Koobface is also known as W32/Koobface, W32/Koobface.AZ, W32.Koobface and Boface. Once it gets on a machine, it checks if there are cookies of social networks. If it finds the cookies, it infects victim’s profile. If Koobface worm can’t find evidence of social networking websites, it simply erases itself.
Koobface also loads pop-ups that look like MS Windows error messages. The pop-up contains the following text: "Error installing Codec. Please contact support." Related files: fmark2.dat
• Connects itself to the internet
• Hides from the user
• Stays resident in background
Koobface manual removal
Delete registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\"systray" = "c:\windows\mstre6.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\"systray" = "C:\Windows\fbtre6.exe"
Geolocation of Koobface
Post a comment
Attention: Use this form only if you have additional information about a parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.