The Facebook Hahaha or Lol virus has been spreading since May 2014, sometimes accompanied by a bitcoin miner. It sometimes uses Facebook Chat and sends its victims a message such as “Lol,” “hahah,” “I want to post these pictures on your Facebook, do you think it’s ok?” and includes a URL for the photos in question on a zip drive. According to the antivirus laboratory experts Bitfender, this virus also encrypts part of its code with Bible verses to make it as hard as possible for antivirus programs to detect it.
If your computer is infected, certain anti-virus programs such as Malwarebytes AntiMalware, available on the Downloads page, recognize the virus and should get rid of it for you if your computer is infected.
| Antivirus | Resultat | Mise à jour |
|---|---|---|
| AVG | Inject2.VMC | 20140512 |
| Ad-Aware | Gen:Variant.Zusy.85089 | 20140512 |
| AntiVir | TR/Lecpetex.A.11 | 20140512 |
| Avast | Win32:Malware-gen | 20140512 |
| Baidu-International | Trojan.Win32.Inject.Aw | 20140511 |
| BitDefender | Gen:Variant.Zusy.85089 | 20140512 |
| CAT-QuickHeal | Trojan.Lecpetex.r3 | 20140512 |
| ESET-NOD32 | a variant of Win32/Injector.AZFL | 20140511 |
| Emsisoft | Gen:Variant.Zusy.85089 (B) | 20140512 |
| F-Secure | Trojan:W32/Lecpetex.A | 20140511 |
| Fortinet | W32/Injector.AZFL!tr | 20140512 |
| GData | Gen:Variant.Zusy.85089 | 20140512 |
| Ikarus | Trojan.Win32.Lecpetex | 20140512 |
| K7AntiVirus | Trojan ( 004967081 ) | 20140509 |
| K7GW | Trojan ( 004967081 ) | 20140509 |
| Kaspersky | Trojan.Win32.Inject.jmcy | 20140512 |
| Kingsoft | Win32.Troj.Generic.a.(kcloud) | 20140512 |
| Malwarebytes | Trojan.Agent | 20140512 |
| McAfee | RDN/Generic.dx!czd | 20140512 |
| McAfee-GW-Edition | RDN/Generic.dx!czd | 20140511 |
| MicroWorld-eScan | Gen:Variant.Zusy.85089 | 20140512 |
| Microsoft | Trojan:Win32/Lecpetex.A | 20140512 |
| Norman | Troj_Generic.SXCYF | 20140511 |
| Panda | Generic Malware | 20140511 |
| Qihoo-360 | Win32/Trojan.629 | 20140512 |
| Rising | PE:Trojan.Win32.Generic.16A34D2A!379800874 | 20140507 |
| Sophos | Troj/Agent-AGHS | 20140512 |
| Symantec | Trojan.Gen.2 | 20140512 |
| TrendMicro | TROJ_LECPETEX.B | 20140512 |
| TrendMicro-HouseCall | TROJ_LECPETEX.B | 20140512 |
| VBA32 | Trojan.Inject | 20140510 |
| VIPRE | Trojan.Win32.Generic!BT | 20140512 |
Once the malware program has been installed and launched on its victim’s machine, it creates a folder with a random name that ends in .exe and spreads to Facebook as well as Yahoo using your contact list. Certain varieties of this virus also install a bitcoin miner, which will increase the load on your processor and also slow down your machine.
How can you stay safe? It’s easy: don’t click on the attachment that you’ve been sent.
We recommend that users to keep their antivirus programs and software up-to-date and alert your contacts if you see anything odd happening on your account. Also be careful to change your Facebook password right away if this virus has infected your computer.
View full solution