New Facebook Scam Shows You In Leading Role in a YouTube Video

Facebook scams have become usual these days. I recently came across a new Facebook scam which shows a video of “You In the leading role! Shocking Performance!” (title of video) in YouTube, not exactly YouTube, but a cloned YouTube page. It’s a trojan known as Trojan.FakeAV.LVT which spreads through chat messages and is strong enough to infect your Windows Hosts Files. Once infected, you would not be able to login to www.facebook.com but you can login through m.facebook.com A few more unusual things might occur while browsing the web like showing “Account open in 1 other location” in Gmail. There can be some other serious affects too.

How Does it Spread?

This trojan spreads through Facebook Chat. It shows you online and sends a message to one of your friend. If it’s just a link, you can easily understand that it’s a spam. So it sends you a “Hi” first and waits for you reply. Irrespective of what you reply, it sends you a link shortened using tinyurl.com, which works when clicked once. If you reply to the message which contains the link, it would say “I’ll be back”. Check the screenshot below to see it in action!

Facebook Chat

That’s how I got the link, I just opened it and I could see “[My Name] is in the leading role. Shocking Performance!” in a page similar to YouTube and comments from my Facebook friends below the video. This page would make you believe that its not fake. But I suggest you to search for a video with this title in YouTube or check the URL of the page before you proceed.Leaeding Role Youtube Page

[Click to see Full Size Image]


The video is unavailable and it asks you to upgrade your Adobe Flash Player with a link to let you Download it from Adobe. Clicking on that link prompts you to download an executable file which is the Trojan.

How Does it Infect Your PC

After you download the Trojan, you will be asked to reboot your system. When you reboot your system, your current anti virus is uninstalled is replaced with a fake anti virus program. This trojan is capable of replicating any other anti virus or online security software. Well, that got me tricking ;) To know how dangerous it is, check out the technical details below from Virusnote.

Technical Details of Trojan.FakeAV.LVT

This trojan disables all security related applications and downloads several file from the Internet which are stored in the following locations:

%temp%%variable%.exe
%windir%sysdriver32.exe
%windir%sysdriver32_.exe
%windir%Temp%variable%.exe

The trojan acquires data and commands from a remote computer or the Internet. I could sense it as I got a message on my phone from Facebook which said “Your account was accessed from an unknown location but since you have login notifications enabled your account was not accessible”. Thanks to the login notifications I had enabled on Facebook. I suspected use of a keylogger software which runs in background and hence rang up a friend asking him to change my passwords.

How To Recover From This Trojan

If you are already infected with this virus and landed up here luckily, you can execute the following steps and check if your system is back to normal.

  • Reset Windows Host Files
  • If the above step does not work out, delete the following files which are created by the Trojan:
    %windir%update.1svchost.exe
    %windir%services32.exe
    %temp%%variable1%.bat
    %temp%%variable2%.bat
    %windir%proc_list1.log
    %windir%update.tray-%number1%-%number2%svchost.exe
    %windir%winlog-dirs.txt
    %windir%winlog-ids.txt
    %windir%front_ip_list.txt
    (Here %windir% refers to the location where you have installed Windows, for example: C:Windows)
  • The Trojan also modifies various Registry values, in that case you can download a suitable Registry Cleaner which can easily be found by Googling.
  • If nothing works out, you need to shut down your computer and boot from an anti-virus recovery cd. All anti-virus packages let you create a bootable disk which can be used when your system is completely infected and becomes useless.
  • I also recommend installing Malwarebytes on your PC.

I really wonder where do these trojans originate from and why are they being spread? Any idea? I wish Facebook takes some action to curb these scams. Also share your experiences in comments if you have encountered this :)

If you wish to stay updated with such scams, you can subscribe to BlogoTech or connect with us on Facebook.

  • http://www.geeksyrup.com Sidhant Chadha

    It has become a usual activity to come across such scam links on Facebook. God save the people!

  • http://www.realtimetricks.com Irfan@realtimetricks

    Facebook is becoming a great source to outcome all these bad creativity. Only if you are already aware to such bad creativity you can save yourself otherwise getting infected can be easily happens.

  • http://www.trafficgenerationcafe.com/ Ana @ Increase Web Traffic

    I saw something like this, but simply ignored it. We have to be vigilant all the time!

  • http://techdraginfo.blogspot.com/ shenoyjoseph

    thanks for informing us to know more about this kind of facebook scams :)

  • http://dailyblogtools.com sai@dailyblogtools

    thank you for inform about this.this type of scams are very high in fb.nice share :)

  • http://www.creditdonkey.com/ Reese

    I never go online on facebook. The people who chat me up never have anything important to say, I figured if it is really really important they’d send a private message. Most people just post on my wall anyway. I never thought it could be this dangerous. Thanks goodness I have always just ignored all those weird spams on facebook. And thank you for posting this.

  • http://stainedglasstutorials.com Samuel Joshua

    Hey Lalit,
    I really admire and appreciate your this firm and well fabricated step to aware about this devil Trojan.FakeAV.LVT.I am in a shock to see its functions,this Trojan is extremely dangerous.Thank God i am still safe with it,and now i know how to judge it just because of your help Lalit.Facebook is number one social networking site,and people trust them and they have blind faith on Facebook.I think that this is a reason why Scammers are using Facebook for spreading this threat.I hope that Facebook authority will look after this matter very soon.

    Thank you Lalit for sharing such a great,valuable,considerable,important and awaking content with us.

    Good Luck and God Bless!!
    With Regards!
    Samuel Joshua

    • http://www.blogotechblog.com Lalit Indoria

      Thanks for your kind words Samuel :)

  • http://www.afflicks.com Free Games for N8

    Thanks for this post. It made me informed about this kind of bad activity on Facebook.