My Writings. My Thoughts.
my_virtual_c facebook application. Self propagating spam/worm?
// February 23rd, 2010 // 4 Comments » // Malware Related
Being an avid facebook user myself, I was quite interested today to find that one of my friends had supposedly commented on a photo of me.
I logged in, and checked my notifications feed…and sure enough, there was a notification about a photo comment:
Looks legit, doesn’t it?
Checking the address bar revealed something very suspicious however:
I decided to investigate further…why was a seemingly genuine notification from facebook trying to redirect me to bit.ly?
Using a dummy account, I proceeded to click the notification link (I wouldn’t advise anyone else to try this)…and was greeted by a warning screen from bit.ly warning me that the link I was attempting to access was not safe. However, the link it seemed to be labelling as unsafe was one which linked back to facebook (apps.facebook.com/my_virtual_c/allow .htm)- surely it must be safe, no? (in this case it wasn’t)
If you disregard the warning and proceed to click on the link, you are directed to a facebook app called my_virtual_c and a request to allow it access to your profile.
At the time of writing there are 19 reviews, all warning people that it is either a spam application or a virus.
If you allow it access to your profile, it will proceed to redirect you to a site called ironbrain.net and present you with the following screen, informing you that “Oops! This app beguile you. Be careful what you do on Facebook.”
After this, clicking anywhere will redirect you to facebook, where it will very cleverly make your account send a notification about photo comments that you originally got, usually without you noticing:
Coincidentally, you would also be looking at the page for an application called “zoo world”…I am not sure if they are implicated in this.
Now, lets move onto how to remove this malware from your profile and report it to facebook.
First of all, let us reverse the fake notifications it sent using your account.
To do this, navigate to your facebook homepage and click on the notifications icon at the top of the page, and then click on “show all notifications”:
On the new screen, in the right hand part of the screen you will find a section to filter notifications. Untick all the options apart from from “my_virtual_c” and “Sent by me”
Then proceed to click the little “x” next to the fake notifications sent by the application. Choose the option “I didn’t do the action specified in the notification” and click submit:
Another box will come up offering you the option to delete the application. Choose the option “Remove my_virtual_c” and it will be deleted from your profile:
Poof! my_virtual_c is now gone and everything is super again…almost.
This might be a good time to do a grovelling apology to your facebook friends and forward them a link to this blog post if they have been affected too 
- geno said: I have a virus called symsilent and i did a factor...
- Priscilla said: Getting an error (containing virus HEUR:Trojan.Scr...
- Awuff Godfather said: today's date is 16th October, 2011. i just discove...
- ricko said: kaspersky is best antivirus...
- usman said: I found this today in the past few days my pc was ...
- Gerry said: The only way that I could rid of it was to reboot ...
