Koobface worm is distributed on social networks, usually on MySpace and Facebook. It embeds itself on victim’s profile and displays links to malicious websites. The websites promote video codec which is actually the Koobface worm. Those sources might also install the worm without notifying visitors.
Koobface is also known as W32/Koobface, W32/Koobface.AZ, W32.Koobface and Boface. Once it gets on a machine, it checks if there are cookies of social networks. If it finds the cookies, it infects victim’s profile. If Koobface worm can’t find evidence of social networking websites, it simply erases itself.
Koobface also loads pop-ups that look like MS Windows error messages. The pop-up contains the following text: "Error installing Codec. Please contact support."
Related files: fmark2.dat
• Connects itself to the internet
• Hides from the user
• Stays resident in background
It might be that we are affiliated with any of our recommended products. Full disclosure can be found in our Agreement of Use.
and Agreement of Use
Koobface manual removal:
Delete registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\"systray" = "c:\windows\mstre6.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\"systray" = "C:\Windows\fbtre6.exe"
Geolocation of Koobface:
This map reveals the prevalence of Koobface. Countries and regions that have been affected the most are: United States, Canada, United Kingdom, Italy and Germany.
QR code for Koobface removal instructions:
QR is short for Quick Response. They can be read quickly by the mobile phones. QR codes can store more data than standard barcodes, including url links, geo coordinates, and text.
The reason we add QR code to the website is that parasites like Koobface are really hard to remove on infected computer.
you can quicly scan the QR code with your mobile device and have manual removal instructions to uninstall Koobface right in your pocket.
Simply use the QR scanner and read removal instructions from mobile device.