Koobface
The Koobface virus can infect social networking sites, leading to data loss. Uncover the ways of removing the Koobface virus and keep your home page worm and virus free.
If you own an account in sites like Facebook and MySpace, you should be aware of how the Koobface virus works. This knowledge will help keep your site and personal information safe.
How the Virus Spreads
A user on Facebook will get a message. The headers vary, but the most popular ones include the following:
You must see it!!! LOL.
Paris Hilton Tosses Dwarf On The Street
Funny Moments
You look so amazing funny on our new video
The message will take you to a site that supposedly offers an Adobe Flash upgrade or player. In reality it is the virus. Once it has been downloaded, the virus takes over your web browsing. Every time you use search engines like Google, MSN, Live and Yahoo you’ll get nothing but infected sites.
There are currently two variants known as Net-Worm.Win32.Koobface.a and b. The former goes after MySpace while the latter infects Facebook users. Its effect seems limited to systems running Microsoft Windows.
Effects on Computers
The main objective of the virus is to infect your friends’ accounts as well. It will install inyproxy.exe, which tracks the “friends” database on your system. Subsequently it sends a similar message with a link to the virus to your friends. In some cases it can hijack your connection. Instead of getting to Google for example, you’ll be taken somewhere else.
The damage that it can cause varies. Apart from misdirecting your Web searches, some report hard disk files disappearing or being deleted.
Removal and Prevention
The best way to remove Koobface is to delete any messages you get with the above mentioned headers. If the header you get is different but seems unusual, inquire from your friend if that message really came from them.
If you have antivirus software, run it. If your antivirus software is up to date it will detect and automatically remove the virus. Even free antivirus software can get rid of it. If you would rather remove it manually you can do so. However it is more complicated and requires editing the Registry. As always, backup this files before making any changes.
First right click the Start Menu and click search. Type “Koobface”. When the file appears, delete it. Now press shift, ctrl and esc to bring up the Task Manager. If there are any files bearing the worm’s name in the processes tab, choose “End Process”.
To remove it from the Registry, type “regedit” in the Run command line. You can also type “regedit.exe” in the search box. Choose Edit and “find”. Delete the following files.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\”systray” = “C:\Windows\fbtre6.exe”
HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating
To delete its dll files, choose run from the Start Menu. Type “cmd” and press enter. When you find the file, delete in the following manner. Type “regsvr32 /u SampleDLLName.dll”.
As stated earlier, it is best to use an antivirus to get rid of the virus easily. But even better is to maintain good computing habits. Do not open any messages that look suspicious. This is especially true if you are new to social networking. Because the virus is mutating, it pays to be informed about the facts as they appear.
The best way to keep potential threats like Koobface away is by using a combination of good antivirus software and common sense. If you take the appropriate steps you won’t have to worry about a thing.
