Beware Of A Virus Spread Via Facebook

Posted on by

Image by Jofelly

This morning I’ve received a notification email from Facebook, notifying me that my friend Asaf left me a new message on my wall. This seemed to be OK until I read the message:

“hello Arik, hehe.. you could be tht naughty i didnt knw..really hard to see tht from my eyes lol :-)

have a luk urself…

http://www.google.com.id.ewv1g6d2.ij4s0h.2b99df1a.cn/gallery.php?id=dd83hikzt&auth=9490559&cyua=iy2qpfpelm

(click open or run when prompted)

The contents of the message was suspiciously similar to the Messenger virus messages. Another look at the URL gave out the fact that this is not a Google url, but a phishing site. Because I use Ubuntu at the moment, I wasn’t concerned too much of being hit by a virus, so I followed the link. The link goes to a download page of Picture_dl.exe, which I guess is some sort of a virus/worm.

I couldn’t find this message on my wall, so either Facebook removed it already or the email didn’t come from them. Either way, I’ve notified their support about that, and I hope they will act accordingly.

Bottom line – beware of viruses being spread via Facebook/look like Facebook notifications, and don’t click on every link

Arik


  • http://www.animepodcast.org Luis

    Woah, I just did a google search and you’re the only result for this virus. I really hope facebook clears this up quickly.

  • Sara

    I found your blog after searching on Google and I just want to say thanks for the heads up! I just received the same wall post. I was going to delete it anyways, but at least now I can give my friends warnings and link them to your blog post (if that’s all right with you.) I hope your computer didn’t get infected.

  • http://nope weyyau

    yea i get that today too
    i bet its some sort of malware/virus/trojan
    don’t download it

  • http://www.arikfr.com/ Arik

    Glad I could help. Hope you didn’t get infected either.

  • Graham

    I didn’t save it to my computer, just “ran” it (thinking that if it was a virus my blocker would catch it). Needless to say that I’m getting “runtime error” messages left right and center as I write this. For those of you wondering how to get your computer back, I keep pressing “end task” in the Windows Task Manager while running a virus scan (which is still running right now). It frees things up for about 30 seconds, and then you have to repeat the “end task” process.

    My gut told me something was wrong when my friend (who has impeccable spelling) used “luk it”. I figured I’d take a look anyway, relying on my virus blocker. Big mistake.

  • http://www.arikfr.com/ Arik

    @Graham – never trust you antivirus with new viruses. Most of the times it takes them time until they can identify the virus.

    I hope that you will manage to remove it from your computer.

  • jane smith

    I agree, i got this too and it won’t open. thank god i have a mac. My question is, why kind of friends would try and give you a virus? it makes me rethink the entire facebook thing.

  • Pingback: Sup Kids? Luk Here! LOL facebook virus « The Teapot Army

  • Graham

    Yeah, I thought it might be spam or something relatively harmless. Like you said, my virus scanner missed it completely. Looks like it’s system recovery time.

  • jon

    What is the process which needs to be ended each time?

    Can I boot into safe mode and remove it?

    Does anyone know the names of the files / registry settings which must be removed?

    Thanks a lot,
    Jon

  • http://tightjeanes.blogspot.com Ian

    Ha. Thankfully my friends know that if they were to use such language on my wall a) they would be deleted and b) removed as a friend. haha I exaggerate but I would certainly not be clicking on anything recommended by a friend who utilises such spelling. Haha.

    Cruel but maybe this has saved me.

    :)

  • jon

    The link was made up of this:

    google com id e5euxpjl khnosr 2b99dfla cn gallery php
    google com id ewv1g6d2 ij4s0h 2b99df1a.cn

    I have written them here so that they get indexed again.

  • http://www.arikfr.com/ Arik
  • Tony

    I got a message from a friend telling me to look at this funny image, and the file ran, shutting my PC down and now i just get a blank screen! Any ideas how to get rid of the virus from my PC?

  • sarah

    my facebook got hacked and it sent that message shown above about google wat should i do?

  • Tim H

    I found the location of the virus (Start->run->msconfig) it will tell you the location of the file but its not there. Its new, so nothing knows what it is (yet). I built my own computer so I have my operating system and programs on one fast hard drive, and all my data (pics, movies, music, ect) on a much bigger hard drive. I formatted the hard drive, reloaded my operating system/drivers/programs and it got rid of it. I will admit that this is not the best way, but I build computers and its not a big deal for me…just time consuming.

    Eh, for people who really dont know much about computers…not sure what to say. Maybe try a system recovery (tho that didnt work for me) or I can build you a good, reliable, comptuer for $500-$2000+ lol

  • Tim H

    Crap ok so I forgot to mention that you have to find the program in the Task Manager (Ctrl+Atl+Dlt). For me the program ran as nscij**32.exe or something like that

  • that girl

    i got a wall post with a different text: something like
    Hey NAME is this you?

    and opened it thinking that it actually could have been me as i am on youtube & she was someone from my future college…

    i haven’t had any problems with my computer and this was like over an hour ago….was your problems instantanious?? is my computer okay??+

  • http://www.arikfr.com/ Arik

    Sarah – just delete it and don’t click on any of the links.

    that girl – maybe you’ve just lucky :-)

  • john

    anyone know how harmful this is or an easy way to get rid of it?

  • Casey

    Yeah i’ve got this virus, its really embarrassing infecting friends computers unintentionally!!!! Because even though i didnt put the post there, i’m getting emails and posts saying ‘you gave me a virus!!’

    If anyone knows how to remove it……PLEASE HELP

  • mark

    todah. already got into my facebook account and automatically posted on a few people’s walls. is that aboutthe extent of it, do yout hink?

  • klint

    i send ppl that msg but i dont know how does that mean i have the virus?

  • Josh

    I got that Sunday morning at 2:42 AM, this is what mine said:

    “hey Josh, lol i cant believe is that you? :D

    have a luk urself…
    http://www.google.com.id.4i5a2i6d.uaozxo.a1bd53f1.cn/gallery.php?id=jeo2vuwhi&auth=0116674&cyua=8h4fhli0xv
    (click open or run when prompted)”

    It’s basically the same thing with a different web address. I was curious, and like a moron clicked the link. It took me to a google page load error. I never downloaded or ran anything. I supposed they spelled the URL wrong? I’m hoping I’m one of the lucky ones. I’ve done a little more research and apparently there is a variant that downloads the virus when you click the link, but it was a very different URL. Should I be worried?

  • Kelly

    I just got the same message on facebook it said;

    “hey Kelly, lol i cant believe is that you? :D have a luk urself…
    Lucky enough I decided to look it up on google and did not open it!!
    Hope you all get your computers sorted :-)
    lU
    lU

    l

  • Marie

    Damn it. Virus-designers sure know how to attract us via our egos!
    I clicked the link v v stupidly as well (though alarm bells were ringing in my mind) and downloaded the thing… I ran it through my anti-virus, which found nothing, and decided to check it out. Almost as soon, I ended the task, deleted the file and removed it from my waste basket. I googled the file name and found a facebook thread discussing how to remove it. I searched both in and out of safe mode the name “splm” (incl hidden files) and found nothing. So far my computer seems ok. It doesn’t look like I’ve “posted” the virus on anyone’s wall… but am still feeling paranoid (and STUPID) I’ve emailed Norton and posted a warning on my profile…

    anyway, thanks for the heads-up. By now, surely anti-viruses should have it in their database, no?

  • Brady

    I beleive I got this virus. I am attempting to delete it. I have ran anitvirus and it finds nothing. BUt my computer is acting up. I went through safemode etc. I a in ran and want to know if file could be nvsvc32.exe that is the one most like the earlier post. Anyone know before I destroy my computer?

  • LJ

    One of my friends has contracted the full virus and it wont establish an internet connection at all! well only through Msn Messanger – but wont bring any home pages up at all or establish a linked connection does any of you have the file name that this trogen changes??????
    Please help
    LJ

  • masazumi kawauchi
  • http://www.security-wire.com/ Remove Spyware

    I'm always beware of virus.

  • athikitie

    Gonorrhea is a bacterium that is very easy to have sex without a condom. Downloads easily and resists bacteria. If you need to protect from it please visit http://www.treatmentforgonorrhea.com/