A Guide To Koobface Virus Removal

Have you seen messages like this in your Facebook email or in a post on your newsfeed?
Hey, I have this totally funny video of you dancing. Your face is so red. You should check it out.
If you’ve received a message like that through Facebook or MySpace, you may have been exposed to the Koobface virus. Koobface comes through an e-mail supposedly sent by one of your Facebook friends inviting you to watch a video.

Once the link has been clicked, Koobface informs you to update your Flash player before the video can be displayed. Therein lies the virus, Hidden in a flash_player.exe file.

According to the Kaspersky Lab, an antivirus company working with Facebook, the worm turns victim machines into zombie computers to form botnets.
The McAfee Security Blog says that when Koobface infects your system, it initiates a downloaded service named Security Accounts Manager (SamSs) to load on start-up. SamSs then proxies all HTTP traffic, theiving results from popular search engines and hijacking them to lesser-known search sites.

A clear eye for fraud will help you avoid this situation. You can usually spot phony e-mails by their titles. Kaspersky found the following: Paris Hilton Tosses Dwarf On The Street; Examiners Caught Downloading Grades From The Internet; You must see it!!! LOL. My friend catched you on hidden cam; Is it really celebrity? Funny Moments. My own Koobface attack came in an e-mail entitled, lool, yoour blushingg afce is so funny! Checkk out. Obviously, Paris Hilton never threw dwarves, and in all likelihood, my 26-year-old friend knows how to spell more than two words. These are clear indicators you and your friend are being hacked.

Facebook has posted instructions about how to remove the Koobface virus, give your computer an antivirus cleaning and change your Facebook password. You should change your passwords fairly often to protect your accounts.

Koobface manual removal:
Kill processes:
freddy79 fbtre6.exe mstre6.exe ld08.exe Ld12.exe
Now to kill malicious processes
Delete registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\systray = c:\windows\mstre6.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\systray = C:\Windows\fbtre6.exe
HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating
How to remove registry entries
Delete files:
freddy79 fbtre6.exe fmark2.dat ld08.exe Ld12.exe

You can also detect and remove the Facebook virus by doing an online scan with a reputable company. I recommend Reimage. They have been around for a while and are constantly updating their systems to find the latest malicious hacks. Stay away for dubious or fraudulent online spyware removal programs. Always do your research before taking action.

Related Posts

Categories: Uncategorized