“Is that you?” messages in Facebook – what are they?

"Is that you?" messages in Facebook - what are they?
"Is that you?" messages, Facebook virus
Written by Wilbur Woodham

While hanging out on Facebook, you may notice a message from your friend, stating something like “its you?” or “Is that you?” and having a video link attached. The video link looks like a familiar link on Youtube, however, it doesn’t. Sometimes, a user may see that he/she has sent such a message from his/her accounts to friends. Read this article to know why it is not recommended to click on these messages, and what to do if you already have.

What are “Is that you?” messages on Facebook?

Such messages on Facebook from your friends is definitely a sign that they are not controlling their accounts. The way to obtain the credentials from their accounts may be different – through social engineering1, with the use of brute force, or malware injection. Cybercriminals who got these credentials use the hijacked accounts to spread more malware. The “Is that you?” messages is the example of spamming by these punks.

Is that you? messages

As I have mentioned, this message consists of the text – usually something like “its you?”, “is that you?”, “it looks like you”, “Hey %your_name%! Is that video yours?” or even “I can’t believe it is you”. Of course, there is not a full list of possible text variants, since cybercriminals control these accounts personally and can easily come up with something original. Sometimes, there are also several smiley faces in these messages. In this way, cyber burglars try to endear you and do not raise suspicion.

The videos in such messages contain a link. If you’d try to open it as usual, with clicking on it, your browser will open an unknown page, where you will spectate the downloading of something unknown. Usually, such distribution ways are common for adware or malicious browser plugins. But you can never predict which thing you are downloading.

What can I do if my friends received the “Is that you?” message from my account?

This situation usually means that you have been infected with a virus that stole your credentials. Another way of losing your credentials is phishing. Last may be performed in many ways – fake online support pages, email spamming, man-in-the-middle attacks, and different other methods. After the successful phishing, the chance of account restoration is quite low, since it happens selectively and targets precisely on your account. Hence, the chance that cybercriminals will change your password is very high.

Social engineering scheme

Social engineering scheme

Virus origins of account hijacking give much more chances to get your account back. Since such attacks are massive, cybercriminals have no time (and no need) to change the password for each account. After removing a virus, you will be able to get your account back under control with a simple changing of the password. Malware distributors who have your current password will not be able to do anything if their virus is deleted.

How to remove the viruses from my PC?

The removal of spyware, which is commonly used for password stealing, is a very hard process. That virus changes a lot of system settings, as well as edits the registry. Manual reverting of all these changes may take hours and can lead to system malfunctioning if something goes wrong. Hence, anti-malware software is the only suitable solution. I’d recommend GridinSoft Anti-Malware for that case2.

But the malware removal process is not a single step. If you have clicked on one of the videos from the hijacked accounts, your PC, and, in particular, the web browser is corrupted. To make it as new, you need to reset it to default settings. I will show you how to do it manually and with the use of GridinSoft Anti-Malware.

Removing the Facebook virus with GridinSoft Anti-Malware

  • Download and install GridinSoft Anti-Malware. After the installation, you will be offered to perform the Standard Scan. Approve this action.
  • Gridinsoft Anti-Malware during the scan process

  • Standard scan checks the logical disk where the system files are stored, together with the files of programs you have already installed. The scan lasts up to 6 minutes.
  • GridinSoft Anti-Malware scan results

  • When the scan is over, you may choose the action for each detected virus. For all files of Ytmp3.cc malware the default option is “Delete”. Press “Apply” to finish the malware removal.
  • GridinSoft Anti-Malware - After Cleaning

Now, when the computer is clean of viruses, we can proceed to the browser reset. You can do this step manually, as well as with the use of GridinSoft Anti-Malware.

Reset browser settings to default

Manual method of browser reset

To reset Edge, do the following steps :
  1. Open “Settings and more” tab in upper right corner, then find here “Settings” button. In the appeared menu, choose “Reset settings” option :
  2. Reseting the Edge browser

  3. After picking the Reset Settings option, you will see the following menu, stating about the settings which will be reverted to original :
For Mozilla Firefox, do the next actions :
  1. Open Menu tab (three strips in upper right corner) and click the “Help” button. In the appeared menu choose “troubleshooting information” :
  2. The first step to revert Mozilla Firefox

  3. In the next screen, find the “Refresh Firefox” option :
  4. The second step of Firefox restoration
    After choosing this option, you will see the next message :
    The last step for Firefox
If you use Google Chrome
  1. Open Settings tab, find the “Advanced” button. In the extended tab choose the “Reset and clean up” button :
  2. In the appeared list, click on the “Restore settings to their original defaults” :
  3. Finally, you will see the window, where you can see all the settings which will be reset to default :
Opera can be reset in the next way
  1. Open Settings menu by pressing the gear icon in the toolbar (left side of the browser window), then click “Advanced” option, and choose “Browser” button in the drop-down list. Scroll down, to the bottom of the settings menu. Find there “Restore settings to their original defaults” option :

  2. After clicking the “Restore settings…” button, you will see the window, where all settings, which will be reset, are shown :

Reset your browser settings with GridinSoft Anti-Malware

To reset your browser with GridinSoft Anti-Malware, open the Tools tab, and click the “Reset browser settings” button.

Tools tab in GridinSoft Anti-Malware

You can see the list of the options for each browser. By default, they are set up in a manner that fits the majority of users. Press the “Reset” button (lower right corner). In a minute your browser will be as good as new.

Reset Browser Settings tab in GridinSoft Anti-Malware

The browser reset is recommended to perform through the antivirus tool by GridinSoft because last is also able to reset the HOSTS file without any additional commands.

I hope this post was useful for you, and you have dealt with the problem. Share it with your friends, especially ones who have sent you a “Is that you?” message.
— Wilbur Woodham.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

References

  1. Article about social engineering on Wikipedia.
  2. Reasons why I recommend GridinSoft Anti-Malware for malware removal.
"Is that you?" messages in Facebook - what are they?
Article
"Is that you?" messages in Facebook - what are they?
Description
"Is that you?" messages in Facebook may be spectated when your friends' accounts are hacked. The malware is distributed through the videos attached to these messages. Sometimes, you can see these messages from your own account. Such a situation usually means that you have a virus on your PC. Scan it with GridinSoft Anti-Malware and wipe out the malware.
Author
Copyright
HowToFix.Guide
 

About the author

Wilbur Woodham

I was a technical writer from early in my career, and consider IT Security one of my foundational skills. I’m sharing my experience here, and I hope you find it useful.

Leave a Reply

Sending

This site uses Akismet to reduce spam. Learn how your comment data is processed.