is also known as W32/Koobface,W32.Koobface,W32/Koobface.AZ,Boface
Koobface worm is distributed on social networks, usually on MySpace and Facebook. It embeds itself on victim’s profile and displays links to malicious websites. The websites promote video codec which is actually the Koobface worm. Those sources might also install the worm without notifying visitors.
Koobface is also known as W32/Koobface, W32/Koobface.AZ, W32.Koobface and Boface. Once it gets on a machine, it checks if there are cookies of social networks. If it finds the cookies, it infects victim’s profile. If Koobface worm can’t find evidence of social networking websites, it simply erases itself.
Koobface also loads pop-ups that look like MS Windows error messages. The pop-up contains the following text: "Error installing Codec. Please contact support."
Related files: fmark2.dat
• Connects itself to the internet
• Hides from the user
• Stays resident in background
Automatic Koobface removal:
It might be that we are affiliated with any of our recommended products. Full disclosure can be found in
our Agreement of Use.
We are testing STOPzilla's efficiency at removing Koobface
We are testing SpyHunter's efficiency at removing Koobface
Malwarebytes Anti Malware
We are testing Malwarebytes Anti Malware's efficiency at removing Koobface
We are testing XoftSpySE Anti Spyware's efficiency at removing Koobface
Virus Removal Phone Support
Koobface manual removal
Delete registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\"systray" = "c:\windows\mstre6.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\"systray" = "C:\Windows\fbtre6.exe"
Geolocation of Koobface
This map reveals the prevalence
of Koobface. Countries and regions that have been affected the most
are: United States, Canada, United Kingdom, Italy and Germany.
QR code for Koobface removal instructions
QR is short for Quick Response. They can be read quickly by the mobile phones. QR codes can store more data than
standard barcodes, including url links, geo coordinates, and text.
The reason we add QR code to the
website is that parasites like Koobface are really hard to remove on infected computer.
you can quicly scan the QR code with your mobile device and have manual removal instructions to
uninstall Koobface right in your pocket.
Simply use the QR scanner and read removal instructions from mobile device.
Information added: 2008-11-24 03:25
Information updated: 2012-02-09 12:59
Attention: If you know know a reputable website reated to security threats, please add a link here: add url