to scan your computer with reliable security software to see if there is anything malicious on your computer. Reimage can help you to see if you are infected. Keep in mind that security experts have already reported about the relation between Facebook redirect virus and ransomware-type viruses, trojan horses, and similar threats.

Identified 25 Facebook malware versions, Removal guides included

Facebook Malware warning

Facebook Malware warning is the scam which aims to infiltrate the system by using malicious or potentially unwanted programs (PUPs). Some time ago it was the most active version of the Facebook virus which was attacking people from all over the world. At the moment, virus activity seems to be decreased.

Name Facebook Malware warning
Type Scam
Distribution means Software bundles, insecure third-party sites
Details A fake but legitimately looking Facebook warning appears claiming that user's computer is infected with malware
Termination Scan your computer with anti-malware and reset all browsers

Virus alert from Facebook is designed to deliver fraudulent messages about different infections found on the system. Once the users are intimidated, they are offered to purchase and run a full system scan with an antivirus. Unfortunately, such programs only promote useless or even potentially dangerous software and should never be trusted. 

Suspicious software offered by Facebook Malware warning might actually be:

  • Expensive and ineffective optimization tool;
  • Ransomware;
  • Banking Trojan;
  • PUP.

Even though there were some reports about Facebook Malware warning in 2017, it gained its popularity in 2018. Therefore, users are advised to use a professional malware removal tool which is downloaded from official websites only. This way, you will avoid any fake programs and protect your system.

Facebook Messenger virus

Messenger virus is another variant of the Facebook virus which has been spread through the chat window of this social network. No matter that the virus is relatively old, it is still actively affecting users by using a tricky scheme which uses the victim's profile picture, the name, and a link offering to check a specific video. The message creates an image that the video is saved on YouTube and that it is somehow related to the victim. As a result, this scam has affected numerous users worldwide.

Name Messenger virus
Type Scam
Spread via Facebook Messenger
Details Victims receive a message from somebody on the friend's list. The short message compiles of a profile picture, name, and the link to an alleged video. As soon as it is clicked, it leads to the spoofed Facebook login page. Those who proceed hand in login credentials to cybercriminals
Remedy Before clicking on any links, make sure that the person actually messaged it to you

Unfortunately, the link included to the fake Facebook Message does not lead to Youtube. It reroutes unaware PC users to fake sites either requiring to connect to your Facebook account again or offering to enter your answers to some survey. Beware that this method has been actively used to swindle users' personal information, such as logins, passwords, and similar data. Besides, there is a huge possibility of being infected with malware.

Facebook Youtube virus
Facebook Youtube virus - yet another type of the scam using the social giant to spread around. While the virus has been redirecting its victims to Youtube, the content is still considered to be dangerous.

Facebook messenger virus has also been used to promote a fake browser add-on causing serious malware's infiltration. According to PC experts, this threat disables security software and prevents its removal from the affected computer.

Facebook video virus

Facebook video virus is a malicious virus that controls victim's Facebook account and automatically posts “My private video,” “My video,” “Private video” and similarly entitled malicious links on victim's timeline. What is more, it tags random victim's Facebook friends in these posts to draw their attention and invite them to click on the link.

Name Facebook video virus
Type Malware, scam
Spread via Facebook Messenger
Infection means Users receive a message that contains “My Private video” or similar message and a link to the alleged video. Nevertheless, if clicked, users might immediately install malware
Remedy Scan your computer for malware and
Prevention Never click on suspicious links, even if they come from your friends

Private video Facebook virus also sends messages having the malicious link included. They go directly to the victim's friends. We strongly advise you NOT to click on these links as it can automatically download malware to your computer.

The main danger related to Facebook video virus is its ability to redirect victims to malicious websites. Beware that the content you can be redirected to can end up with malware. There is also a possibility that your computer will be included in the botnet sending spam all around the network. Finally, a malicious file can also be installed just by clicking on this link. As a result, you can get infected with ransomware, rootkit, worm or a Trojan horse.

“Is that you” Facebook virus

“Is that you” Facebook virus is yet another version of the Facebook virus that involves Messenger app and a video sent by users' social media friends' accounts. This scam tries to intimidate users by showing a link to an allegedly compromising video that was leaked online. However, as evident, these claims are fake, and it is merely a trick used to make users click on the malicious link.

Name “Is that you” Facebook virus
Type Scam 
Spread via Facebook Messenger
Details The message appears as sent from the Facebook friend that shows a video of you. To load the video you need to login to the account and this way criminals obtain your credentials
Remedy Inform the person that his or her account may be hacked or that they have a virus. 
Prevention Avoid clicking on the hyperlinks or any other contents. Scan the machine with anti-malware to clean possible threats occasionally

The message itself may display various text from “Is this you?” YouTube video or only state your name and a question mark alongside the link to the video on youtube or any similar platform. In most cases, you cannot even see the thumbnail of the video to know if the video is really of you.

The main red flag is that there is no context besides that message with a hyperlink or a direct video, so you can be sure that the person who sent this message is not the one responsible. Criminals can hack those Facebook accounts with the only aim – to send this scam campaign.

Make sure to notify the person from the other side, since he or she is the one that got this Facebook messenger it's you virus and needs to have a full system cleaning done to get rid of the initial malware. Their device may get damaged besides infecting oper peoples' machines. Once the person falls for such scam the account credentials get used to login to the profile and spread this malware further.

"Is that You" Facebook virus
"Is that You" Facebook video virus is yet another type of malware appearing on the Messenger and showing allegedly compromising content about you.

OMG Facebook game virus

OMG Facebook Game virus is a malicious strategy used via OMG Facebook game. This is an instant game platform that gained popularity recently. However, users have experienced issues which have already been reported as playing the OMG game on Facebook resulted in the monetary loss. Fortunately, in this particular incident, the victim got the money back because she contacted Google Play's customer service.

Name OMG Facebook Game
Type Malicious ads
Spread via Games in Facebook client
Details Malicious ads in games might lead users to automatic payments for never-ordered services
Remedy Contact Google Play, Facebook, or any other involved parties
Prevention Do not click on suspicious ads that pop-up in Facebook games

As the victim stated, she was playing the game on Facebook and clicking around the application. The game contained various advertisements and clicking on them resulted in redirects to suspicious websites. However, quickly after that, notification about successful payment via Google Play Account was delivered. 

Beware that clicking on various third-party advertisements can result in various cyber infections, so you should keep in mind this fact even while browsing on social media and playing in-website games. The OMG creators reported that this sudden charge has nothing to do with the app and that the game is free and doesn't ask for any payment and that the data collected and used by this program include public information only. They stated that the issue is noted and they are working on improving the experience of Facebook Games.

Facebook Messenger virus
Facebook Messenger virus is one of the most aggressive types of Facebook virus which has been spread since 2013.

Facebook “iPhone for 1 Euro” scam

At the beginning of February 2018, researchers revealed a new wave of Facebook scam. This time, scammers tried to trick people by using false offers to buy iPhone for 1 Euro. According to Phil Tully, a researcher from ZeroFox,[7] any free or cheap iPhone offer should be marked with a red flag. This way scammers may try to extort people's personal information, including full name and credit card details.

Name iPhone for 1 Euro
Type Survey scam
Distribution Malicious Google search result redirecting to bogus Facebook sites
Peculiarities Users are offered an iPhone for one euro. In reality, crooks are trying to defraud users' personal information or attempt to subscribe them to a bogus service
Prevalent in France
Prevention Do not engage in any “free iPhone” or “iPhone for 1 euro” offers. If you want a new iPhone buy it from official sources

“iPhone for 1 Euro” scam has been spreading via infected Google search results used to redirect victims to a Facebook site with a fake iPhone offer. If you happen to come across this Facebook iPhone scam, please report it to Facebook's support immediately. Besides, check your web browser for unwanted extensions and run a scan with an anti-virus program.

Clearance sales summary of 2019 Facebook virus

Clearance sales summary of 2019 Facebook virus is an extremely aggressive scam that keeps posting a specific ad/image on the user's profile every few hours. Additionally, it tags random victim's friends (40-50 of them) to catch their attention and keep spreading. It has also been seen on Instagram and other social networks.

Name Clearance sales summary of 2019
Type Scam
Details Facebook users might come across ads that offer expensive and high-profile brand clothing due to Clearance sales. Nevertheless, if the ad is clicked, users are linked to spoofed websites where, after payments, users never receive the discounted goods
Prevention Do not click on deals that are too-good-to-be-true
Further action if affected Contact your bank and local authorities dealing with scams

The pop-up which is posted by Clearance sales summary of 2019 virus displays impressive discounts of famous clothes and shoe brands. The names include The North Face, UGG, Adidas, Nike, Timberland, Dr. Martens, Canada Goose, and others. Additionally, the scam also includes links redirecting victims to the sites that look like their official web shops.

Beware that these sites and goods which are presented there are fake. No matter how cheap they are, these scammers can send you anything once you pay. Besides, you will be asked to enter your credit card details what can additionally lead you to the loss of your financial information and money. If you found this ad on your wall, delete it immediately or remove the tag. If such activity continues, report the alert to Facebook and follow the steps provided at the end of this post.

Faceliker virus 

Faceliker is a click-fraud Trojan that can infect the victim's computer as soon as he/she visits a compromised web page. The deceptive virus gets access to the account, but, instead of hacking it, it silently uses it to like very specific content. The malicious software redirects the victim's clicks on “Like” buttons and likes completely different content instead. This way, Faceliker Trojan operators can fraudulently promote pages, links, fake news, and other content.

Name Faceliker
Type Trojan
Infection means Malicious websites, spam emails, cracked software, etc.
Details If infected, user's account is used to automatically like predetermined Facebook pages, which allows cybercriminals promote Facebook groups, individuals and posts
Termination Scan your computer with powerful anti-malware software

In case you suspect the presence of Faceliker, immediately check your activity log on Facebook. In case you see some unauthorized likes on posts, links or pages that you didn't authorize, scan your computer with a powerful anti-malware software to remove Faceliker virus for good.

Facebook “Following Me” scam

The scam seeks to promote the post offering you to identify strangers who are following you. At the moment, the network allows unknown people to follow you by clicking the “follow” button, but it does not identify them. According to the scam note, once you enter Settings, Blocking and then Block and then type following Me,” you will see the list of secret followers[8].

Name Following me
Type Scam
Spreads Via bogus Facebook post
Peculiarities The scam offers to reveal people who are following you (Facebook does not provide such option)
Precautions Be aware that Facebook does not post specific instructions, and bogus functionality of the app is only promoted by cybercriminals

In reality, Facebook delivers you the names of people whose names comprise of the “following me” letters. Fortunately, this hoax does not have negative effects as in other cases, when you are tempted to visit infected websites and install corrupted apps. Note that Facebook does not grant such privilege of revealing your followers.

Facebook Money Scam 

Facebook Money scam was first spotted in August 2017, when unknown cyberciminals while trying to swindle the personal information from naive users, such as credit card numbers, money or even identity, by using the name of famous and reputable people.

Name Facebook Money scam
Type Fraud, scam
First spotted August 2017
Details Fake adverts that use a well-known personality name try to swindle Facebook users' personal information
Precautions Before trusting posts on Facebook, first verify that they are coming from a legitimate account of a the person of interest

One of the persons involved was a well-known financial advisor and the founder of MoneySavingExpert.com website Martin Lewis. According to a video which was published on Twitter,[9] people should be careful with such hoaxes that give fake recommendations or use the picture of Lewis illegally.

One of these scams is claiming that Martin Lewis invested half a million pounds into cloud trading scheme because it’s the best what you can do with your money. However, it’s not true. Fraudsters also use his picture for boiler cover incentives, heating incentives and PPI companies that Lewis has nothing in common with.

However, if you find a Facebook advert using his name and offering to invest or purchase some products, do not get tricked and report about such advert to Facebook. The financial guru clearly stated that he does not do Facebook adverts or endorsements unless it’s charitable activity.

Facebook Ryanair scam

The purpose of this scam is to trick users that they can win two free tickets to fly with airlines on their 35th anniversary. However, the company is only 33 years old. The Ryanair scam has been first noticed in 2016; [10] however, it continues spreading further.[11]

Facebook virus Ryanair scam
Ryanair scam offers users free tickers, although once licked is clicked, users are asked to enter their Facebook login details into a spoofed site.

Name Facebook Ryanair scam
Type Scam
Details Users are offered two free tickers for the 35th Ryanair's anniversary. Those who believe the scam and click on the link are redirected on spoofed Ryanair website where they are prompted to enter various sensitive information, such as name, date of birth, credit card details, etc.
How to spot deception
  • Ryanair is only 33 years old, and not 35
  • Check for the URL – official Ryanair site is ryanair.com
  • Check for the “verified” tick mark to make sure Facebook page is official

The post includes the picture of a boarding pass with Ryanair logo. However, vigilant people noticed a ridiculous seat arrangement or an unusual usage of QF code. This post also redirects to numerous fake website, for instance, “ryanair-airways.us.”

On the scam website, users have to enter a bunch of personal information which is accessible to cybercriminals. Some reports also claim that some of these fake sites are infected and spread malware. Therefore, users are advised to stay away from such posts on Facebook. The official Ryanair Facebook account is verified. It means that it has a “blue tick” icon. Hence, if you see other accounts spreading such contests, it’s a clear sign that they are fake.

Facebook Ray Ban virus 

If you are a Facebook user, you probably noticed Ray Ban spam on your timeline at least one time. Criminals are using hacked Facebook accounts to promote illegal and fake Ray-Ban online shops offering the famous eyewear brand products for a fraction of their original price. Ray-Bans on sale? This social engineering trick can attract everyone who desires to obtain these fashionable eyeglasses for less. Sadly, attempts to buy them for a ridiculously small price lead to unexpected consequences.

Name Facebook Ray Ban virus
Type Sales scam, malware
Specifics The scam revolves around users getting infected with data-stealing malware. After that, the host Facebook account is used to tag friends in fake Ray Ban glasses sales posts or create groups. In such way, the hijacked account can promote malicious links, which other users can click and get their personal data stolen or infected with malware
Remedy If you were a victim of Facebook Ray Ban virus, you should immediately scan your device with anti-malware software and change your Facebook, as well as other accounts, credentials

The victims of Facebook Ray Ban virus usually have a password-stealing malware installed on their computers. As soon as frauds find out victim’s Facebook login details, they access the account and use it to post images promoting fake Ray-Ban deals, tag victim’s friends in them, create groups, events and take other illegal actions.

These phishing websites will never provide any glasses to potential buyers because their only purpose is to rob the victims and steal their credit card details. If you bought something from those fake websites, you should contact your bank ASAP and cancel the transaction. You should also change all of your bank passwords and take other steps to protect your privacy.

In case you noticed that your friend posts these Ray-Ban related posts and tags others into them, you should contact him/her and tell them to check their computer with an anti-malware software to remove Facebook Ray Ban virus. The culprit might be an obfuscated keylogger set to steal all of the passwords and login details.

At the same time, they should change their password and go to Settings > Account Settings, then to Security and log in and disconnect all devices that are logged into their Facebook account. Victims should also untag themselves from such posts.

If your Facebook account was hacked by Ray-Ban virus, you should go to Facebook Hacked page and report a compromised account.

Facebook Disneyland scam

Facebook Disneyland scam offers an opportunity to win free passes for the Disneyland theme park. Unfortunately, Disney is not giving away any free tickets to their theme park. People who accessed the provided link and then entered their personal information such as email addresses, cell phone numbers got scammed and put themselves into the risk of identity theft.

Name Facebook Disneyland scam
Type Survey scam
Details Users are offered free tickets to Disneyland, and are then asked to enter personal information such as name, address, email, etc.
Distribution Fake Facebook posts
Prevention Do not get tricked by easy prizes – there are no giveaways that would give people expensive prizes for free
Remedy If you entered your personal details, make sure you change all your passwords on all accounts and contact your bank if financial information was involved

Being spread by using various Facebook posts, the scam redirected its victims to a page asking them to answer survey questions about different products or services. Additionally, the victims were tricked into agreeing to receive calls and text messages from salespeople. Besides, the victims were asked to provide their email address, full name, and similar data.

We should also add that there is yet another version of the scam stating that Disneyland celebrates 110 years of service and offers free tickets to 500 families. However, Disney was not sponsoring any of this. The scam offering 5 free tickets was taken for real because of the artwork similar to Disneylands' trademark used in it. When users clicked on the picture, users were presented with the following message:

Congratulations! You have been selected to take part in our short survey to get 2 free Disneyland tickets.

The “winner” was announced after three questions but there was no prize given. People who participated and “won,” were tricked into liking the message and sharing it with their friends on Facebook. By using this strategy, scammers.

Facebook virus Disneyland scam
In this case, users are offered free Disneyland tickets. However, it is just a hoax and crooks seek users' personal information.

Jayden K. Smith scam 

In the middle of summer'17, new Facebook hoax emerged. This time, a fake message is circulating the social network, urging users not to accept a friend request from someone named Jayden K. Smith. The fraudulent message states that the victim's account will be hacked as soon as one accepts the friend request from this so-called “hacker.”

Name Jayden K. Smith scam 
Type Scam 
Specifics  A fake message that warns about a bogus hacker Jayden K. Smith, and urges users not to accept friend request, but rather inform everybody in the friend list about the alleged danger
Further actions Do not believe random messages that come your way on social media

On top of that, the message suggests forwarding the news to all of the user's friends to help spread the knowledge about the non-existing person. This apparently accelerates the spread of this Facebook hoax.

The truth is, there is no Jayden K. Smith, and there's no reason to worry about him. As always, remember that you should never accept friend requests from strangers because your social media account and your friends' lists can provide scammers a lot of valuable information about you.

Congratulations! Your profile has been selected by Facebook

“Congratulations! Your profile has been selected by Facebook” virus is malvertising technique that created a scam based on the old trick – fake lottery notifications. After getting infected with this adware, you will be bothered by regular pops up stating that you have won an iPhone. In order to retrieve the prize, you need to click on the indicated “Select” button.

Name Congratulations! Your profile has been selected by Facebook
Type Adware
Peculiarities Users are redirected to suspicious sites that display fake pop-ups. The messages claim that users were selected by Facebook to receive a prize, but users are required to provide financial information to allegedly be able to collect it
Risks Money loss, sensitive data theft, malware infections
Further actions Scan your computer for malware with anti-virus software and reset all of your browsers. If you entered your banking data into a spoofed site, contact your bank and local authorities that deal with scams

Needless to say, that you will not receive any prize at all. In fact, you might be asked to provide such confidential details as credit card number, verification codes, email, and shipping addresses. Such data serves as a valuable material for cybercriminals to improve their hacking techniques. In the best case scenario, your computer screen and email Inbox will be crammed with personal spam messages.

Otherwise, you might be infected with a more serious threat. This adware spreads the same way as other samples of the same category. “Your profile has been selected by Facebook” virus might infect your computer via a recently installed freeware or a plug-in. Illegal file-sharing domains might also deliver this virtual annoyance. If you notice these notifications, ignore them, scan your PC with an anti-spyware program and reset the settings.

Facebook hahaha virus

Facebook “hahaha” virus is yet another version of Facebook virus. It is a serious malware which is spread via this social network and used for turning the computer into a bitcoin mining machine.

Name Facebook “hahaha” virus
Type Cryptominer
Details Users are tricked to download a malicious .zip file that extracts the malicious payload and crypto-mining activities begin
Consequences Computer slowdown, hardware wear-and-tear, increased electricity bills, other malware infections
Recovery Remove malware with security application and reset all your browsers

Once it tricks its victims into downloading a malicious .zip file, it starts initiating serious system's slow downs and similar issues. Please, don't let this malicious software stay on your computer because you can never know what malicious activities it can be used for.

Facebook French Tech Support virus

New Facebook spam campaign has just been launched, this time, focusing on the French-speaking Facebook users. The hackers are now modifying Facebook ads and using fake news articles to redirect victims to a malicious Tech Support scam page located on the “hxxp://scansecure21.online/virus-alerte/” domain.

Name  Facebook French Tech Support virus
Type Technical support scam
The way it works Crooks create malicious ads that redirect users to a website that imitates Blue Screen of Death error and plays an audio file that claims that visitors' PCs are infected with Zeus banking trojan. To remediate the issue, users are prompted to call fake tech support
Ramifications Users who call fake tech support might get their machines infected with malware, or lose their money for false tech support services
Prevention Never call any numbers provided in the error message, even if it seems like it comes from a legitimate body (Microsoft, Apple, Facebook, etc.). Legitimate messages include error code but never provide any contact information for the alleged tech support

Once the users land on this page they are “greeted” by a BSoD imitating window and a 29-second audio file (1.mp3) reading out a text in French. Users are being threatened that their computers have been infected with Zeus virus and the only way to protect their banking information and other sensitive details from leaking to the hands of hackers is to call Microsoft support technicians by the given number.

It is yet unknown what follows after calling this number, but we can only presume that this Facebook scam works like any other Tech Support scam and the scammer are trying to convince the callers to purchase questionable software or get remote access to their computers.

Facebook virus - French tech support scam
French Facebook users are targeted by a fake Blue Screen of Death message which they get after being redirected from a bogus Facebook post.

Be careful with the ads leading to the following domains: hxxp://actu.com-vnv.com/1; hxxp://actu-europe.com/camp1/; hxxp://actulist.com/adv1/; hxxp://hebdo-actu.com/ad-s1/; hxxp://twimflp.com/ads-03/; hxxp://25608498.com/ and hxxp://com-uknewsnow.com/. 

Facebook stalker virus

Facebook Stalker virus is a dangerous FB application which is actively spread on this social network. It belongs to scammers and it is used for stealing sensitive user information, not for helping people to find out who is secretly watching their FB profile.

Name Facebook Stalker virus
Type Scam, malware
Distribution Bogus messages on Facebook
Peculiarities Users are urged to click on malicious links on Facebook. These links can redirect users to malware-laden sites that contain information-stealing trojan payload
Risk factors Money loss, identity theft, malware infections, etc.
Recovery Scan your computer for malware and change all your passwords

If you happen to all for the FB Stalker app, you can be redirected to a malicious site which looks like a typical login page of the Facebook. Please, do NOT enter your personal information on it because you will disclose it to malicious actors and lose your Facebook's account!

Your page will be unpublished scam

“Your page will be unpublished” virus campaign started in 2016 when scammers started creating bogus Facebook pages titled as Advert Solution, Ads-Info., Ads Department Social, Team Advert, and similar.

Name Your page will be unpublished scam
Type Scam
Goals Credential theft
How it works Hackers create fake Facebook pages under a name like “Ads-Info” and display fake notifications, claiming that the page will be unpublished. Users are then lead to a spoofing Facebook page that asks them to enter their credentials

All these pages find pages that belong to business owners, and try to scare them by sharing their posts and adding such message to the post:

WARNING: Your Page will be unpublished! Your account has been reported by others. Our system has received the following reports […] To prevent fraud, please re-confirm your Account to avoid blocking here: [link to a phishing Facebook page].

If some suspicious-looking page has shared your post stating that your page will be disabled, ignore it, and report that person/page to real Facebook staff. If you provide your login details to these scammers, they are going to hack your account immediately and use it for malignant purposes, for example, scam your friends asking them to lend money.

Facebook suspension virus

Facebook Suspension virus comes in the form of an official message alerting the victim of the account suspension. In the email, the hackers claim that due to the violation of certain terms of use, the requisite account is to be suspended. However, if this message is sent by a mistake, the user should verify his or her account by clicking the indicated link.

Name Facebook Suspension virus
Type Scam
Distribution Spam emails
Details Users receive a scam email claiming that their Facebook account has been suspended due to the violation of terms of service. Nevertheless, they also state that, in case the email was sent by a mistake, users should verify their account by entering their login details via the provided link. Victims who click on the link might end up installing trojan on their device
Remedy Scan your computer with anti-malware software if you clicked on the link

Do not click on it as you may accidentally download a trojan or enable the full hack of your account. There is also a possibility that you might be misled to the infected domain after clicking the link.

Hackers did a pretty good job impersonating the official support team by giving credentials, However, you might still notice type and grammar mistakes. The sender's email might raise suspicions as well. This version can be eliminated with the help of anti-spyware and anti-virus programs.

Facebook Invite virus

Invitation Facebook virus is a different kind of virus that has been spreading on Facebook for years. It spreads via emails and Facebook's message boards and announces about a great danger on this social network.[12]

Name Facebook Invite virus
Type Scam
Distribution Spam emails, fake Facebook posts
Details Scammers spread fake messages that warn about an alleged “Olympic torch” virus, which is actually fake. Victims are asked to forward the message to everyone on their friend list to allegedly protect them from danger.
Further action Do not forward any hoax messages to your friends – it's a scam and “Olympic torch” does not exist

To be more precise, it foolishly warns its victims about the Facebook threat that comes as a message with an attachment called Invitation Facebook and the text states:

Opens an Olympic torch and will take the whole hard disk C of your computer.

However, security experts have revealed that this message includes trojan horse and other types of viruses. You should remove this scam letter as soon as you receive it.

Facebook Automatic wall post virus

Facebook Automatic Wall Post virus is a cyber infection created for increasing the traffic to specific domains. Besides, it may negatively affect your computer's security and try to steal your personal information.

Name Facebook Automatic Wall Post virus
Type Trojan
Operation The infection directs users to predetermined websites, increasing their traffic and raising the ranking artificially; the trojan might also steal personal user data
Remedy Fully scan your computer for malware and reset your passwords on all accounts

This virus makes people visit the website by showing a tricky message which claims “Sexiest Video ever” and includes a link leading to an unknown website. Also, it automatically makes a post on your wall and spreads in this way. If you see such message, which seems like it has been posted by your friend, you should remove it from your wall immediately.

Facebook friend request virus

Facebook Friend Request virus is a dangerous threat which sends friend requests from user's account to unknown people or, even worse, the ones who have been already blocked by a user. It has been reported that sometimes this virus manages to send more than 100 invites to random people.

Name Facebook friend request virus
Type Spam bot, malware
Details The infection sends hundreds of friend requests to unknown people on Facebook
Dangers Infected users might get their personal information stolen
Fix Scan your computer for malware and reset all your passwords

The point of creating and using this hasn't still been revealed. However, some experts claim that this threat may be used for taking over computers, shutting down their anti-virus programs and similar activities.

Facebook Change color virus

Facebook Change Color virus is a sneaky variant of the Facebook virus relying on a message offering to change your social network's background to pink, red, black or another color.

Name Facebook Change Color virus
Type Survey scam
Distribution Facebook Messenger, spam emails
Peculiarities Users are offered to change their background on social media to different colors. For that, they need to click on a malicious link, which consequently leads users to a survey scam site
Remedy Do not click on suspicious links on spam emails or Facebook Messenger

Just like other types of this threat, it may come to your inbox from one of your contacts which has also been tricked by this scam message. Typically, it includes a malicious link helping for scammers to drive more traffic to their online survey. If you click on this link, you will send this scam message to all your contacts.

Facebook Child Porn virus

Facebook Child Porn virus is a dangerous application, which is circulating on Facebook in a form of pornographic video. It may seem that the message, which has this video attached, was sent by your friend and it is safe. However, after opening it, it becomes clear that it's related to child pornography.

Name Facebook Child Porn virus
Type Malware
Details Users receive a link to a video from somebody on their friend list. The message states “watch this if you're curious” but once the link is opened it leads users to a child pornography site. Additionally, those who click on the link also download a malicious payload that starts posting the link to victims' friends
Remedy If you got tricked by this scam, scan your computer with anti-malware software and change your Facebook login details 

Some victims report that it contains a phrase “watch this if you're curious.” Once opened, virus automatically attaches to your Facebook account and shares this video with all of your Facebook friends.

Facebook virus link
Facebook virus has been used to spread malicious or sponsored links. Some of them promote highly suspicious webshops that are filled with fake deals.

Facebook Ray Ban scam is another trick by criminals which populated in 2018

Facebook Ray Ban scam is currently one of the most popular versions of FB virus on the Internet. Users report that they have received suspicious offers on the social media platform to purchase Ray Ban glasses half the original price. We want to warn you that there is a similar hoax, known as Virus Ray Ban Instagram

Ray Bans on sale? This social engineering trick can attract everyone who desires to obtain these fashionable eyeglasses for less. Sadly, attempts to buy them for a ridiculously small price lead to unexpected consequences.

The victims of Facebook Ray Ban virus usually have a password-stealing malware installed on their computers. As soon as frauds find out victim’s Facebook login details, they access the account and use it to post images promoting fake Ray-Ban deals, tag victim’s friends in them, create groups, events and take other illegal actions.

These phishing websites will never provide any glasses to potential buyers because their only purpose is to rob the victims and steal their credit card details. If you bought something off those fake websites, you should contact your bank ASAP and cancel the transaction. You should also change all of your bank passwords and take other steps to protect your privacy.

In case you noticed that your friend posts these Ray-Ban related posts and tags others into them, you should contact him/her and tell them to check their computer with an anti-malware software to remove Facebook Ray Ban virus. The culprit might be an obfuscated keylogger set to steal all of the passwords and login details.

At the same time, they should change their password and go to Settings > Account Settings, then to Security and log in and disconnect all devices that are logged into their Facebook account. Victims should also untag themselves from such posts.

If your Facebook account was hacked by Ray Ban virus, you should go to Facebook Hacked page and report a compromised account.

Locky ransomware is distributed via Facebook Messenger

One of the versions of the Facebook virus is designed to send deceptive messages via Facebook Messenger to infiltrate the system with Locky ransomware. Usually, the person receives an innocent looking text and a link which can appear as photo_4837.svg or photo_8470.svg. As soon as the user clicks on it, the system is infected with a file-encrypting virus.

Additionally, the criminals are trying their best to make the message seem convincing, so they add the following phrases:

  • Look at this video; 
  • My newest video; 
  • OMG! I can't believe this!, etc.

We should also add that the most of these links look like they were sent to you by one of your friends, so there is no surprise that the latest attack of Facebook virus (it was initiated on the end of September 2016) managed to infect more than 800,000 users[13]. It is unknown how many users were tricked in November 2016 attack, but the number is suspected to be similar.

By clicking such link, you infect your Facebook account and start spreading Facebook virus yourself. Besides, such malware can easily infect your computer with the most dangerous computer viruses that are active during the distribution.

Besides, such threats have actively been used for acquiring sensitive information, such as logins, financial information, and other data which is considered confidential. Unfortunately, hackers have already managed to release multiple versions of this threat. All of them are listed below.

If you think that you are dealing with problems on your Facebook account, you might be infected. Check your wall for spammy posts, go thru your Messages for misleading links. If you can remember clicking them, you must remove Facebook virus ASAP. There are several ways to fix your Facebook account and the affected PC system. One of them is to run a full system scan with Reimage.

Facebook chat virus
Facebook chat virus appears in Facebook chat as a scary notification from your friend. In reality, most of the people whose name was used in this scam are not aware of that.

Facebook Video virus is successfully infecting computers in 2019 as well

Facebook video virus is a tricky scam which is particularly created to distribute potentially unwanted programs (PUPs) or even malware via messages on Messenger. Experts noted that it is still active in 2018, so people must be extremely cautious. Those who have been infected say that they have received a direct text from one of their Facebook friends which includes several elements and a suspicious link:

  • targeted victim’s name;
  • word “video”;
  • random emoji.

When a user clicks on the infected link, the virus starts spreading the same message to all victim’s contact list. Therefore, it works like a chain reaction. Therefore, it is also reported that the virus can send messages in a different language. For instance, in the Netherlands, these messages are written in the Dutch language.[14]

The recent version of Facebook video virus is suspected to be spreading via Google Chrome extensions. However, it is designed to prevent victims from removing it easily. This happens when the malware does the following:

  • Performs arbitrary modifications on the browser;
  • Blocks user’s access to browser’s extensions;
  • Might close Chrome when a user tries to open them.

After the attack, users are advised to reset Google Chrome. However, this may not work. If you Facebook friends continue on reporting about messages sent from your account, you have to uninstall Chrome from your device.

What is more, if your account was hacked, you should also set a new Facebook password and change other accounts passwords. It’s unknown what information cybercriminals can access and what damage they might cause to the personal user’s information. Therefore, victims are suggested to protect sensitive data.

The malware infects computers worldwide for 3 years in a row

Facebook virus is a dangerous cyber threat which has already infected computers all across the globe. Cybersecurity specialists have reported about the Facebook Youtube video version of the malware. At the end of 2017, this virus has tried to deceive credulous people and open a malicious link. It has also spread via Messenger with the following elements:

  • Link to the video;
  • Profile picture of the receiver;
  • Ohh! det är verkligen du?” (“Oh! Is it really you?”) message.[15]

The link directed victims to a YouTube page. It asked you to download a specific plug-in to play the video. Though it may seem more credulous, note that once a proper video link is attached in a Facebook chat window, it displays the icon of the video with a screenshot of the video content.

In this scam, the link does not reveal anything except the YouTube brand name. Like previous versions, the scam is spread to all the contacts of an infected user. The developers of this scam might have set up a few fake accounts as well to keep the distribution of the scam. 

Unfortunately, Facebook virus revealed its new capabilities in December 2017. First of all, it started attacking new countries, such as Vietnam, Netherlands, and Spain. The virus still tries to spread around as Youtube-related video, so make sure you ignore messages that use “video_ (4 random numbers)” name. 

After clicking this message, you can run into two different scenarios:

  • Facebook virus can redirect you to a fake Youtube page asking to update Adobe Flash Player. According to the latest news, this way you can get infected with an adware-type program that can potentially redirect you to malicious websites or track your browsing.
  • You can get infected with an infamous Monero miner, alternatively known as Digmine. In this case, your computer's resources can be used to mine virtual currency. Besides, this attack involves a malicious Chrome extension which misuses Facebook auto-login feature and connects to the victim's account to continue the distribution of the malicious video link. 

Facebook malware and other hoaxes are distributed via extensions

The primary and most successful distribution technique of the malware is malicious Messenger messages that contain an infected link.[4] They are well-designed to make sure that people would fall for the fraud. This way, once the link is clicked, hackers have the access to hijack Facebook account and start the chair reaction of infections.

In addition, if not eliminated, Facebook virus can infect your computer with a trojan horse that starts its activity as soon as it enters the system. It can track you for years to steal your personal information or it can download other viruses to your computer, including ransomware-type threats that can encrypt your files with an advanced encryption algorithm and then start asking you to pay a ransom.

An alternative way used by Facebook virus to infect its victims is related to hacked apps. If you are tricked into granting them with the access to your account, you can find out that your social account was hijacked. Finally, using a weak password is also considered one of the main ways used by Facebook malware to affect its users.

The latest version of malware is noticed spreading via Google Chrome extensions. The problem with this distribution method is that users were forbidden from access Chrome settings and remove the malicious app unless they reset the browser or uninstall it entirely.

Use uninstall Guides to remove Facebook virus and protect your account

It is essential to understand that hackers are good at social engineering tactics and you shouldn't trust unknown people on the social media platform. You can avoid Facebook virus if you never click on:

  • Suspicious links;
  • Messages from unknown people;
  • Unreliable file downloads.

If you can't resist the temptation, send your friend a message BEFORE clicking the provided link and ask him or her about it. Additionally, avoid accessing every game, site or app on the social network because it may be hacked by cyber criminals.

If you have been tricked by any of these types of Facebook virus, you should change your Facebook's password ASAP in order to avoid identity theft and the loss of personal information. Additionally, contact your friends and let them know that your account is hacked. Finally, download Reimage or SpyHunter 5Combo Cleaner to scan your computer and prevent infiltration of malware. It can remove Facebook virus and its outcomes within several minutes.

Do not forget to update the software before running a scan to be sure that your PC is virus free. Some of you might try to perform manual Facebook virus removal on their computers. While you can fix your account manually, we would like to warn you that the threat which travels around together with this threat can remain undetected on your computer. 

Turn off Platform

You can switch off Platform functionality which would stop third-party apps and websites integration:

  1. Login to your Facebook account and click this little triangle on your right;
  2. Click Settings to open General Account Settings window;
  3. Look on your left and select Apps;
  4. Click Edit button on Apps, Websites and Plugins option;
  5. Select Disable to protect your account from unauthorized access of third party apps. 

Facebook virus uninstall guide
Facebook virus removal requires checking the app's settings. Additionally, a full system scan is recommended.

Change your Facebook password

If your accounted was hacked or accessed by unknown individuals, make sure you immediately reset your Facebook password:

  • Click the same little triangle on your right;
  • Click Edit next to Password option;
  • Enter your current password and the new one. Retype it and select Save changes.

Reset all all the affected browsers to remove Facebook virus

Typically, adware or other potentially unwanted programs might change web browser settings. Such a browser will still redirect you to spoofing, scam and phishing sites. Additionally, some malware might steal cookie information. Therefore, make sure you reset your web browsers and eliminate the possibility of hackers keep harvesting the crucial data.

Google Chrome

  • Go to Google Chrome and click on the menu (three vertical dots at the top-right corner) and select Settings.
  • Scroll down and pick Advanced. Facebook virus - reset Chrome
    To ensure Facebook virus removal, you need to reset Chrome
  • Next, find Reset and clean up section.
  • Now click on Restore settings to their original defaults.
  • To confirm the action, click on Reset settings and complete Facebook virus removal. Facebook virus - reset Google Chrome
    Google Chrome reset steps are the part of Facebook virus removal.

Mozilla Firefox

  • Open Mozilla Firefox and click on the menu.
  • Go to Help and then select Troubleshooting Information.
  • In the Give Firefox a tune up section, click on Refresh Firefox…
  • Finally, confirm the action by pressing on Refresh Firefox.

Safari

  • Select Safari and then click on Preferences…
  • Go to Advanced tab.
  • Tick the Show Develop menu in menu bar.
  • Go to the menu bar and click on Develop, and then pick Empty Cache.

Internet Explorer

  • Click on Gear icon and select Internet options.
  • Pick Advanced tab.
  • Select Reset
  • In the new window, check Delete personal settings and click on Reset.

MS Edge

  • Select Menu (three horizontal dots at the top-right) and click on Privacy & security. 
  • Pick Choose what to clear located under Clear browsing data.
  • Select everything and click Clear.
  • Now press Ctrl + Shift + Esc on your keyboard to open Task Manager. 
  • Click on More details arrow at the bottom of the window. 
  • Select Details tab. 
  • Find all MS Edge entries, right-click and select End task.

Scan your computer with security software:

A full system scan is recommended to prevent the further damage of Facebook virus. By running a full scan with Reimage or similar software, you will ensure the removal of trojans, ransomware-type viruses and similar malware which has been spread with the help of this virus.

Offer
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to remove virus damage. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with SpyHunter 5.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with Combo Cleaner.

About the author

Jake Doevan
Jake Doevan - Computer technology expert

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Jake Doevan
About the company Esolutions

References

Removal guides in other languages


  1. Anto says:
    August 15th, 2013 at 4:55 pm

    Dear,
    I cannot understand why Facebook staff is not helping me!
    It is taking such a long while and I think that complaining is unnecssary because they follow strange policies I havent yet comprehended.
    My inquiry is the following:
    I have some posts in my Timeline that cannot be removed, and I dont know why I cant remove them.
    Can you please do something for me?
    Or should I keep on surfing on the Internet for an unlimited time looking for no solutions?
    Thanks for the help Anto
    http://www.facebook.com/BONATESTA4

  2. Susan Kain says:
    October 7th, 2013 at 1:18 am

    I contacted FB technical support because my Facebook was not working right. They transferred me to a Tam who said he is a Certified Microsoft Technician. He said his supervisors name is Brannon Fernandez. Are these people technicians for Facebook? I really need to know because Im trying to find out if I was scammed. They charged me $500 to remove the viruses (he told me there were lots of them) remotely from my computer by taking control of my computer.

    Please let me know if this is a legitimate practice, or have I been taken for a ride? Please get back with me ASAP. Thanks

  3. mitch says:
    July 24th, 2014 at 1:25 pm

    Sorry to say but you got ripped off. Facebook doesnt do stuff like that and if it was a microsoft tech only way for them to control your comp is via their website (microsofts) and its a $99 for a 1 yr service. so i would shut down your comp and boot up in safe mode and run malwarebytes and microsoft sec ess or any other anti virus you have but malwarebytes is a must.

  4. rıza koçak says:
    May 18th, 2014 at 3:27 pm

    https://goo.gl/Y7SiBm

  5. rıza koçak says:
    May 18th, 2014 at 3:28 pm

    4 Gundur bu videoyu yapmak icin ugrasiorum. Izlerseniz mutlu olurum 1yR7T

  6. Malika V says:
    May 29th, 2016 at 7:26 pm

    Its been over a month and Im not able to access my account settings without it kicking me out and saying “authentication failed” and what not. I cant even post a status. I really need some guidance because Facebook does not, I repeat. DOES NOT HAVE A CUSTOMER SERVICE NUMBER.

  7. Shuaiba Ahammed says:
    August 28th, 2016 at 3:49 am

    Thanks very much for sharing the information on virus removal. Will be a great help for everybody.

  8. daniella says:
    October 7th, 2016 at 4:51 am

    When people say hackers are not reliable i laugh at them. I was introduced to this hacker when i had marital issues with my husband,he helped me hack into his emails. Him and his team are professional hackers and they offer other services such as clearing bad driving and criminal records, background checks, monitoring locations, locating missing people, tracking scams e.g (online dating scams, cyber frauds), bank account hacks and transfer, facebook, whatsapp,text messages, phone records, email hacks, teaching individuals on how to become pro hackers and counter hacking hackers. They offer same day services too, and of cause he provides proof of legitimacy.

  9. Dave L. says:
    March 29th, 2017 at 7:07 pm

    EVERY TIME I turn my computer on,and BEFORE I can enter a web address on my destination bar, Facebook.com appears in the search bar,WITHOUT ME TYPING,PROMPTING,OR ENTERING IT.Why? Windows 10 just started doing this a week or two ago, starting approximately March 15,2017.I have anti-virus, I dont open suspicious links or emails,etc.What is going on? How do I get it to stop? Facebook.com is NOT my computers home page !!!!!!!

  10. Kayus says:
    March 31st, 2017 at 7:40 am

    This is what facebook pops up when i want to enter the site: ÞDóP„ sÏûsþÿߟ¯îô\0]×¾c]³j¯M C!HBÇ_Ó~:´PÚ9‡Ì·”ñŒ?á?ûv÷†\£Õ²»Ù´K~+ec/¥(…¨{Áúü°T’cÙ„Y“

Your opinion regarding Facebook virus