Warning! JavaScript is turned off or disabled! Some features on this website will not work.
« »

Malicious Facebook Virus or Malware Chat Messages

2014-05-20T19:57:52  +
Malicious Facebook Virus or Malware Chat Messages

If you are sent the Facebook chat message below: "LOL", with a Zip file attached, with the name "IMG_xxxxx.zip" (x represents a number), please not open the file, although the message seems as if it came from one of your Facebook friends. The file is a not an image or a document and was not sent by your Facebook friends. The file is actually a malware that will infect your computer and compromise your Facebook account, if you open it.

Please continue reading below.


Once your Facebook account is hijacked by this malware, it will send itself to all of your Facebook friends.

This is How The Malicious Facebook Virus Chat Messages Look

The Malicious Facebook Chat Message - lol IMG_00417.zip - IMG_00103.zip


The name of the malicious zip file will change. If you look at the file names above, you will notice that the numbers have changed. If you have received any files with the naming format "IMG_xxxxx.zip", where “x” represents a number, in your Facebook chat message window, please do not open it.

Opening the "IMG_xxxxx.zip" will not infect your computer; it is the malicious file "IMG_xxxxx.jar" that it contains that will infect your computer if you open it.

Currently, the malware attached to the message only affects computers running the Windows operating system. But, that does mean that you should open it if you are using another operating system such as Google Android, Apple OS, Linux or others.

Now, if you have already opened the malicious file, please do a full scan of your computer with the antivirus software installed on it and do not open files ending with “.zip” or “.rar”, unless you are expecting these files from someone.

Also, do the following:

This article is related to the following:

Please continue reading below.


Please share with us what you know or ask a question about this article by leaving a comment below. Also, check the comment section below for additional information, if there is any.

Remember to forward suspicious, malicious, or phishing email messages to us at the following email address: info@onlinethreatalerts.com

Also, report scams, untrustworthy, or fraudulent websites to us. Tell us why you consider the websites untrustworthy or fraudulent.

If you want to quickly find answers to your questions, use our search engine.

Comments, Questions and Reviews ✍
(Total: 37)

To help protect your privacy, please do not post or remove, your full name, telephone number, email address, username, password, account number, credit card information, home address or other sensitive information in or from your comments, questions, or reviews.

↓ Show More of the 37 Comments ↓

Write Your Comment, Question or Review

Write your comment, question or review in the box below to share what you know or to get answers. Please revisit after an hour or more to view reponses or answers to you questions.

Your comment, question or review will be posted as an anonymous user because you are not signed in. Sign-in.

The comments or reviews below do not necessarily reflect the views of Online Threat Alerts.

  • Posted: 2014-05-17T10:49:33 by an anonymous user from or near: Bangalore, Karnataka, India

    How to stop this spam message going to others from my account?
    It's going to my friend on its own.


  • Posted: 2014-05-10T18:46:28 by an anonymous user from or near: Taylor, Michigan, United States

    i had one saying that someone posted gross photos of me and sent me a broken link to tumblr, though it dident download anything i found out awhile later someone had hacked his account and sent that to numerous people on his friends list


  • Posted: 2014-05-09T03:11:05 by an anonymous user from or near: Mosonmagyaróvár, Gyor-Moson-Sopron, Hungary

    Hello guys and girls! For first, sorry for my bad English.

    Hope that someone can help me. I'm really nervous.

    Yesterday night, around 22:00 pm, I got this "LOL" virus from a very good friend. I never got a Facebook virus before. I don't know, I was just not thinking and click on the .zip file.

    But, it looks weird.in total commander, I open the '.zip' file and saw the '.jar' file. I had a bad feeling, so I DID NOT CLICK ON IT and DID NOT EXTRACT the .zip file.

    I just deleted it. After that, I ran the Avast scan 2 times, reset my Facebook and Gmail passwords, reset my Firefox. Then i downloaded Anti-malware software and use it to scan my computer.

    It found some old bad files, So I deleted all of them. Now, after 12 hours, I don't notice anything wrong or bad stuff. My Facebook account is not sending any spam or virus message. My PC works just as before.

    But I still don't know if I am in danger or not? I really thinking about doing a System Restore. Is it necessary anyway? Do you think after the System Restore I will be totally safe from this virus? Please share what do you think.


    • Posted: 2014-05-09T19:29:43 by an anonymous user from or near: City of, London, United Kingdom

      I only did a ‘System Restore’ in order to clear it. If you click on messages and find that the virus doesn’t replicate itself to anyone within your friends list, you can then ‘assume’ that it has been removed from your PC.


      • Posted: 2014-05-10T18:45:31 by an anonymous user from or near: Québec, Québec, Canada

        Actually it's not removed from pc 'cause I've had the same and it started to send messages to my friends after - 2 weeks...


        • Posted: 2014-05-13T07:01:34 by an anonymous user from or near: Mosonmagyaróvár, Gyor-Moson-Sopron, Hungary

          So now what should I do? I did a system restore and the virus send messages after that? How can it do this?


    • Posted: 2014-05-09T06:19:40 by info

      You have done all that is necessary to protect your Facebook and email accounts, except deleting all Facebook applications from your account. Click here for instructions.

      There maybe a malicious Facebook application in your account posting messages to your friends with links to a virus or other malicious websites.


  • Posted: 2014-05-08T23:02:49 by an anonymous user from or near: Jackson, Mississippi, United States

    I got this message a week ago, and I thought I was fine until today when all of a sudden my friends got this message from me when I have not used my facebook all day. I am doing a full scan now. I warned my friend. please keep us posted if there is a permanent way to stop this virus.


  • Posted: 2014-05-08T16:55:43 by an anonymous user from or near: Raleigh, North Carolina, United States

    They have changed from 'IMG' to 'Portrait', but still a zip file.


  • Posted: 2014-05-08T13:58:20 by an anonymous user from or near: Erlanger, Kentucky, United States

    What happens if I opened this through my samsung galaxy s3 I've deleted the download. Is my phone at risk?


    • Posted: 2014-05-08T14:31:27 by info

      Yes, because the attachment is a JAVA (.jar) file, and Java is installed on almost every device. So, please do not attempt to open the file on your mobile device.


      • Posted: 2014-05-08T14:50:34 by an anonymous user from or near: Erlanger, Kentucky, United States

        I had already opened it. How can I clean my phone?


        • Posted: 2014-05-08T17:29:46 by info

          How do you know that it infected your phone? But, if you are not sure, click here to download a free anti-virus software for your phone.


          • Posted: 2014-05-08T18:04:29 by an anonymous user from or near: Hebron, Kentucky, United States

            I am not sure if it did or not, but I did click to download what I thought was going to be a picture. That's why I asked. But how would I know if it did infect it?


            • Posted: 2014-05-08T18:09:50 by info

              It will be hard to tell, unless your phone started behaving strangely. Download a free antivirus from the link I gave you in the comment above, and use it scan your mobile device.


  • Posted: 2014-05-08T13:57:08 by an anonymous user from or near: Telemark, Norway

    I just received this file, and managed to click on it, which of course launched the virus onto my computer. I logged out from fb with the computer in question, and changed my fb password. Avira nor avast can find the virus on my computer, and I was hoping someone could help me fix this problem.


    • Posted: 2014-05-11T12:43:19 by an anonymous user from or near: Kopavogur, Capital Region, Iceland

      Use Malwarebytes and Adwcleaner


  • Posted: 2014-05-07T11:49:47 by an anonymous user from or near: City of, London, United Kingdom

    I also fell for it even though I had already been aware of it, just one of theses memory lapses; anyway, I did nothing more than a ‘System Restore’ and gone within 5mins of being infected with it.


    • Posted: 2014-05-08T04:20:49 by an anonymous user from or near: City of, London, United Kingdom

      The virus only triggers itself when you click on Facebook > Messages and will start replicating itself with everyone within your friends list, once that starts to happen, click out of facebook and that will bring its replication to a halt.

      Once it has been removed by my method or by antimalware, warn everyone within your friends list that it replicates itself too.


  • Posted: 2014-05-07T07:45:14 by an anonymous user from or near: Riga, Riga, Latvia

    I wasn't thinking and extracted the zip, but thankfully I didn't click on the .jar so I guess I'm ok.
    Would trying to open the .jar hurt my pc if don't have Java installed?


    • Posted: 2014-05-07T09:03:40 by info

      It won't harm your PC, because the .jar file requires JAVA to run. But, be careful because JAVA (JRE) comes pre-installed on most computers.


  • Posted: 2014-05-06T17:27:51 by an anonymous user from or near: Belgrade, Serbia

    I received such message, but I didn't open the file, I just opened the message in order to delete it. However, I got infected and started sending it to all my friends. I didn't know what to do so I deactivated my account. Will the virus still be there when I activate it?


    • Posted: 2014-05-06T19:04:25 by info

      Opening the email message will not infect your computer. The attachment must be opened for the virus to infected your computer. But, it seems something else is doing the sending.

      Follow the instructions that I have listed in the "Try This" comment that I have made below.


  • Posted: 2014-05-06T10:51:13 by an anonymous user from or near: Kavadarci, Kavadarci, Macedonia

    This is so annoying.
    All my friends are informed about this virus, which is sending from my facebook account, and I did everything that is suggested in this video but still.. nothing. How can I stop these messages?


    • Posted: 2014-05-06T11:24:06 by info

      Try this:


  • Posted: 2014-04-28T00:00:19 by an anonymous user from or near: Vancouver, British Columbia, Canada

    I opened the file and there were pictures in the file...would the pictures be of the person who sent the file?...it was a virus and I had to get a tech to remove it.


  • Posted: 2014-04-27T05:47:10 by an anonymous user from or near: Altona, Victoria, Australia

    My friend was hit by it, it also disguises itself by saying "Hey, did you take these photos?" followed by a .rar named "[YOUR NAME HERE].rar" with your name here replaced with your own name (so for example, John Smith.rar) Got lucky and twigged before anything could be downloaded onto my computer.


  • Posted: 2014-04-27T04:38:44 by an anonymous user from or near: Melbourne, Victoria, Australia

    I've changed my password AND used an antivirus to scan through my computer and it's still sending.. Help?


    • Posted: 2014-04-27T08:37:28 by info

      If you are still receiving the email message, it doesn't mean that your computer is infected.


  • Posted: 2014-04-26T11:53:54 by an anonymous user from or near: Marco de Canaveses, Porto, Portugal

    The name of the file can change also.

    just now appeared a file DSCN00845.zip also with the "lol" in the begining.

    there was also a message that i received that i dont remember now that was in brasilian, that instead of the "lol" expression.

    This usually happens when people enter in some websites that tell u to put some scripts in order to catch people's passwords (in this case the malaware could have been a very bad virus that damages computers, instead of the malaware, because people don't have the right to enter other people's accounts).

    Also websites that tell u to download some software so u can view some video can possibly be a problem.


  • Posted: 2014-03-26T20:56:53 by an anonymous user from or near: Lexington, Virginia, United States

    I unfortunately fell for this, but it was a relatively easy fix. The name of the file in the message is actually the viral file name, I just found it in my computer, deleted it then deleted it from recycling, ran a scan and was good to go. I would also recommend changing passwords, etc.


    • Posted: 2014-05-08T14:02:36 by an anonymous user from or near: Ledegem, West-Vlaanderen, Belgium

      I ran a adwcleaner scan, and clean, resetted pc, changed password on facebook, scanned with antivirus, and manually searched for this file and could not find a thing, hoping I got lucky, but does this virus actually do damage?


      • Posted: 2014-05-08T14:33:25 by info

        The main thing it does is to compromise your Facebook account. But, it may be able to download other dangerous virus or Trojan horse.


    • Posted: 2014-04-02T02:40:49 by an anonymous user from or near: Oppegård, Akershus, Norway

      Fell for it too, but couldn't delete the file.. now I can't even find it.


      • Posted: 2014-05-06T17:06:52 by an anonymous user from or near: Stip, Štip, Macedonia

        Just found it, renamed it and deleted it. Try


    • Posted: 2014-04-01T11:13:03 by an anonymous user from or near: Bolzano, Trentino-Alto Adige, Italy


      I fell for this too. But I am not able to find that file. Can you help me please. I found something like AAAAA when I opened MSCONFIG but I am not able to delete it.