Koobface
July 15, 2009 Threat level:
(6 / 10)
Koobface description
Koobface worm is designed to spread via social networks . It affects Bebo, MyYearBook, BlackPlanet and Friendster, but it targets MySpace, Facebook and Twitter more often.
Koobface posts a message on social network or sends a message to everyone on victim’s contacts list. The message usually invites to click a link and watch a video. The link leads to a fraudulent website which offers downloading either a video codec or Flash player update. If user downloads the file, he/she gets a copy of Koobface worm onto computer.
New processes created
fbtre6.exemstre6.exe Learn how to remove malicious processes
New Koobface registry entries created
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\"systray" = "c:\windows\mstre6.exe"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\"systray" = "C:\Windows\fbtre6.exe"
HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating Download RegistryBooster 2010 to scan your registry errors
Learn how to remove malicious registry entries
New files and directories created
C:\Windows\fbtre6.exeC:\Windows\fmark2.dat
mstre6.exe Learn how to unregister malicious DLL files
How to remove Koobface
To remove Koobface manually you must block rogue Koobface related websites, remove malicious processes and registry entries, unregister dlls and delete all malicious Koobface files from your computer.
Please note: cleaning your computer is a difficult and dangerous task, manually editing registry entries and removing processes and files may cause serious damage to your system. We strongly recommend scanning your computer with one of the legitimate antispyware scanners.