NEWS
PARASITES
SOFTWARE
FORUM
DIRECTORY

 
 
 
 
 
 
  

Remove Koobface. Description and removal instructions

 
Title: Koobface
 Also known as: W32/Koobface,W32.Koobface,W32/Koobface.AZ,Boface
Type: Worms
Severity scale:Koobface severity is 72  (72 / 100)
 
Koobface worm is distributed on social networks, usually on MySpace and Facebook. It embeds itself on victim’s profile and displays links to malicious websites. The websites promote video codec which is actually the Koobface worm. Those sources might also install the worm without notifying visitors.

Koobface is also known as W32/Koobface, W32/Koobface.AZ, W32.Koobface and Boface. Once it gets on a machine, it checks if there are cookies of social networks. If it finds the cookies, it infects victim’s profile. If Koobface worm can’t find evidence of social networking websites, it simply erases itself.

Koobface also loads pop-ups that look like MS Windows error messages. The pop-up contains the following text: “Error installing Codec. Please contact support.”

FORUM:
Discuss Koobface in
spyware removal forum

Related files: ld08.exe, fbtre6.exe, fmark2.dat, Ld12.exe

Koobface properties:
• Connects itself to the internet
• Hides from the user
• Stays resident in background

Automatic Koobface removal:

remover for Koobface

Koobface manual removal:

Kill processes:
fbtre6.exe mstre6.exe ld08.exe Ld12.exe
HELP:
how to kill malicious processes

Delete registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\"systray" = "c:\windows\mstre6.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\"systray" = "C:\Windows\fbtre6.exe"
HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating
HELP:
how to remove registry entries

Delete files:
fbtre6.exe fmark2.dat ld08.exe Ld12.exe
HELP:
how to remove harmful files

Other programs to remove Koobface:

• Malwarebytes Anti Malware - Review - Download
• Malwarebytes Anti Malware - Review - Download
• Windows Defender - Review - Download

Information added: 24/11/08
Information updated: 17/09/09

Additional resources related to Koobface:

Attention: If you know or you have a website or page about Koobface removal, feel free to add a link to this list: add url



more resources

Post Comment:

Attention: Use this form only if you have additional information about Koobface parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.



Enter security code:


Comments from visitors:

1. by . 2009-09-17 17:09:08
yah it's freddy64 now

2. by . 2009-08-17 18:08:05
Removed Koobface using AVG, but still can Not connect to the Net using Internet Explorer even after changing the LAN Settings to automaic detect settings from Use a Proxy server. Please help

3. by rodi. 2009-07-27 23:07:25
Thanks, although this file has other anmes as well. Previously it was freddy46, freddy49. Now, it's freddy51. Later it could be freddy52, freddy53 and etc.

4. by . 2009-07-27 14:07:04
I also had to remove a file "freddy51" from the C drive as well.
Latest spyware news:
Similar parasites:
Related discussions:
Latest Spyware Threats: VirusProtect Pro | VirusLocker | SpyCrush | ContraVirus | SpyLocked | SpyDawn | AntiVerminser | SpywareQuake | VirusBurst | AntiVermins | AntiVermeans | Zlob | PopCorn.net | MovieLand | TagASaurus | BraveSentry | VirusBurster | SystemDoctor | VirusRescue | MalwareWipe | SpySheriff | CmdService | Smitfraud | SpywareStrike | WinFixer | WinHound | PestTrap | UnSpyPC
Agreement of Use | Privacy policy | Webmasters | Contact us | RSS Feeds
© 2001-2008 2-spyware.com All Rights Reserved. Reproduction in part or whole without written permission is prohibited. Powered by: eSolutions.