Remove “Is that you” Facebook virus (Removal Guide) - updated Feb 2021

“Is that you” Facebook virus Removal Guide

What is “Is that you” Facebook virus?

“Is that you” Facebook virus – malicious message campaign that aim to steal your credentials and other personal details

"Its you" Video group virus"Is that You" Facebook virus is the messenger threat that has many versions including this one that redirects to a questionable Video group of Facebook once you click the content in the message.

“Its you” Facebook virus is a term used to describe a malicious activity on Facebook Messenger. In this particular campaign, victims receive a personal message with what seems to be a YouTube video link,[1] which is accompanied by a few emojis and a short description, such as:

  • “its you?”
  • “is that you?”
  • “It looks like you”
  • “Hey! [name] Is that video yours?”
  • “I can’t believe it’s you” and a few others.

Curious, many users click on the link that also includes their profile picture, believing that the video is actually legitimate. Unfortunately, as soon as the “Its you” Facebook virus link is clicked, users can be redirected to a spoofing page that asks them to enter their Facebook credentials.

This page typically looks identical to the original one, although the deception can be quickly recognized by looking at the URL bar. Nonetheless, the Facebook accounts of users who provide such-like data will be infected. It will then be sending the same generated message to other people in the friend list – this is the main method of how “Its you” Facebook virus circulates.

This trick has been used for years, as cybercriminals saw great potential in something as simple as taking users' profile pictures and making them believe that the video link is actually about them. To make matters worse, the “Its you” Facebook scam message comes from what seems to be a reliable person from the victim's friend's list. This happens not because that person is the culprit trying to sabotage your account, but because his/her Facebook account was hijacked to send spam.

It's you Facebook virus scheme resembles an old “hahaha” Facebook virus and other types of Facebook virus variants. Cybercriminals constantly find new ways to spark users' curiosity and make them expose their login information or banking details, as well as download malware on their devices.

Name “Is that you” Facebook virus
Type Malware
Symptoms Shows the message stating that it is you in the video on Facebook Messenger
Version of
Known short messages “Is that you?”, “its you?”, “it's you”, “It looks like you,” “Hey! [name] Is that video yours?”, “I can’t believe it’s you”, “Is this your video”, “you are in this video?”, “this is your video?”, “who posted your photo here”, “this video belongs to you?” and similar
Danger Aims to trick people into revealing their credentials, redirects to dangerous pages, installs malicious extensions, also known as malware
Distribution Facebook messenger
Elimination Ignore “Is that you” message on Facebook and clean the machine with anti-spyware if you clicked on the link which has a great potential of being malicious. Virus damage can be fixed with ReimageIntego

It's you video virus is yet another type of Facebook virus[2] distributed by scammers to obtain people’s login credentials or disseminate malware. The virus was initially detected in 2017. This time, the Facebook team patched the vulnerability quickly and stopped its distribution. However, apparently, it hasn’t been terminated entirely since the latest wave of scam campaign was revealed during the 2020 coronavirus pandemic.

The main reason why is this social media scam[3] categorized as extremely dangerous is that it may cause the leakage of private information. Once the user clicks on a “video” link, it's you Facebook Messenger virus redirects to a fake YouTube website and then launches a Messenger-like login website. The scam asking are you in this video Facebook virus won’t allow the user to see the video unless he or she enters login details. That’s a catch of the Is this you YouTube virus.

“It's you” Facebook virus aims to get victims to visit the malicious page, reveal information regarding their email or social media accounts, or even install anything. Cybercriminals come up with various scam techniques and tactics designed to obtain valuable details about the user. There is no doubt that you must avoid these redirects as hard as you can.

"Is that you" Facebook virus"Is that you" Facebook virus scam can trick people into giving away Facebook login details.

While trying to trick its victims into corresponding activities, Facebook video of your virus uses fake claims about the content regarding you or your relatives, mostly close people. Unfortunately, virus developers can even pose as your close friends and messenger contacts, so you don't think twice before clicking the provided link or a video.

However, clicking on the content displayed by “Is that you” Facebook virus can lead you to numerous places that are considered unsafe:

  • commercial pages;
  • ad-supported sites;
  • affiliated content;
  • sites with malicious material;
  • promotional pop-ups.

“Is this your video” Facebook virus scam doesn't end there with the initial message about the compromising video. Once the link or the video itself gets clicked, a form with login information gets prompted to “help” you log into your Facebook account or email. Unfortunately, that's the point when the information you enter gets recorded and collected.

"Is that you" Facebook messenger virus"Is that you" Facebook virus is the threat that appears as a message with direct video content or a hyperlink to allegedly video of you.

The collected logins and passwords can be used in numerous ways, including personalized scams and phishing campaigns. Such data like passwords can be often used in direct extortion and email scams because people use the same password for a few accounts. Additionally, if your Facebook account is commercial and connected to your PayPal account, hackers can steal your money.

Unfortunately, there are other instances when hackers and criminals can obtain such data or use the stolen and recorded information. “Is that you” Facebook virus is only a version of the malware set to take the information.

Beware that the Facebook virus has many versions that aim to get personal information, steal credentials, or any other valuable data from the victim. Additionally, you can be redirected to malware-filled websites offering quick links to malicious extensions and similar content. As we have already warned you, it's you Facebook virus is showing increased activity on the web, so be prepared and also warn people around you.

"Is that you" Facebook virus message"Is that you" Facebook virus appears in messenger and aims to trick people into visiting malicious sites by showing alleged video of the victim.

Other dangers related to “Is that you” Facebook virus

The malicious links on social media can also be used for distributing malware or severe cyber infections, so before clicking on doubtful messages that do not look naturally written, ask your friend or acquaintance if he or she send that to you. Most probably, his/her account has been infected with the Facebook virus, which is why it’s generating malicious messages automatically.

If you think that your Facebook account has been infected with It's you YouTube Facebook virus, you should immediately report that to the Facebook support team and change your account's password.

Then download a professional anti-malware or update the one that you have and run a full system scan with it. That’s the quickest and most reliable way to remove “Is that you” Facebook virus. If the virus causes errors in the system, we recommend using ReimageIntego.

The distribution of message virus variants is still the same

Although not in all cases, most frequently, social platform users are attacked via messages from one of the contacts. The infection spreads using a chain scheme, i.e., people get infected from one another by clicking on malicious links.

This virus generates the messages that have the following scheme – the name of the potential victim, then a word “video” linked to a malicious domain and random emoji. Cybersecurity experts found out that the virus is translated into various languages, so if the location of the victim is Italy, he or she will get the message in the Italian language.

To protect your social media account from the attack, it’s a must to stay away from misleading advertisements and news feeds provided on the platform. Do not fall for offers to win Ryanair tickets or iPhone offers for one euro. Newsfeeds about a half-naked woman with slogans like “The girl ruined her life in two minutes” are also a scam, which may redirect to phishing websites.

Security experts from[4] recommend people to enable two-factor authentication. This feature is a useful precautionary measure that helps to prevent account hack. With the feature enabled, each time someone will try to log into your account, you will get a confirmation request asking to enter a unique security code.

"This video belongs to you?" Facebook virus"This video belongs to you?" is just one of many versions of widespread Facebook scam

Learn how to remove “Is that you” Facebook virus completely

“Is that you” Facebook virus is a dangerous piece of malware, which lock you from the Facebook account or trick you into installing another cyber infection. Therefore, as soon as some of your friends tell you that you are sending messages via Messenger asking are you in this video Facebook virus, immediately scan the system with professional security software, such as SpyHunter 5Combo Cleaner or Malwarebytes. ReimageIntego will help you replace corrupted and damaged system files.

Besides, don’t forget to change your Facebook password ASAP to prevent identity theft and information leakage. It’s also advisable to report to your friends that your account might be hacked and that they should now open suspicious messages that are sent via your account to them.

“Is that you” virus removal also requires a close investigation of app settings on Facebook. To disable malicious add-ons, you should perform these steps:

  1. Log in to your Facebook account and click on a little triangle on your right;
  2. Click Settings to open General Account Settings window;
  3. Look on your left and select Apps;
  4. Click Edit button on Apps, Websites and Plugins option;
  5. Select Disable to protect your account from unauthorized access to third-party apps.

Additionally, we also recommend clearing your web browser cache and related data to ensure that no malicious components remain on the web browser, such as Google Chrome, Mozilla Firefox, Safari, or another web browser. If you want a quick resolution, you could simply reset the web browser and start anew. You will find all the details on how to do that below.

do it now!
Reimage Happiness
Intego Happiness
Compatible with Microsoft Windows Compatible with macOS
What to do if failed?
If you failed to remove virus damage using Reimage Intego, submit a question to our support team and provide as much details as possible.
Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

Getting rid of “Is that you” Facebook virus. Follow these steps

Remove from Microsoft Edge

Delete unwanted extensions from MS Edge:

  1. Select Menu (three horizontal dots at the top-right of the browser window) and pick Extensions.
  2. From the list, pick the extension and click on the Gear icon.
  3. Click on Uninstall at the bottom. Remove extensions from Edge

Clear cookies and other browser data:

  1. Click on the Menu (three horizontal dots at the top-right of the browser window) and select Privacy & security.
  2. Under Clear browsing data, pick Choose what to clear.
  3. Select everything (apart from passwords, although you might want to include Media licenses as well, if applicable) and click on Clear. Clear Edge browsing data

Restore new tab and homepage settings:

  1. Click the menu icon and choose Settings.
  2. Then find On startup section.
  3. Click Disable if you found any suspicious domain.

Reset MS Edge if the above steps did not work:

  1. Press on Ctrl + Shift + Esc to open Task Manager.
  2. Click on More details arrow at the bottom of the window.
  3. Select Details tab.
  4. Now scroll down and locate every entry with Microsoft Edge name in it. Right-click on each of them and select End Task to stop MS Edge from running. Reset MS Edge

If this solution failed to help you, you need to use an advanced Edge reset method. Note that you need to backup your data before proceeding.

  1. Find the following folder on your computer: C:\\Users\\%username%\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe.
  2. Press Ctrl + A on your keyboard to select all folders.
  3. Right-click on them and pick Delete Advanced MS Edge reset 1
  4. Now right-click on the Start button and pick Windows PowerShell (Admin).
  5. When the new window opens, copy and paste the following command, and then press Enter:

    Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register “$($_.InstallLocation)\\AppXManifest.xml” -Verbose Advanced MS Edge reset 2

Instructions for Chromium-based Edge

Delete extensions from MS Edge (Chromium):

  1. Open Edge and click select Settings > Extensions.
  2. Delete unwanted extensions by clicking Remove. Remove extensions from Chromium Edge

Clear cache and site data:

  1. Click on Menu and go to Settings.
  2. Select Privacy and services.
  3. Under Clear browsing data, pick Choose what to clear.
  4. Under Time range, pick All time.
  5. Select Clear now. Clear browser data from Chroum Edge

Reset Chromium-based MS Edge:

  1. Click on Menu and select Settings.
  2. On the left side, pick Reset settings.
  3. Select Restore settings to their default values.
  4. Confirm with Reset. Reset Chromium Edge

Remove from Mozilla Firefox (FF)

Remove dangerous extensions:

  1. Open Mozilla Firefox browser and click on the Menu (three horizontal lines at the top-right of the window).
  2. Select Add-ons.
  3. In here, select unwanted plugin and click Remove. Remove extensions from Firefox

Reset the homepage:

  1. Click three horizontal lines at the top right corner to open the menu.
  2. Choose Options.
  3. Under Home options, enter your preferred site that will open every time you newly open the Mozilla Firefox.

Clear cookies and site data:

  1. Click Menu and pick Options.
  2. Go to Privacy & Security section.
  3. Scroll down to locate Cookies and Site Data.
  4. Click on Clear Data…
  5. Select Cookies and Site Data, as well as Cached Web Content and press Clear. Clear cookies and site data from Firefox

Reset Mozilla Firefox

If clearing the browser as explained above did not help, reset Mozilla Firefox:

  1. Open Mozilla Firefox browser and click the Menu.
  2. Go to Help and then choose Troubleshooting Information. Reset Firefox 1
  3. Under Give Firefox a tune up section, click on Refresh Firefox…
  4. Once the pop-up shows up, confirm the action by pressing on Refresh Firefox. Reset Firefox 2

Remove from Google Chrome

If you can't eliminate unwanted extensions from Google Chrome or you machine was infected with “Its you” Facebook malware, you should reset the web browser as explained below:

Delete malicious extensions from Google Chrome:

  1. Open Google Chrome, click on the Menu (three vertical dots at the top-right corner) and select More tools > Extensions.
  2. In the newly opened window, you will see all the installed extensions. Uninstall all the suspicious plugins that might be related to the unwanted program by clicking Remove. Remove extensions from Chrome

Clear cache and web data from Chrome:

  1. Click on Menu and pick Settings.
  2. Under Privacy and security, select Clear browsing data.
  3. Select Browsing history, Cookies and other site data, as well as Cached images and files.
  4. Click Clear data. Clear cache and web data from Chrome

Change your homepage:

  1. Click menu and choose Settings.
  2. Look for a suspicious site in the On startup section.
  3. Click on Open a specific or set of pages and click on three dots to find the Remove option.

Reset Google Chrome:

If the previous methods did not help you, reset Google Chrome to eliminate all the unwanted components:

  1. Click on Menu and select Settings.
  2. In the Settings, scroll down and click Advanced.
  3. Scroll down and locate Reset and clean up section.
  4. Now click Restore settings to their original defaults.
  5. Confirm with Reset settings. Reset Chrome 2

Delete from Safari

Remove unwanted extensions from Safari:

  1. Click Safari > Preferences…
  2. In the new window, pick Extensions.
  3. Select the unwanted extension and select Uninstall. Remove extensions from Safari

Clear cookies and other website data from Safari:

  1. Click Safari > Clear History…
  2. From the drop-down menu under Clear, pick all history.
  3. Confirm with Clear History. Clear cookies and website data from Safari

Reset Safari if the above-mentioned steps did not help you:

  1. Click Safari > Preferences…
  2. Go to Advanced tab.
  3. Tick the Show Develop menu in menu bar.
  4. From the menu bar, click Develop, and then select Empty Caches. Reset Safari

Report the incident to your local authorities

If you have been scammed online, it is worth reporting it to your local authorities:

Ransomware is a huge business that is highly illegal, and authorities are very involved in catching malware operators. To have increased chances of identifying the culprits, the agencies need information. Therefore, by reporting the crime, you could help with stopping the cybercriminal activities and catching the threat actors. Make sure you include all the possible details, including how did you notice the attack, when it happened, etc. Additionally, providing documents such as ransom notes, examples of encrypted files, or malware executables would also be beneficial.

Law enforcement agencies typically deal with online fraud and cybercrime, although it depends on where you live. Here is the list of local authority groups that handle incidents like ransomware attacks, sorted by country:

Internet Crime Complaint Center IC3

If your country is not listed above, you should contact the local police department or communications center.

Manual removal using Safe Mode

Important! →
Manual removal guide might be too complicated for regular computer users. It requires advanced IT knowledge to be performed correctly (if vital system files are removed or damaged, it might result in full Windows compromise), and it also might take hours to complete. Therefore, we highly advise using the automatic method provided above instead.

Step 1. Access Safe Mode with Networking

Manual malware removal should be best performed in the Safe Mode environment. 

Windows 7 / Vista / XP
  1. Click Start > Shutdown > Restart > OK.
  2. When your computer becomes active, start pressing F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
  3. Select Safe Mode with Networking from the list. Windows 7/XP
Windows 10 / Windows 8
  1. Right-click on Start button and select Settings.
  2. Scroll down to pick Update & Security.
    Update and security
  3. On the left side of the window, pick Recovery.
  4. Now scroll down to find Advanced Startup section.
  5. Click Restart now.
  6. Select Troubleshoot. Choose an option
  7. Go to Advanced options. Advanced options
  8. Select Startup Settings. Startup settings
  9. Press Restart.
  10. Now press 5 or click 5) Enable Safe Mode with Networking. Enable safe mode

Step 2. Shut down suspicious processes

Windows Task Manager is a useful tool that shows all the processes running in the background. If malware is running a process, you need to shut it down:

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Click on More details.
    Open task manager
  3. Scroll down to Background processes section, and look for anything suspicious.
  4. Right-click and select Open file location.
    Open file location
  5. Go back to the process, right-click and pick End Task.
    End task
  6. Delete the contents of the malicious folder.

Step 3. Check program Startup

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Go to Startup tab.
  3. Right-click on the suspicious program and pick Disable.

Step 4. Delete virus files

Malware-related files can be found in various places within your computer. Here are instructions that could help you find them:

  1. Type in Disk Cleanup in Windows search and press Enter.
    Disk cleanup
  2. Select the drive you want to clean (C: is your main drive by default and is likely to be the one that has malicious files in).
  3. Scroll through the Files to delete list and select the following:

    Temporary Internet Files
    Recycle Bin
    Temporary files

  4. Pick Clean up system files.
    Delete temp files
  5. You can also look for other malicious files hidden in the following folders (type these entries in Windows Search and press Enter):


After you are finished, reboot the PC in normal mode.

How to prevent from getting malware

Do not let government spy on you

The government has many issues in regards to tracking users' data and spying on citizens, so you should take this into consideration and learn more about shady information gathering practices. Avoid any unwanted government tracking or spying by going totally anonymous on the internet. 

You can choose a different location when you go online and access any material you want without particular content restrictions. You can easily enjoy internet connection without any risks of being hacked by using Private Internet Access VPN.

Control the information that can be accessed by government any other unwanted party and surf online without being spied on. Even if you are not involved in illegal activities or trust your selection of services, platforms, be suspicious for your own security and take precautionary measures by using the VPN service.

Backup files for the later use, in case of the malware attack

Computer users can suffer from data losses due to cyber infections or their own faulty doings. Ransomware can encrypt and hold files hostage, while unforeseen power cuts might cause a loss of important documents. If you have proper up-to-date backups, you can easily recover after such an incident and get back to work. It is also equally important to update backups on a regular basis so that the newest information remains intact – you can set this process to be performed automatically.

When you have the previous version of every important document or project you can avoid frustration and breakdowns. It comes in handy when malware strikes out of nowhere. Use Data Recovery Pro for the data restoration process.

About the author
Alice Woods
Alice Woods - Likes to teach users about virus prevention

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Alice Woods
About the company Esolutions

Removal guides in other languages