Do you watch videos posted or sent to you by your Facebook friends? If you do, you are at risk of having your operating system infected with the clandestine Facebook Worm, also known as the Kilim Facebook Worm. There is no doubt that the malicious worm has been created by cyber criminals, because no reliable party would introduce users to clandestine social engineering scams to infect operating systems with malware. That is exactly how the creators of the Facebook Worm work, and, if you are not careful, you could become their next victim.
It is enough to click on a video link supposedly showing pornographic content to execute the infection. Clicking on a link entitled “Sex photos of teen girls in school – NEW SCANDAL WHL2R,” initiates redirecting to a malicious ow.ly link that further on communicates to what appears to be a corrupted Amazon Web Services page. After this, a connection to a malicious videomasars.healthcare page is made, where information about your device is collected. If you are on a mobile device, you will be routed to ads (e.g., served via mobileaff.mobi) promoting corrupted links, but if you are using a desktop device, redirecting will continue to box.com. Box.com is an online cloud for storing personal files, and it seems that the schemers behind the Kilim Facebook Worm have used it to store malicious files. Whether you are facing corrupted ads or a link to an unfamiliar box.com page, a file will be downloaded onto your device, and this is the file you should not open if you do not want to execute the devious Facebook Worm. If the execution is complete, the link to the fictitious video will be sent to your contacts to spread the infection further.
The infection downloaded onto your computer can be identified as Trojan.Agent.ED. This is a generic detection used by various different antivirus tools to identify unclassified files. Of course, it is unlikely that you will know this unless you download and run a malware scanner. If authentic security software was installed, the execution of Kilim Facebook Worm would have been stopped at the very beginning, and you would not have to raise questions regarding its removal. All in all, if the infection does exist, you need to delete it as soon as possible. Even if have no clue that the infection exists at first, sooner or later you are bound to notice certain things that can only be associated with malware. For example, if you notice that the Target of your Chrome browser shortcut has been modified to automatically open up specific pages or if you cannot open the Extensions manager and remove the undesirable add-ons that the worm can install, it should be obvious that malware does exist.
If you lack experience detecting and removing malware manually, you don’t need to waste your time removing Trojan.Agent.ED and other malicious files (e.g., scvhost.exe) that, for example, could be dropped to the Mozila directory in the AppData folder. Instead of sacrificing your time and efforts to the manual removal of Trojan.Agent.ED and Kilim Facebook Worm, you can leave the task to automatic malware removal software. This is the software you should install to protect you from the attacks of cyber criminals anyways, which is why we strongly recommend installing it ASAP.
N.B. If you run a malware scanner and you are warned to remove Trojan.Agent.ED, it does not necessarily mean that your operating system has been infected with Kilim Facebook Worm. In any way, you have to delete malware and ensure full-time Windows protection.