HOWTO: Remove From Your Infected Twitter Profile (UPDATED)

The issue on Twitter has now been rectified but please read and take the steps below if you are infected. For tips on how you can protect yourself in the future from these exploits, go here. For help on removing the Mikeyy worm, go here.
Twitter was hit hard today by StalkDaily, a cross-site scripting (XSS) exploit that will make you auto-tweet recommendations to the site all day long. It did it four times for me before I noticed.

You can get infected by visiting (don’t do it), as well as by opening the user profiles of other infected accounts within Twitter. Twitter is seriously infected with it. To check if you are, visit and enter your username and the word as a search query, i.e.
This will let you see if you have sent out any tweets without you realising.

Removing StalkDaily From Your Twitter Profile

  1. In your browser, clear your cache and empty all of your cookies. (This can be found in your settings.)
  2. Log out of TweetDeck or any external applications you are using.
  3. Check the URL and location areas of your profile (in Settings/Account on for evidence of any malicious scripts. It’ll be obvious – something you haven’t added to these areas yourself. If you find anything, remove it. (Note: there was nothing in my profile, but I was still hit. Taking the rest of these steps still fixed the issue.)
  4. On, change your password.
  5. Log back in. It should be okay. If so, log back into TweetDeck et al.
  6. Go back and delete any tweets sent by you recommending StalkDaily. This is important.
  7. Report @stalkdaily in a tweet to Twitter’s @spam account as follows: @spam @stalkdaily

DO NOT visit Do not visit the profiles of users who are clearly infected.
If you later find yourself locked out of your Twitter account, this is a protective measure on Twitter’s part. You will need to reset your password on Twitter to log back in.
Please re-tweet this on Twitter using the button at the beginning of this post.