Malicious Facebook Virus or Malware Chat Messages

Malicious Facebook Virus or Malware Chat Messages

If you are sent the Facebook chat message below: "LOL", with a Zip file attached, with the name "IMG_xxxxx.zip" (x represents a number), please not open the file, although the message seems as if it came from one of your Facebook friends. The file is a not an image or a document and was not sent by your Facebook friends. The file is actually a malware that will infect your computer and compromise your Facebook account, if you open it.

Once your Facebook account is hijacked by this malware, it will send itself to all of your Facebook friends.

This is How The Malicious Facebook Virus Chat Messages Look

The Malicious Facebook Chat Message - lol IMG_00417.zip - IMG_00103.zip
lol
IMG_00417.zip

Lol
IMG_00103.zip

The name of the malicious zip file will change. If you look at the file names above, you will notice that the numbers have changed. If you have received any files with the naming format "IMG_xxxxx.zip", where “x” represents a number, in your Facebook chat message window, please do not open it.

Opening the "IMG_xxxxx.zip" will not infect your computer; it is the malicious file "IMG_xxxxx.jar" that it contains that will infect your computer if you open it.

Currently, the malware attached to the message only affects computers running the Windows operating system. But, that does mean that you should open it if you are using another operating system such as Google Android, Apple OS, Linux or others.

Now, if you have already opened the malicious file, please do a full scan of your computer with the antivirus software installed on it and do not open files ending with “.zip” or “.rar”, unless you are expecting these files from someone.

Also, do the following:

This article is related to the following:

Check the comment section below for additional information, share what you know, or ask a question about this article by leaving a comment below. And, to quickly find answers to your questions, use our search Search engine.

Note: Some of the information in samples on this website may have been impersonated or spoofed.

Was this article helpful?  +
Share this with others:
Donate

Comments, Questions, Answers, or Reviews

Comments (Total: 37)

To protect your privacy, please remove sensitive or identifiable information from your comments, questions, or reviews. We will use your IP address to display your approximate location to other users when you make a post. That location is not enough to find you.

Your post will be set as anonymous because you are not signed in. An anonymous post cannot be edited or deleted, therefore, review it carefully before posting. Sign-in.

The comments, reviews or answers below do not necessarily reflect the views of Online Threat Alerts (OTA).

  • May 17, 2014 at 10:49 AM by an anonymous user from: Chennai, Tamil Nadu, India

    How to stop this spam message going to others from my account?

    It's going to my friend on its own.

    • May 17, 2014 at 8:20 PM by info

      <a href="/article/2014/5/15/phishing-facebook-message-hey-wat-are-you-doing-in-this-videeo-wow-skip-to/">Click here for instructions.</a>

  • May 10, 2014 at 6:46 PM by an anonymous user from: Taylor, Michigan, United States

    i had one saying that someone posted gross photos of me and sent me a broken link to tumblr, though it dident download anything i found out awhile later someone had hacked his account and sent that to numerous people on his friends list

  • May 9, 2014 at 3:11 AM by an anonymous user from: Gyor, Gyor-Moson-Sopron, Hungary

    Hello guys and girls! For first, sorry for my bad English.

    Hope that someone can help me. I'm really nervous.

    Yesterday night, around 22:00 pm, I got this "LOL" virus from a very good friend. I never got a Facebook virus before. I don't know, I was just not thinking and click on the .zip file.

    But, it looks weird.in total commander, I open the '.zip' file and saw the '.jar' file. I had a bad feeling, so I DID NOT CLICK ON IT and DID NOT EXTRACT the .zip file.

    I just deleted it. After that, I ran the Avast scan 2 times, reset my Facebook and Gmail passwords, reset my Firefox. Then i downloaded Anti-malware software and use it to scan my computer.

    It found some old bad files, So I deleted all of them. Now, after 12 hours, I don't notice anything wrong or bad stuff. My Facebook account is not sending any spam or virus message. My PC works just as before.

    But I still don't know if I am in danger or not? I really thinking about doing a System Restore. Is it necessary anyway? Do you think after the System Restore I will be totally safe from this virus? Please share what do you think.

    • May 9, 2014 at 7:29 PM by an anonymous user from: London, England, United Kingdom

      I only did a ‘System Restore’ in order to clear it. If you click on messages and find that the virus doesn’t replicate itself to anyone within your friends list, you can then ‘assume’ that it has been removed from your PC.

      • May 10, 2014 at 6:45 PM by an anonymous user from: Gatineau, Quebec, Canada

        Actually it's not removed from pc 'cause I've had the same and it started to send messages to my friends after - 2 weeks...

        • May 13, 2014 at 7:01 AM by an anonymous user from: Gyor, Gyor-Moson-Sopron, Hungary

          So now what should I do? I did a system restore and the virus send messages after that? How can it do this?

    • May 9, 2014 at 6:19 AM by info

      You have done all that is necessary to protect your Facebook and email accounts, except deleting all Facebook applications from your account. <a href="/article/2013/1/7/easily-delete-or-remove-facebook-applications/">Click here for instructions</a>.

      There maybe a malicious Facebook application in your account posting messages to your friends with links to a virus or other malicious websites.

  • May 8, 2014 at 11:02 PM by an anonymous user from: Jackson, Mississippi, United States

    I got this message a week ago, and I thought I was fine until today when all of a sudden my friends got this message from me when I have not used my facebook all day. I am doing a full scan now. I warned my friend. please keep us posted if there is a permanent way to stop this virus.

  • May 8, 2014 at 4:55 PM by an anonymous user from: Raleigh, North Carolina, United States

    They have changed from 'IMG' to 'Portrait', but still a zip file.

  • May 8, 2014 at 1:58 PM by an anonymous user from: Shepherdsville, Kentucky, United States

    What happens if I opened this through my samsung galaxy s3 I've deleted the download. Is my phone at risk?

    • May 8, 2014 at 2:31 PM by info

      Yes, because the attachment is a JAVA (.jar) file, and Java is installed on almost every device. So, please do not attempt to open the file on your mobile device.

      • May 8, 2014 at 2:50 PM by an anonymous user from: Shepherdsville, Kentucky, United States

        I had already opened it. How can I clean my phone?

        • May 8, 2014 at 5:29 PM by info

          How do you know that it infected your phone? But, if you are not sure, <a href="/article/2013/6/6/free-antivirus-software/">click here</a> to download a free anti-virus software for your phone.

          • May 8, 2014 at 6:04 PM by an anonymous user from: Cincinnati, Ohio, United States

            I am not sure if it did or not, but I did click to download what I thought was going to be a picture. That's why I asked. But how would I know if it did infect it?

            • May 8, 2014 at 6:09 PM by info

              It will be hard to tell, unless your phone started behaving strangely. Download a free antivirus from the link I gave you in the comment above, and use it scan your mobile device.

  • May 8, 2014 at 1:57 PM by an anonymous user from: Sandvika, Akershus, Norway

    I just received this file, and managed to click on it, which of course launched the virus onto my computer. I logged out from fb with the computer in question, and changed my fb password. Avira nor avast can find the virus on my computer, and I was hoping someone could help me fix this problem.

    • May 11, 2014 at 12:43 PM by an anonymous user from: Reykjavik, Capital Region, Iceland

      Use Malwarebytes and <a href="/article/2013/1/13/adwcleaner-delete-adware-toolbars-potentially-unwanted-programs-browser-hijackers/">Adwcleaner</a>

  • May 7, 2014 at 11:49 AM by an anonymous user from: London, England, United Kingdom

    I also fell for it even though I had already been aware of it, just one of theses memory lapses; anyway, I did nothing more than a ‘System Restore’ and gone within 5mins of being infected with it.

    • May 8, 2014 at 4:20 AM by an anonymous user from: London, England, United Kingdom

      The virus only triggers itself when you click on Facebook > Messages and will start replicating itself with everyone within your friends list, once that starts to happen, click out of facebook and that will bring its replication to a halt.

      Once it has been removed by my method or by antimalware, warn everyone within your friends list that it replicates itself too.

  • May 7, 2014 at 7:45 AM by an anonymous user from: Riga, Latvia

    I wasn't thinking and extracted the zip, but thankfully I didn't click on the .jar so I guess I'm ok.

    Would trying to open the .jar hurt my pc if don't have Java installed?

    • May 7, 2014 at 9:03 AM by info

      It won't harm your PC, because the .jar file requires JAVA to run. But, be careful because JAVA (JRE) comes pre-installed on most computers.

  • May 6, 2014 at 5:27 PM by an anonymous user from: Belgrade, Centralna Srbija, Serbia

    I received such message, but I didn't open the file, I just opened the message in order to delete it. However, I got infected and started sending it to all my friends. I didn't know what to do so I deactivated my account. Will the virus still be there when I activate it?

    • May 6, 2014 at 7:04 PM by info

      Opening the email message will not infect your computer. The attachment must be opened for the virus to infected your computer. But, it seems something else is doing the sending.

      Follow the instructions that I have listed in the "Try This" comment that I have made below.

  • May 6, 2014 at 10:51 AM by an anonymous user from: Kavadarci, Macedonia

    This is so annoying.

    All my friends are informed about this virus, which is sending from my facebook account, and I did everything that is suggested in this video but still.. nothing. How can I stop these messages?

    • May 6, 2014 at 11:24 AM by info

      Try this: <ul><li>do a full scan of your computer with the anti-virus software on it</li><li>change your Facebook password</li><li>delete all Facebook applications from your account; <a href="/article/2013/1/7/easily-delete-or-remove-facebook-applications/" target="_blank">click here for instructions</a></li><li>use AdwCleaner to delete all unwanted programs from your computer; <a href="/article/2013/1/13/adwcleaner-delete-adware-toolbars-potentially-unwanted-programs-browser-hijackers/" target="_blank">click here for instructions</a></li></ul>

  • April 28, 2014 at 12:00 AM by an anonymous user from: Vancouver, British Columbia, Canada

    I opened the file and there were pictures in the file...would the pictures be of the person who sent the file?...it was a virus and I had to get a tech to remove it.

  • April 27, 2014 at 5:47 AM by an anonymous user from: Melbourne, Victoria, Australia

    My friend was hit by it, it also disguises itself by saying "Hey, did you take these photos?" followed by a .rar named "[YOUR NAME HERE].rar" with your name here replaced with your own name (so for example, John Smith.rar) Got lucky and twigged before anything could be downloaded onto my computer.

  • April 27, 2014 at 4:38 AM by an anonymous user from: Ballarat, Victoria, Australia

    I've changed my password AND used an antivirus to scan through my computer and it's still sending.. Help?

    • April 27, 2014 at 8:37 AM by info

      If you are still receiving the email message, it doesn't mean that your computer is infected.

  • April 26, 2014 at 11:53 AM by an anonymous user from: Lisbon, Portugal

    The name of the file can change also.

    just now appeared a file DSCN00845.zip also with the "lol" in the begining.

    there was also a message that i received that i dont remember now that was in brasilian, that instead of the "lol" expression.

    This usually happens when people enter in some websites that tell u to put some scripts in order to catch people's passwords (in this case the malaware could have been a very bad virus that damages computers, instead of the malaware, because people don't have the right to enter other people's accounts).

    Also websites that tell u to download some software so u can view some video can possibly be a problem.

  • March 26, 2014 at 8:56 PM by an anonymous user from: Lexington, Virginia, United States

    I unfortunately fell for this, but it was a relatively easy fix. The name of the file in the message is actually the viral file name, I just found it in my computer, deleted it then deleted it from recycling, ran a scan and was good to go. I would also recommend changing passwords, etc.

    • May 8, 2014 at 2:02 PM by an anonymous user from: Brussels, Belgium

      I ran a adwcleaner scan, and clean, resetted pc, changed password on facebook, scanned with antivirus, and manually searched for this file and could not find a thing, hoping I got lucky, but does this virus actually do damage?

      • May 8, 2014 at 2:33 PM by info

        The main thing it does is to compromise your Facebook account. But, it may be able to download other dangerous virus or Trojan horse.

    • April 2, 2014 at 2:40 AM by an anonymous user from: Kolbotn, Akershus, Norway

      Fell for it too, but couldn't delete the file.. now I can't even find it.

      • May 6, 2014 at 5:06 PM by an anonymous user from: Skopje, Karpoš, Macedonia

        Just found it, renamed it and deleted it. Try

    • April 1, 2014 at 11:13 AM by an anonymous user from: Bolzano, Trentino-Alto Adige, Italy

      Hello,

      I fell for this too. But I am not able to find that file. Can you help me please. I found something like AAAAA when I opened MSCONFIG but I am not able to delete it.

Comments Show More Comments (36)

Write Your Comment, Question, Answer, or Review

Malicious Facebook Virus or Malware Chat Messages