mercoledì 12 gennaio 2011

Facebook Chat Virus: how to manage and remove it

Update on July 27th, 2011.

Have you clicked a link in FaceBook chat and now your computer is infected? Have you received a strange message with a link in FaceBook chat and you don't know what is it? This is a good starting point to find more about.

How the virus works
Since December, there is a virus crawling through the FaceBook Chat: a worm, to be more accurate
What is this virus?
Pretty easy: like almost all the infections you can get through a social network, it is just a simple message you'll receive in FaceBook Chat. One of your friend will send you this message, which is something like "foto :-)", "pic :)" and a link to the photo itself. Presumably.
DON'T click it.
Whatever thing could happen, don't click that link. Never.
What to do, then? The first thing is "Don't panic". Until now, nothing bad happened: you've only received a message with a potential virus, but the virus is not in your computer, yet. Simply close that chat window and everything will be fine. And DON'T click the link.
As a second step, I'd suggest you to write a message to your friend, the one who sent you the link with the virus. It's not mandatory, but it's a nice thing from you. DON'T copy the link in the message: just write "I got a strange link from you" and explain what happened and everything will be fine. If you got the link from his/her Facebook profile, this means that your friend is already infected by that virus and now the virus itself is trying to spread, without your friend ever notice it. If you inform him/her, you'll surely do him/her a favour and you'll help avoiding that other friends will be infected by the virus
Now, what happens if you click the link?
First of all, you made a really bad move. But well, it can happen. Maybe you involuntarily clicked it, or you really trusted your friend, who knows. It would be better to be more cautious in the Web, but by now you did it. Time to find a solution. Let's see.
If you click the link, you'll be send to a fake FaceBook page, which says that the picture you were looking for has been moved, for whatever reason. If you want to see the picture, you must click on a button, which looks exactly like a common FaceBook button, like the one you usually click in order to activate an app. Have you clicked it? Great! Now, your computer has just won a new virus.

Clicking on that fake button, you haven't activated any app and you haven't seen any picture, since no picture ever existed! It was a trick, made by the one who programmed the virus: a bait, in order to make you click and install the virus in your computer. Maybe the virus has a name, which looks like a real photo from FaceBook, but the truth is that it's not a photo: it's an executable file, which will install itself in your computer as soon as you click and accept.
This kind of virus is usually called "Worm": it is a virus often hidden in a fake web page, which spreads itself through the Web, from a computer to another. Those pages are clearly fake, but very similar to an original page and they can deceive an inattentive user. After infected your computer, this virus will keep working, trying to spread through all of your contacts, using the same trick which already worked with you: fake links and fake pages.
A worm virus works like this. Their name comes exactly from it: worm, since they crawl from a computer to another, digging through fake pages.

How to remove it
You got yourselves infected. And now?
And now you must clean up your computer, in order to erase the virus and bound the damages it already did.
First of all, you must scan you whole hard disk with a good and updated antivirus. All the hard disk, folder after folder. You can never be too cautious about it.
Usually this is not enough. You need a specific software, in order to remove this kind of virus. There are many of them, as for example Malwarebytes, which is also downloadable in a free version. You can download it by clicking here.
Another mirror site to download it:
Download it, install it and scan all your computer with it, too: then, follow the instructions. Next time, please be more careful and avoid to blindly click any link you find.
One last thing, but very important.
Once you have removed the virus and your computer is clean, change all of your passwords. Change the answers to the questions for recovering your passwords. You can't be sure whether your passwords have already been stolen or not, but it's better to play safe. For sure, someone had a chance for putting his nose inside your computer, potentially finding and copying all of your data stored inside of it, passwords included. Maybe he did it, or maybe not, but why should you risk?
Change your passwords and you'll be safer.

UPDATE 07/27/2011

It seems like there is a new version of this virus (or maybe of a different virus: I haven't yet had a chance tu analyse it). Anyway, the main difference is that this new virus can talk a little more with you: it's not a simple "Hey, look at this: *link", but it's a more evolved bot, which can do a little chit chat, before sending you a link. For example:

Virus; hi. how are you?
User: answer
Virus: good. Wanna laugh?
User: answer
Virus: It is you on the video ?)) want to see?)

...then, here comes the link (remember, please: thou shall not click the link!).
You should be able to remove it with Malwarebytes, just like the other one.

63 commenti:

  1. hi,

    i did all you said, but my chat still dont work. I can not talk to my friends besause im non stop offline- but im not...so ....what can i do ? i check my comp of viruses with programs and they dot find nothing ..,..pleace help me.... tnx
    sanja

    RispondiElimina
  2. You got the chat virus, removed it and now you chat is always offline? Well, it seems like many users have such a problem, even those who never got a virus, so I guess it could just be a bug in Facebook... For now, you could try to use a software like Digsby ( http://www.digsby.com/ ), which allows you to access the Facebook chat from a MSN-like environment. If it's a Facebook bug, this could help you to avoid it, since you're not really using its chat.

    RispondiElimina
  3. Hi,

    I clicked a 'look what happens when father catches daughter on her webcam' virus on facebook. I know I shouldn't have, but I was on the phone and wasn't really paying attention. I changed my password.

    Long story short: I can't delete the virus. I know it's in c/windows/temp but whenever I delete it (in safe modus, because I can't in normal modus) it just reappears. I tried ccleaner, an anti spyware scanner, Malwarebytes and AVG but none of these programs can find and delete it. Do you have any suggestions?

    Thanks for your time.

    RispondiElimina
  4. Well, this kind of stuff usually is just a Facebook scam: it brings you on a page where you're asked for taking a survey in order to unlock the content. (Whole story here: http://nakedsecurity.sophos.com/2011/02/07/facebook-scam-dad-catches-daughter-stripping-webcam/ )
    If you actually got a virus, you can't simply delete it from the folder, because it would keep respawning everytime you reboot: there is a file rooted somewhere in your harddisk (or some lines added to you register), which re-creates the virus when you delete it. You should find and remove the root and this is what an antivirus usually does. If your AV doesn't manage to perform the task, you could try with more extreme softwares, like ComboFix ( http://www.combofix.org/ - A tutorial: http://www.bleepingcomputer.com/combofix/how-to-use-combofix ), but they can be pretty difficult to manage, if you're not used.
    BTW what's the virus name? The name could give some hints about how to remove it...

    RispondiElimina
  5. Hi there, i was sent around 5 links this afternoon and ignored them all, but in the end, i clicked one. I knew it was wrong the second i clicked it, so i cancelled the tab immidietly. Then again, the "crazy pic" links didn't stop. I scanned my computer, changed password and all, but i don't know if i'm safe ? Nothing really seems to be wrong at the moment, i'm only scared from secret viruses.

    RispondiElimina
  6. If you keep getting those links in your chat, the problem is that your friends got the virus. As long as you don't donwload anything from those links, you're safe... but getting all those messages can be annoying, I know. You should contact the friends who keep sending you the message andd tell them to perform a good computer scan, to get rid of the virus: they got the virus, not you (for now, at least).
    Otherwise, just block them in the chat, until they don't clean their computers.

    RispondiElimina
  7. Hi,
    My friend sent me a link unknowingly in chat that said "your so crazy look at this video of you" and then a link. I clicked the link but as the content loaded I pressed back.When I asked my friend, she told me it was a virus. Suddenly, the same message appeared supposedly from me in chat even though I did nothing. Every time I go on chat, the message appears from me and also a fake status from me linking to the site. I have deleted it from facebook apps (it was called 222) but this is still happening.I have Linux Ubuntu. Please help.

    RispondiElimina
  8. Have you removed AND blocked that rogue app? If you only deleted the app, without blocking it, it's still possible that the app have access to your data on Facebook: blocking is the safer way to managr it.
    If you don't know how to do, try watching this video: it might help you.
    http://www.youtube.com/watch?v=1O7Fjf1wlx4

    RispondiElimina
  9. Oh...okay, now I did that and it works!, thanks.

    RispondiElimina
  10. Get a Mac. Problem solved.

    RispondiElimina
  11. hi
    my chat box box opens but it does not shows (chat(15)15 is for example)and there is an empty white space below the last person who is online...and i have removed page rage but still the problem is not fixed please help...

    RispondiElimina
  12. hey, my friend sent me those link, i didn't open it, but just reply to them. Do i got infected to?

    RispondiElimina
  13. As long as you don't click them, it's okay: they are dangerous only when clicked, 'cause they'll bring you to another page, where the virus is.

    RispondiElimina
  14. It's a common trick, a Facebook viral script: it's a fake message, which reposts itself on the pages of all your friends, after you clicked it (or clicked the Like buttons, it depends). It also sent you to a fake FB page, which was set up by the one who also made the virus, and there you usually find a virus: a fake photo, a fake video, a fake program, but in fact it's just a virus.
    In your case, I guess you downloaded a worm virus, instead of a program: try to clean it up with Malwarebytes, it usually works. Download the free software (you can find the link up here), do a quick scan and follow the instructions. Then, "Unlike" the page (if you liked it) and report it as spam. This could prevent others from doing the same mistake.

    RispondiElimina
  15. hey i am infected with the new chat virus and i still spamming links continuously to all my friends even though i downloaded the Malwarebytes .. it makes no difference after i deleted all the infected files .. it's still the same .. can you help me ?

    RispondiElimina
  16. Have you tried with the updated version of Malwarebytes (it should ask you for the most up-to-date virus list, when you start it) AND a common antivirus? Usually, Mawarebytes alone is enough, but you could have caught a different version of this virus... Try with a full scan with both of them, first.
    Then, if you keep sending the infected link, you could try with something stronger like ComboFix:

    http://www.combofix.org/ (download page)
    http://www.bleepingcomputer.com/combofix/how-to-use-combofix (a tutorial)
    ..but it's not easy to use, if you're a beginner.

    RispondiElimina
  17. http://rockingworld1111.t35.com/jv.js

    this script is used in scams now a days
    i downloaded this script from one of such scam page and uploaded to my friend's free hosting site
    just have a look at it, u will be interested in what it does !!

    RispondiElimina
  18. Yes, thanks!
    At a first glance, it's another viral script. It sends to everyone a fake chat message AND posts a link on your wall, about an app which allows you to see who visited your profile. Of course, by clicking on the link you'll be made a Fan of the (fake) app and you too will start spreading the link.
    Main difference is the subject, but it seems like it works the same way other viral scripts do, too. It also contains the address of the fake Page, BTW...

    RispondiElimina
  19. Hi, my gf clicked on some link in facebook chat saying ", check this out we can now video chat on Facebook chat http://www.CHATAT.INFO/1nc71?tableID=100000739219882cht1031375062&t=1313536026000 ."

    We have tried AVG and MWB as I knew of these from previously, but it seems to have no effect. Do you know anything about this fake FB vid-chat spam?

    RispondiElimina
  20. Are you still sending around the link to all of your friends? Some steps to clean you FaceBook page are: deleting everything yhe fake app could have posted on your wall, blocking and "unliking" the app/the page (it depends on the kind of link you got), then proceed to scan you computer with an up-to-date version of MalwareBytes.
    As a last resource, you can try with a tool more powerful (but also more difficult to use) like ComboFix:
    http://www.combofix.org/
    A tutorial here:
    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    RispondiElimina
  21. hi i did evrithing like you sad but i cant inside at facebook ovo mi se pojavljuje This is Google's cache of http://www.facebook.com/sitemaps. It is a snapshot of the page as it appeared on 17 Aug 2011 13:13:04 GMT. The current page could have changed in the meantime. Learn more

    Text-only version

    RispondiElimina
    Risposte
    1. you need to re-install your windows and everithing will be fine!!!!:)

      Elimina
  22. Try to log in from another computer (for example, a friend), If you can log in, then your computer still has some nasty virus going on inside.
    Update your antivirus, then go with:
    -MalwareBytes (full scan)
    -Antivirus (Full scan)

    If this is not enough, try also with ComboFix, which is more difficult to use, but can really get rid of almost any virus.

    Download:
    http://www.combofix.org/

    A tutorial:
    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    RispondiElimina
  23. hai ovaj kod mene ne moze znaci sve sam uradila po vasem tim da taj virus na fb unistim alii sada uopste ne mogu uci nikako znaci ukucam facebook a idem na wlcome facebook ali mi izbaci nesto drugo

    Oops! This link appears to be broken.
    Suggestions:
    Access a cached copy of www.­facebook.­com
    Search on Google:

    RispondiElimina
  24. i have a big problem. i do everything up that you says, but it still does not work.please help.

    This occurs:

    Oops! This link appears to be broken.
    Suggestions:
    Access a cached copy of www.­facebook.­com
    Search on Google:

    RispondiElimina
  25. If you're sure that your computer is clean from tha virus, try also cleaning your browser cache (and cookies, if needed). It depends on the browser you're using, but if you look through "Tools" and "Options", you should be able to find how to clean you cache.
    A simple test would be to try with another computer (a frined, for example): if you can access your Facebook account, then the is in your computer (as it should be the case).

    RispondiElimina
  26. still dont work, i have no virus, i clean cookies, i instal other browser but dont work. i can with another computer try. my firewall still ont give me acees to facebook.

    RispondiElimina
  27. I CANT OPEN MY FACEBOOK. (VIRUS HI ARE YOU )

    hi guys.. Im having the same problem here..
    I can open other website..google, yahoo, wiki. Everything seems to be okay..
    but I cant open my facebook..when I try to open, it said that server not found. try reload the page.
    It really stressed me out because this is my parent laptop and they keep nagging aroud me cause they cant open their
    facebook..erm..huh...these days, facebook really important to old guys huh..

    At first it happen because of the hi how are u virus..when u reply they will send wanna laugh :)
    and then this hacker will send this fake utube and said that u have to download adobe player to play the video
    so..my genius dad click on the link and the laptop hang for a while and after two days they cant open their FB anymore.



    so..to solved the problem..I tried everything..here are the list of the thing that I did :

    -Clear browsing data, delete cookies and cached
    -uninstall my antivirus and malmware and reinstall again
    -uninstall and reinstall my firefox, google chrome and lunascape.
    -did cmd.ipconfig
    -change my firewall setting
    -tried to add s to http
    -tried this windows\system32\drivers\etc
    -click run and type regedit but could not find any file fbtre6.exe and mstre6.exe
    -tried this HkEY_LOCAL_MACHINE and delete the domains

    i tried and tried but still nothing..T_T


    Then, after two day i spend my raya aidilfitri infront of the sreen and the pain
    of my back is....huh...hard to say...

    Thank God, I found this website.: ))
    U just have to reset the host file at the drivers/etc
    U can fix it yourself, imeans manually or just click "fit it".
    and it's works for me...and now..I can live my peacefull life without hearing
    my mom and dad keep repeating "fix my computer. I cant open my FB" 27times a day.
    huh...

    here's the link..i hope it usefull..

    http://support.microsoft.com/kb/972034#LetMeFixItMyselfAlways


    send me any question or anything if the problem still the same...

    "Selamat Hari Raya Aidilfitri " august 2011


    sugus chan87. T__T
    murdiana@hotmail.com

    RispondiElimina
  28. hi! the same problem here!! i have opened the link that someone send me as a chat message on fb and i got a virus! i have scanned my comp with malwarebytes and he discovered 4 type of viruses. i have delited them, and after that i can reach all web sites but facebook. everythime i click to get facebook it says: The connection was refused when attempting to connect to www.facebook.com, but i can logg in from another pc or mobile phone...

    why that?
    help please!!

    RispondiElimina
  29. JUST scan with adware, then go to mycomputer/C:/windows/system32/etc
    then open file hosts with notepad
    and delete all word relate to facebook and save it.
    if u dont found d file, go to control panel, search folder option, click show hidden file

    RispondiElimina
  30. Hi!

    I have this problem also in my chatbox. All of my friends told me when I am their chatmate, they always receive an invite for video chat from me even though I am not sending one. How can I able to get rid of it?

    Thank you so much!

    RispondiElimina
  31. o problema no meu facebook é que eu não consigo entrar no chat, nem ver as notificações, mensagens e solicitações e nem muito menos comentar em alguma postagem.... o q eu faço???

    RispondiElimina
  32. the problem is on my facebook is that I can not enter in the chat, or view the notifications, messages and requests, and much less comment on a post .... what I do??

    RispondiElimina
  33. http://www.facebook.com/. It is a snapshot of the page as it appeared what i do?????????

    RispondiElimina
  34. how to remove this ". Do you have a camera? Let's video chat here http://vidface2face.net/8rgr0sm0 __" from the chatbox..

    i deleted cookies on google chrome and on computer on control panel and scanned using scan for spyware and the malware and combofix but still that message will appear on the chat...

    RispondiElimina
  35. I didnt click on link like below
    check this out we can now video chat on Facebook chat http://vidface2face.net/tvpt08uk __

    but my fb chat box will automatic send out this message (check this out we can now video chat on Facebook chat http://vidface2face.net/tvpt08uk __v) to my friends.

    wat can i do ? how can i remove it ? can u teach me?

    Thanks

    RispondiElimina
  36. my fb box automatically sends a msg with a wierd link dont know how,
    why is this happening??
    i cant chat cuz the link is soething about sex and now people are misunderstanding me!!
    please help!!!

    RispondiElimina
  37. http://video.loopoop.com/QQYYOOWW60M6

    RispondiElimina
  38. Hi i can't chat with my friends on fb. when i chat with them strnge link appear to them from my messages. what can i do? plz help me

    RispondiElimina
  39. From Facebook, we may get many attacks. Recently i have read about a virus called Virtumonde, it's dangerous and i removed it easily.

    RispondiElimina
  40. Live Chat Software Application is a powerful tool that helps you talk to your website visitors and convert them into customers.

    RispondiElimina
  41. Everyone lоѵes it whеn іnԁіviduals cоme togеtheг and ѕhагe thoughts.

    Great website, continuе the good ωork!
    Here is my web site - www.vapornine.com

    RispondiElimina
  42. I’m not that muсh οf a іnternеt reader to be honest but your sites really nice,
    kеep it uρ! I'll go ahead and bookmark your site to come back later. Cheers
    Here is my web-site :: pikavippi

    RispondiElimina
  43. I'm curious to find out what blog platform you are using? I'm having
    some small security problems with my latest site and I would like to find
    something more risk-free. Do you have any recommendations?
    Also visit my site ; http://modellus.fct.unl.pt/user/view.php?id=38705&course=1

    RispondiElimina
  44. Nіce post. І was checκіng cοnstantly this weblοg
    and I am impгessed! Extгemеly uѕeful infо ѕpеciallу the finаl sеctіon :
    ) I maintain such informаtіon а lot.
    I ωaѕ loоking fοr this certаin info for a vеry lοng timе.
    Thank you and gooԁ luck.
    Feel free to surf my blog samsung galaxy note 2

    RispondiElimina
  45. A fascinating discussion is definitely worth comment.

    There's no doubt that that you need to publish more on this topic, it may not be a taboo subject but usually folks don't speak
    about these issues. To the next! Kind regards!
    !
    my web page > how to download movies

    RispondiElimina
  46. I am rеally thankful to the holdeг of this sіte who has
    shared this enormous аrtісle at аt thiѕ
    place.
    Feel free to visit my site :: broker mortgage

    RispondiElimina
  47. great submit, very informative. I ponder why the other
    specialists of this sector don't realize this. You should continue your writing. I'm confident, you have a
    great readers' base already!
    Feel free to visit my page ... piano lessons

    RispondiElimina
  48. Ηello, i feеl that і ѕаw you visited my sitе
    thus i got here to go back the fаvoг?
    .I am аttеmptіng to to fіnd things tο enhance my web ѕitе!
    I аssume іts oκ to use a few of your concepts!
    !
    Also visit my blog post ... pikavippii

    RispondiElimina
  49. I am regular visitor, how are you everybody? This article
    posted at this web site is in fact fastidious.
    Check out my page - how to make a app

    RispondiElimina
  50. I have a new name in my chat list of friends. It only appears when i am online for several people. It is a person (one that appears in chat) that i don't know and i can't send her a message of any kind, when i try error sing appears. Also I cant find that person on search. Once again that person appears only when I'm online for some peoples (if i turn on chat for all she is not there) and she is not in my inbox. Has some ells expirienct something like these?

    RispondiElimina
  51. If you have search any virus free and secure live chat software then you try eAssistance Pro live chat software provide you online support service, live website support, off line support facility and much more. so try this software trial version also available for 30 days. Visit for more information : www.supportlivechat.org

    RispondiElimina
  52. Thanks for sharing above help. Its really a working trick for facebook users. I have one more trick for FB users If anyone wants to hide their offline friends list from chat panel. The only thing they just need to do is, download Google chrome extiontion which takes hardly 5 minutes of your time. When I heard about this extention from my friends I thought that they were just kidding but after browsing on internet I found some trick and it really works. If any of you wants to show only the friends who are online, must install this extension with the help of link provided.

    RispondiElimina
  53. hey,i don't know what type of spam and from where my fb got but my account keep sending messages to my friends..like- look this is interested in you,,click that,, etc.
    please help me what to do?

    RispondiElimina
  54. Hi,
    my friend sent me a link and i clicked on it...now that link is sent to my facebook contacts and my skype contacts....my pc has also become slow (i dont know if it is because of that)....will this solution work??? ...reply soon

    RispondiElimina
  55. Hi same old story but just for the sake of easing my mind Im just gonna ask away. My friend sent me a link supposedly from mediefire.com/jpg or something which Im not so sure of. I received the fb msg through my iPhone 5 and it couldnt be opened so I tried opening it from my Samsung tablet and it was downloaded to it. It didnt occur to me at first but I decided to ask my friend and he said it was a virus. Now im so sure of what to do next since usually it will happen in computer but this time its from my Samsung tablet.

    RispondiElimina
  56. I have the problem of sending links of mediafire thru facebook chat. It wont stop, I reinstall the google chrome. First someone send a link then i opened it and allow.. So, i am sending those links, too. I try to scan the hard disk and the deleting apps on facebook. Nothing happens. Please help

    RispondiElimina
  57. Hi i have created my wordpress blog which is so nice and looking so beautiful.And i have created its profile.Sgt. David Hack

    RispondiElimina
  58. The blog is unique that’s providing the nice material. Please post more interesting articles here. infographic design

    RispondiElimina
  59. Great webpage buddy, I am going to notify this to all my friends and contacts as well. social media infographics

    RispondiElimina