Severity scale:  

Remove Twitter virus (Removal Guide) - updated Oct 2020

removal by Gabriel E. Hall - - | Type: Malware

Twitter virus – a term used to describe various types of malware spreading on the social platform via links or “Only for you” DMs

Phony messages that Twitter virus posts via infected accountsTwitter virus is a term used to describe malicious cyber threats using intriguing posts to infect users with malware

Twitter virus is a name of the threat created to describe the particular malware that affects social media users. This name is used for spam activities on a popular social network, malicious links delivering malware or commercial content campaigns showing questionable material via private messages. Usually, such malware delivers spam posts or sends private DMs that contain a shortened link redirecting to shady pages. Unfortunately, once clicked, it might show or install a highly suspicious application that might be created for spreading malware or phishing attempts.

Questions about Twitter virus

However, according to the latest trends, Twitter malware can install on the target system and then use Twitter posts from its owner for communication. This is a totally new feature that could lead the IoT community to serious outcomes. The more recent campaigns distributing on the social platform spread via messages with “Only for you”. This type of Twitter virus contains users name, links to suspicious sites. Some users stated that the redirect took them to a particular account and that the DM comes from the known person.[1]

Name Twitter virus
Category Malware
Infiltration Malicious posts on social networks; infected emails or links/ads on the Internet
Main signs Intriguing headlines which trying to convince victims into clicking the link or downloading the malicious file onto the system
Examples of potentially dangerous headlines
  • OMG I can’t believe that
  • This video of you is shocking
  • Is this you in this photo?
  • OMG look what they’re saying about you;
  • Check this!!!;
  • Only for you
Main dangers Getting infected with malware, losing personal information, damaging files, etc.
Prevention Avoid pesky links on Twitter or that you receive via the direct message, always keep your anti-virus up-to-date
Elimination  Use Reimage Reimage Cleaner Intego to spot potential danger on your computer 

Twitter malware has been known since 2009. It acts similarly to any of the Facebook virus, iPhone virus, Android virus, and others. If it manages to affect one’s account, it starts sending out spammy messages to its contacts and may also initiate other issues for its victim, such as disable his/her account, etc.

This virus is based on malicious posts that appear on Twitter's timeline. To draw people’s attention, this virus uses infected or fake accounts to post misleading tweets saying something like:

  • OMG, I can’t believe that;
  • OMG look what they’re saying about you;
  • Is this you in this photo?;
  • Only for you;
  • Check this!!!

Of course, these tweets are filled with invented content, which is supposed to draw people's attention and convince them to click on it. Misleading tweets is not the only way how this virus spreads around. Twitter virus may try to affect your account via direct messages that can be sent to you by unknown people. They can also be filled with links and similar content. In fact, these malicious links that are usually included to these fake messages are the main helpers for this virus to spread around.

Typically, these links redirect to phishing and malware-laden websites that ask the victim to install a certain plug-in, update or a program that is required in order to see the intriguing content. Such downloads are infectious and should be avoided! However, if you clicked on such link or installed suspicious content, you should carry out Twitter virus removal immediately.

To remove Twitter virus, you need to disable application access via Settings and uninstall questionable programs or browser add-ons you were tricked to install. However, you can speed up this procedure by scanning the system with Reimage Reimage Cleaner Intego and changing your password.

Image of Twitter virusTwitter virus is the term used for describing various scams spreading on the social network.

Malware detected as TROJAN.MSIL.BERBOMTHUM.AA is using Twitter to reach its owners

Twitter virus has numerous forms and features. While TROJAN.MSIL.BERBOMTHUM.AA is not using this network to get into the target computer, once inside it, it starts reaching out to its owners by using the special technique that uses the payload hidden in the Twitter images.[2]

These Twitter memes are filled with special commands, e.g. “print,” “processos” or “clip,” which mean exact actions, such as making the screenshot of the screen, copying running processes, retrieving the username and so on. This is a great danger as the victim can be lead to identity theft and similar loss.

The operation principle, which is known as steganography, is not a common case these days. Unfortunately, there is a great possibility that such viruses will become more common in 2019. While the Twitter virus, which was used for communication with the virus owners, is down, the appearance of similar viruses can be expected in the nearest future.  

Example of “Who visits your Twitter profile” spam

Twitter scam “Who visits your Twitter profile” is yet another way to get infected

In January 2018, a new variant of Twitter spam was detected.[3] Numerous people were tweeting with a hashtag #FBPE which included the link to a website that claims to reveal the sweet information about who has viewed your profile.

There a couple of different spam messages, for instance:
Goooo!! Click for more information:
Who visits your Twitter profile
100% safe, 100% working
Click here, available for iOS and Android


Sign in and download this fantastic app – only available today

However, all of them contains the link to checkvisitss[.]tk website that offers to connect with Twitter account and learn who visited your profile. Once this button is clicked, users are redirected to authorization website which asks for regular Twitter app permissions:

  • Read tweets from your timeline
  • See who you follow and follow new people
  • Update your profile
  • Find Tweets for you

Indeed, after the installation, the Twitter virus continues posting lots of annoying content on behalf of you. Though, the redirected website and app itself don’t perform any malicious activities. However, it might be just a matter of time. You can never be sure if scammers wouldn’t think of the way to spread malware.

Thus, if your account was posting spam, you should navigate to Applications tab under Settings and Privacy, and disconnect all suspicious apps to remove Twitter scam entirely.

Other examples of Twitter virus

Money-based schemes

Scammers used the names of popular companies, such as Google, in order to convince users that they can make money while working from home. However, they were asked to pay a small sign-up fee. In this case, crooks get the victim’s credit card information and can charge them every single month.

Pay-For-Followers scams

These types of posts included a possibility to increase user’s followers. Scammers claimed that for a small amount of money (e.g. $5) they can get more than 2000 followers within a day.

Twitter worms

In 2009 “Mikeyy” or “StalkDaily” worm[4] was noticed spreading on the social network asking to access a website. As soon as users clicked on a link, her or his account was infected and continues spreading the malware further.

Other worms were spotted in 2014. This time malware was more sophisticated and managed to compromise even BBC News Twitter account.[5]

Fake customer support accounts

In 2014 and 2016, numerous fake customer support accounts were detected.[6] These phishing scams were used for stealing user’s logins and passwords. Typically, users were asked to access a camouflaged website and enter their details.

Users are advised to be careful with such messages. Official accounts always are verified and have a blue tick mark.

Direct message scams

The DM campaign of Only for you Twitter virus, involving the private DMs on the platform delivers questionable links to your account or any other page that shows shady content. Fraudulent messages seem to be sent from the person you know to fake the legitimacy. However, you shouldn't rely on such content and try to stay away from opening, reading and replying to such DMs.

When you receive ONLY FOR YOU message in the private message section or even directly on the phone, you should react and delete such messages ASAP. Those links can be faked and look like a link to some other social platform account or twitter support.

Nevertheless, shortened links even redirect you to malicious content filled pages with the possible download of more severe malware. Your account can even get hacked if you go to the provided page or download anything from the internet. You should remove Only for you Twitter virus or any other shady DM and reset passwords to this social platform, and other accounts.

Only for you Twitter virusThe messages say ONLY FOR YOU and contain a shortened link to the shady page when the DM is not a legit message from the person you know.

Virus prevention requires being extra careful when using social media

Such social network malware mostly spreads via direct messages and bogus posts on the timeline of the particular platform. In order to protect yourself, you should ignore all spammy-looking messages that typically announce about shocking news or promote various products, such as drugs, contests for getting the ability to win smartphones, sales, and similar things.

You must never click on the link, which can also be found in these tweets or posts on other media outlets. Typically, such posts contain shortened URLs, and this technique is used to obfuscate suspicious-looking malicious links.

Also, make sure you ignore tweets that may show up on your feet out of nowhere. If you would happen to get infected with a Twitter virus, you should keep in your mind that you can be involved in its distribution. You can start sending out the same or similar spammy messages to all of your followers and friends automatically.

To get rid of the Twitter virus, you should check your profile and the computer system for unwanted alterations

If you clicked on a suspicious link or your followers reported that you are posting spam, you should consider a Twitter virus removal. We recommend terminating the virus with the help of anti-malware software, for instance, Reimage Reimage Cleaner Intego or SpyHunter 5Combo Cleaner, Malwarebytes.

The virus can add additional programs to the system, inject suspicious extensions and tracking cookies into web browsers you use, and add registry keys that are hard to identify and delete manually. Thus, you may not be able to remove Twitter virus without security software, specialists from[7] say.

Additionally, if you have suffered from “Who visits your Twitter profile” scam, you should follow these steps too:

  1. Log in to Twitter.
  2. Access Settings and Privacy.
  3. Open Applications tab.
  4. Remove suspicious applications by clicking Revoke access button next to each of them.

If you cannot access your account after the attack, you should follow the guidelines provided by Twitter Help Center


do it now!
Reimage Happiness
Intego Happiness
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage Intego, submit a question to our support team and provide as much details as possible.
Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

To remove Twitter virus, follow these steps:

Remove Twitter using Safe Mode with Networking

If you cannot start the anti-malware software, reboot your PC into a Safe Mode with Networking first, and then launch your anti-malware program. You should also carry out the following instructions to protect your Twitter account:

  • Change your Twitter password ASAP (you should change it on other accounts as well, if you use the same password there). For that, you should click your username, select “Settings” and then click the “Password” tab. Click “Change” to save these changes.
  • Log back into your Twitter account and delete any spammy-looking messages.

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove Twitter

    Log in to your infected account and start the browser. Download Reimage Reimage Cleaner Intego or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete Twitter removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Twitter and other ransomwares, use a reputable anti-spyware, such as Reimage Reimage Cleaner Intego, SpyHunter 5Combo Cleaner or Malwarebytes

Access your website securely from any location

When you work on the domain, site, blog, or different project that requires constant management, content creation, or coding, you may need to connect to the server and content management service more often. It is a hassle when your website is protected from suspicious connections and unauthorized IP addresses.

The best solution for creating a tighter network could be a dedicated/fixed IP address. If you make your IP address static and set to your device, you can connect to the CMS from any location and do not create any additional issues for server or network manager that need to monitor connections and activities. This is how you bypass some of the authentications factors and can remotely use your banking accounts without triggering suspicious with each login. 

VPN software providers like Private Internet Access can help you with such settings and offer the option to control the online reputation and manage projects easily from any part of the world. It is better to clock the access to your website from different IP addresses. So you can keep the project safe and secure when you have the dedicated IP address VPN and protected access to the content management system.

Backup files for the later use, in case of the malware attack

Computer users can suffer from data losses due to cyber infections or their own faulty doings. Ransomware can encrypt and hold files hostage, while unforeseen power cuts might cause a loss of important documents. If you have proper up-to-date backups, you can easily recover after such an incident and get back to work. It is also equally important to update backups on a regular basis so that the newest information remains intact – you can set this process to be performed automatically.

When you have the previous version of every important document or project you can avoid frustration and breakdowns. It comes in handy when malware strikes out of nowhere. Use Data Recovery Pro for the data restoration process.

About the author
Gabriel E. Hall
Gabriel E. Hall - Passionate web researcher

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Gabriel E. Hall
About the company Esolutions

Removal guides in other languages

Your opinion regarding Twitter virus