The Gramblr Virus: What It Is and How to Remove It

If you used Gramblr to upload photos to Instagram, you're at risk

A conceptual illustration of the Gramblr Virus.

 Lifewire / Theresa Chiechi

Posting videos and images to Instagram can be time-consuming. When apps like Gramblr claim to help speed up and simplify the process, it's tempting to install and use them. Thousands of unlucky Instagram users, however, discovered the hard way that the program was actually a computer virus that hijacked their computers.

Gramblr was a third-party app for Windows that let users upload photos and videos to Instagram. It was no longer actively available as of the summer of 2019; the site was not working and Chrome flagged it as an unsecure site, meaning that you should not enter any sensitive information onto the site or download anything from it.

What Is the Gramblr Virus?

While it might have started out as a legitimate program that emulated Instagram's mobile phone software, Gramblr ended up best case as adware, a program that feeds advertising to your computer, often by delivering pop-up ads or by installing a toolbar in your browser.

At worst, there is continuing information that indicates Gramblr is actually a malicious Trojan that can take a variety of secret actions on your computer. While some users claim this program is only being flagged as a simple false positive warning, many antivirus software providers are now actively noting it as malware.

A false positive means that your antivirus software didn't recognize a file so it just classified it as a virus even though it really isn't one. A malicious program like a Trojan, on the other hand, is specifically designed to enter your computer to destroy or take control of your system. Some Trojans can also house spyware, which is designed to steal your personal information and send it to hackers.

How Does the Gramblr Virus Work?

In Gramblr's case, the deception went even deeper than installing annoying adware. Gramblr ran ads at one point billing itself as a way to get unlimited Instagram likes on autopilot. It appears, however, that it was secretly using Gramblr user accounts to fulfill its promises.

Once installed, it began taking a variety of actions in the name of the user's Instagram account. It was able to do this because users of the program allowed Gramblr access to their Instagram login information. For example, it began blocking direct messages, dropping hashtags, adding likes in your name to accounts you didn't authorize, and more.

Gramblr 'Likes' ad

Additional reports indicate that Gramblr gained access to YouTube watch histories as well. It was able to do that via Chrome. Because YouTube is typically already logged into on Chrome browsers, the app used an automated process to sneakily simulate use of YouTube as well as Instagram.

In order to use YouTube viewing information to sell to clients, it had to override YouTube accounts so users wouldn't catch wind of the fact that their accounts were being used. Instead, they only noticed YouTube watch histories were frequently paused and assumed there was a problem with YouTube. Password changes, uninstalling browser extensions, etc. did not remove the real problem: Gramblr.

How Do I Know If I Have This Virus?

You might notice that your Instagram direct messages or hashtags aren't working correctly in Instagram. You might also see an abundance of pop up ads on your computer when you browse the internet, a strange new toolbar on your browser, or problems with your YouTube watch history.

Some reports also indicate that the program planted a root kit that started up with Windows, then refused to close or stay closed. In addition, Gramblr did not show up in the Startup items list when it should have.

Gramblr is an executable file that installs on your computer when you download the program. Gramblr.exe is located in a subfolder of C:\Program Files—mostly C:\Program Files\Gramblr\. You can check your system to see if any of this or other files known to be installed by Gramblr are on your computer:

  • Qt5Core.dll
  • Qt5
  • Uninstall.exe
  • 490-gramblr-installer.exe
  • icudt51.dll
  • icuin51.dll
  • icuuc51.dll
  • libgcc_s_dw2-1.dll
  • libstdc++-6.dll
  • libwinpthread-1.dll (by MingW-W64 Project. All rights reserved) - POSIX WinThreads for Windows
  • Qt5Gui.dll (by Digia Plc and/or its subsidiary(-ies))
  • Qt5Multimedia.dll
  • Qt5MultimediaWidgets.dll
  • Qt5Network.dll
  • Qt5OpenGL.dll
  • Qt5PrintSupport.dll
  • Qt5Qml.dll
  • Qt5Quick.dll
  • Qt5Sensors.dll
  • Qt5Sql.dll
  • Qt5V8.dll
  • Qt5WebKit.dll
  • Qt5WebKitWidgets.dll
  • Qt5Widgets.dll

The files list shown here is subject to change. Any virus can and will update known file names to avoid detection.

How Did I Get This Virus?

You contracted this virus when you downloaded Gramblr onto your computer. While it might have been a legitimate program at one time, updates to it caused it to turn malicious.

How Do I Get Rid of the Gramblr Virus?

The easiest and most effective way to remove suspicious software on a computer or smartphone is to install a strong antivirus software program that can find and tackle all kinds of threats. A good antivirus can remove the Gramblr virus although it can take several hours to do so. There are other options to try as well if you don't feel your antivirus program is resolving the problem.

  1. It might be possible to manually remove the Gramblr virus by uninstalling specific apps or files related to it. Both Windows and macOS have clear ways to uninstall apps you no longer want to use.

    However, this virus can sometimes attach itself to core files on your computer, which means this approach should be handled carefully and checked multiple times. Once the suspected program is removed, run your antivirus software again to see if the warning still appears.

    This step is not always easy to perform since you might not know exactly which file triggered the warning. Malware like Gramblr can infect multiple programs, too, so the removal of a single program might not eliminate the problem.

    If your antivirus shows any threats still remain, believe it even if you see reports online that the threat is a false positive.

  2. If you're still receiving the detection warning from your antivirus software, you might have a persistent malware infection. This means Gramblr or another virus on your computer will keep coming back over and over again. To handle that, you can try removing the virus without using an antivirus application. Most of the time, however, both antivirus and a malware removal tool will be needed to remove these types of infections.

  3. If all these steps are failing, it might be time to try System Restore to return to an earlier point on your computer before you installed Gramblr. Be sure to select a period of time where you know you definitely didn't already have the program on your computer. 

    Performing this step means you will lose any files and documents you have created or updated since you acquired the virus. However, if nothing else is working, this could be your only remaining choice.

  4. If you're having trouble with your YouTube watch history after removing Gramblr, there are a couple of things you can try. First, you can unsubscribe from any channels Gramblr might have subscribed you to. Next, you can try clearing your entire watch history to clean it up and start from scratch. If that doesn't work, you'll need to delete your YouTube account and get a fresh start with a new one with a new username and password.

How Can I Avoid Getting This Virus Again?

When downloading programs to use with Instagram, only use those from Instagram's Authorized Application list. In addition, it's a good idea to follow these computer virus protection tips to lower your chances of being re-infected with Gramblr virus.

Plus, you should always keep your antivirus software and malware protection up-to-date. New viruses pop-up all the time and antivirus software providers continually release new virus definitions regularly. Only current protection can keep your PC informed on what to watch for viruses or other threats like the Gramblr virus that are released by hackers.

Watch for sneaky apps called PUPs, too, that can accompany legitimate downloads. These can be useful in some ways but, more often, are not wanted. You should able to opt out of them with a selection in your antivirus software.