You are here: Home / Computers / How to remove koobface worm virus from facebook

How to remove koobface worm virus from facebook

December 6, 2008 By dragon Leave a Comment

That's right! Evildoers have found a way to insert malicious scripts into that favorite social networking site Facebook!  This virus also attacks other networking sites like Myspace.

Facebook members have been warned to be very careful with messages seemingly sent by friends. It was first spotted in the summer and to spread it relies on the friend opening the message and clicking on the link within.

This is because the Koobface worm, malware that attempts to infect your PC and turn it into a spam-producing 'bot', has stuck again.

Koobface sends out messages to all of the friends of a Facebook member inviting them to watch a video or something similar.

This takes you to a video player that won't work unless you install an additional component, a message tells you. However, if you click on Install then you'll actually be installing a worm on your PC.

So just to be safe, whenever someone sends you a video that won't play at once and asks to install an app, DON'T!

Koobface is also known as W32/Koobface, W32.Koobface and Boface. Once it gets on a machine, it checks if there are cookies of social networks. If it finds the cookies, it infects victim’s profile. If Koobface worm can’t find evidence of social networking websites, it simply erases itself.

Koobface also loads pop-ups that look like MS Windows error messages. The pop-up contains the following text: “Error installing Codec. Please contact support.” 

 

 

Koobface manual removal:

Kill processes:
fbtre6.exe mstre6.exe
(hit CTRL ALT DEL buttons at the same time to open Windows Task Manager window. Select the two files above, highlight them.  Click End processes button at the lower part of that window)

Delete registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\"systray" = "c:\windows\mstre6.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\"systray" = "C:\Windows\fbtre6.exe"
HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating
(go to start menu, select Run, type REGEDIT to open registry editor window. navigate to the file directories mentioned above to delete)

Delete files:
C:\\Windows\\fbtre6.exe C:\\Windows\\fmark2.dat
(clue: if you don't know how to navigate to these files, you shouldn't be doing the manual removal process)

 

Share and Enjoy:
  • Digg
  • del.icio.us
  • Facebook
  • Google Bookmarks
  • e-mail
  • StumbleUpon
  • Technorati
  • Slashdot

Related Posts You May Wanna Read Too

Filed Under: Computers Tagged With: , ,

About dragon

Speak Your Mind

*