Koobface Worm on Twitter and Facebook – Protection & Removal Tips

Koobface is a computer worm popular among the social network sites like Facebook, Twitter, MySpace, hi5, Bebo and Friendster. Koobface is an anagram of Facebook (koob -> book). Te worm targets users and gather sensitive information such as credit card numbers from the victims. The Koobface worm has been around for the last one year.

Koobface malware spreads by delivering Facebook messages to people that are ‘friends’ of someone on Facebook whose computer has already been infected. The messages contain subject headers such as “Paris Hilton Tosses Dwarf On The Street“, “LOL“, “My friend catched [sic] you on hidden cam“, and “My Home Video“.

The message directs the recipients to a third-party website unaffiliated with Facebook and prompt the recipients to download what is purported to be an update of the Adobe Flash player. The websites promote video codec which is actually the Koobface worm. Those sources might also install the worm without notifying visitors. If they download and execute the file, they will infect their computer with Koobface. Koobface then directs users to contaminated websites when they attempt to access search engines like Google, Yahoo, and Bing.

The Windows operating system is currently the only operating system affected by these worms. Koobface is also known as W32/Koobface, W32/Koobface.AZ, W32.Koobface and Boface. Koobface gets on a machine and checks if there are cookies of social networking websites. If found, the worm infects victim’s profile. If no cookie found, it simply erases itself from the computer.

[advt]

Koobface also loads pop-ups that look like MS Windows error messages. The pop-up contains the following text: “Error installing Codec. Please contact support.

The Koobface worm targets Twitter users by spreading through links looking like Youtube Video Urls. When users click on that url, Koobface activates. Whenever this person logs on Twitter again, Koobface automatically comes out from its link and starts scrabling.

As of now Twitter is suspending some of the user’s accounts temporarily which are involved in spreading Koobface virus. With the help of security experts, Twitter expects to come up with a solution to fix this soon.

DO NOT CLICK ON SUSPICIOUS LINKS. Save your private information in secure places.

How To Remove KoobFace Worm?

To manually remove Koobface from your PC, first kill processes fbtre6.exe, mstre6.exe and ld08.exe

Then, delete the registry values:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\”systray” = “c:\windows\mstre6.exe”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\”systray” = “C:\Windows\fbtre6.exe”
  • HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating

Now delete the files fbtre6.exe, fmark2.dat and ld08.exe from your hard disk.

How To Protect Your Computer from Koobface Malware?

You may install Spyware Doctor from PC Tols website or Spyware Doctor with Google Packs. Google Pack also provides Norton Virus Scan too, for free.

It is always good to have AVG Free with Antivirus, Anti Spyware and Resident Shield running in your windows dekstop, and always update the signnature databases daily to protect you and your computer.

Be the first to comment

Leave a Reply