Severity scale:  

Remove Twitter virus (Removal Guide) - Jul 2019 update

removal by Gabriel E. Hall - - | Type: Malware

Twitter virus is a phrase used to describe dangerous malware spreading via this networking service 

Phony messages that Twitter virus posts via infected accounts
Twitter virus is a term used to describe malicious cyber threats using intriguing posts to infect users with malware

Questions about Twitter virus

Twitter virus is a term used to describe spam activities on a popular social network. Usually, malware delivers spam posts or sends private messages that contain a shortened link. However, once clicked, it might redirect to highly suspicious websites that might be created for spreading malware or phishing attempts. However, according to the latest trends, Twitter malware can install on the target system and then use Twitter posts from its owner for communication. This is a totally new feature that could lead the IoT community to serious outcomes.

Name Twitter virus
Category Malware
Infiltration Malicious posts on social networks; infected emails or links/ads on the Internet
Main signs Intriguing headlines which trying to convince victims into clicking the link or downloading the malicious file onto the system
Examples of potentially dangerous headlines
  • OMG I can’t believe that
  • This video of you is shocking
  • Is this you in this photo?
  • OMG look what they’re saying about you;
  • Check this!!!
Main dangers Getting infected with malware, losing personal information, damaging files, etc.
Prevention Avoid pesky links on Twitter or that you receive via the direct message, always keep your anti-virus up-to-date
Elimination  Use Reimage to spot potential danger on your computer 

Twitter malware has been known since 2009. It acts similarly to any of the Facebook virus, iPhone virus, Android virus, and others. If it manages to affect one’s account, it starts sending out spammy messages to its contacts and may also initiate other issues for its victim, such as disable his/her account, etc.

This virus is based on malicious posts that appear on Twitter's timeline. To draw people’s attention, this virus uses infected or fake accounts to post misleading tweets saying something like:

  • OMG, I can’t believe that;
  • OMG look what they’re saying about you;
  • Check this!!!

Of course, these tweets are filled with invented content, which is supposed to draw people's attention and convince them to click on it.

Misleading tweets is not the only way how this virus spreads around. Twitter virus may try to affect your account via direct messages that can be sent to you by unknown people. They can also be filled with links and similar content. In fact, these malicious links that are usually included to these fake messages are the main helpers for this virus to spread around.

Typically, these links redirect to phishing and malware-laden websites that ask the victim to install a certain plug-in, update or a program that is required in order to see the intriguing content. Such downloads are infectious and should be avoided! However, if you clicked on such link or installed suspicious content, you should carry out Twitter virus removal immediately.

To remove Twitter virus, you need to disable application access via Settings and uninstall questionable programs or browser add-ons you were tricked to install. However, you can speed up this procedure by scanning the system with Reimage and changing your password.

Malware detected as TROJAN.MSIL.BERBOMTHUM.AA is using Twitter to reach its owners

Twitter virus has numerous forms and features. While TROJAN.MSIL.BERBOMTHUM.AA is not using this network to get into the target computer, once inside it, it starts reaching out its owners by using the special technique that uses the payload hidden in the Twitter images.[1] These Twitter memes are filled with special commands, e.g. “print,” “processos” or “clip,” which mean exact actions, such as making the screenshot of the screen, copying running processes, retrieving the username and so on. This is a great danger as the victim can be lead to identity theft and similar loss.

The operation principle, which is known as steganography, is not a common case these days. Unfortunately, there is a great possibility that such viruses will become more common in 2019. While the Twitter virus, which was used for communication with the virus owners, is down, the appearance of similar viruses can be expected in the nearest future.  

Twitter scam “Who visits your Twitter profile” is yet another way to get infected

Example of “Who visits your Twitter profile” spam
“Who visits your Twitter profile” spam is yet another version of Twitter virus

In January 2018, a new variant of Twitter spam was detected.[2] Numerous people were tweeting with a hashtag #FBPE which included the link to a website that claims to reveal the sweet information about who has viewed your profile.

There a couple of different spam messages, for instance:
Goooo!! Click for more information:
Who visits your Twitter profile
100% safe, 100% working
Click here, available for iOS and Android


Sign in and download this fantastic app – only available today

However, all of them contains the link to checkvisitss[.]tk website that offers to connect with Twitter account and learn who visited your profile. Once this button is clicked, users are redirected to authorization website which asks for regular Twitter app permissions:

  • Read tweets from your timeline
  • See who you follow and follow new people
  • Update your profile
  • Find Tweets for you

Indeed, after the installation, the Twitter virus continues posting lots of annoying content on behalf of you. Though, the redirect website and app itself don’t perform any malicious activities. However, it might be just a matter of time. You can never be sure if scammers wouldn’t think of the way to spread malware.

Thus, if your account was posting spam, you should navigate to Applications tab under Settings and Privacy, and disconnect all suspicious apps to remove Twitter scam entirely.

Other examples of Twitter viruses

Money-based schemes. Scammers used the names of popular companies, such as Google, in order to convince users that they can make money while working from home. However, they were asked to pay a small sign-up fee. In this case, crooks get victim’s credit card information and can charge them every single month.

Pay-For-Followers scams. These types of posts included a possibility to increase user’s followers. Scammers claimed that for a small amount of money (e.g. $5) they can get more than 2000 followers within a day.

Twitter worms. In 2009 “Mikeyy” or “StalkDaily” worm[3] was noticed spreading on social network asking to access a website. As soon as users clicked on a link, her or his account was infected and continues spreading malware further.

Other worms were spotted in 2014. This time malware was more sophisticated and managed to compromise even BBC News Twitter account.[4]

Fake customer support accounts. In 2014 and 2016, numerous fake customer support accounts were detected.[5] These phishing scams were used for stealing user’s logins and passwords. Typically, users were asked to access a camouflaged website and enter their details.

Users are advised to be careful with such messages. Official accounts always are verified and have a blue tick mark.

Twitter virus prevention requires being extra careful when using the social network

Twitter virus mostly spreads via direct messages and bogus posts on the timeline. In order to protect yourself, you should ignore all spammy-looking messages that typically announce about shocking news or promote various products, such as drugs, contests for getting the ability to win smartphones, sales, and similar things.

You must never click on the link, which can also be found in these tweets. Typically, such posts contain shortened URLs, and this technique is used to obfuscate suspicious-looking malicious links.

Also, make sure you ignore tweets that may show up in your account out of nowhere. If you would happen to get infected with Twitter virus, you should keep in your mind that you can be involved in its distribution. You can start sending out the same or similar spammy messages to all of your followers and friends automatically.

To get rid of Twitter virus, you should check your profile and the computer system

If you clicked on a suspicious link or your followers reported that you are posting spam, you should consider a Twitter virus removal. We recommend terminating the virus with the help of anti-malware software, for instance, Reimage or SpyHunterCombo Cleaner.

The virus can add additional programs to the system, inject suspicious extensions and tracking cookies into web browsers you use, and add registry keys that are hard to identify and delete manually. Thus, you may not be able to remove Twitter virus without security software, specialists from[6] say.

Additionally, if you have suffered from “Who visits your Twitter profile” scam, you should follow these steps too:

  1. Log in to Twitter.
  2. Access Settings and Privacy.
  3. Open Applications tab.
  4. Remove suspicious applications by clicking Revoke access button next to each of them.

If you cannot access your account after the attack, you should follow the guidelines provided by Twitter Help Center


do it now!
Reimage (remover) Happiness
Reimage (remover) Happiness
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to remove virus damage. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with SpyHunter.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with Combo Cleaner.

To remove Twitter virus, follow these steps:

Remove Twitter using Safe Mode with Networking

If you cannot start the anti-malware software, reboot your PC into a Safe Mode with Networking first, and then launch your anti-malware program. You should also carry out the following instructions to protect your Twitter account:

  • Change your Twitter password ASAP (you should change it on other accounts as well, if you use the same password there). For that you should click your username, select “Settings” and then click the “Password” tab. Click “Change” to save these changes.
  • Log back into your Twitter account and delete any spammy-looking messages.

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove Twitter

    Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete Twitter removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Twitter and other ransomwares, use a reputable anti-spyware, such as Reimage, SpyHunterCombo Cleaner or Malwarebytes Malwarebytes

About the author

Gabriel E. Hall
Gabriel E. Hall - Passionate web researcher

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Gabriel E. Hall
About the company Esolutions


Removal guides in other languages

Your opinion regarding Twitter virus