Koobface. How to remove? (Uninstall guide)

by ,   Also known as Boface | Type: Worms

What you should know about Koobface scam:

Koobface is a malicious program that is capable of affecting Mac OS X, Linux and Microsoft Windows operating systems. Koobface is also known as W32/Koobface, W32/Koobface.AZ, W32.Koobface and Boface. By the time it gets on a machine, it checks if there are cookies of social networks. If it finds the cookies, it infects victim’s profile. Koobface worm is usually spread on these social networks: MySpace, Facebook, Yahoo Messenger, Skype, and Twitter. If Koobface worm can’t find evidence of social networking websites, it simply erases itself and then loads pop-ups that look like MS Windows error messages. The pop-ups contains the following text: “Error installing Codec. Please contact support.” 

If computer user actively uses social media networks, Koobface detects particular cookies and collects victim's login information of all social media websites that he or she visits. Then it sends messages to people on the victim's friend list, asking to view a video. This message includes a malicious hyperlink. If people click on this hyperlink, they are going to be redirected to a harmful website, which states that an update of Flash is required in order to review the content. The download links includes flash_player.exe file. If the person allows to install the update, he/she gives an access for an installer of Koobface. It means that this .exe file is going to silently download and install Koobface infection files. 

Koobface hacking worm allows the cyber-criminals to track and record sensitive data about the victim, for example, it can see what passwords do you enter on particular websites, what are your logins and it can even find out credit card info and banking information! Be aware because it can lead to a financial loss. In addition to that, this malicious worm can display vague ads convincing you to install fake anti-virus programs. Do not install any software promoted by Koobface virus hoax - most likely you will infect your computer even more.

The malicious website including the Koobface worm download installer

How Koobface can hijack my computer?

Koobface is usually spread via social engineering. It means that it is spread via social media messages. If your friend has sent you a link that looks suspicious (looks unfamiliar and contains a lot of random symbols), you should double-ask your friend if he/she really sent that. Such Koobface spam usually includes such and similar lines:

  • "I saw your silly face in that movie, check it!";
  • "Why do you look so stupid? xD See yourself";
  • "You look just awesome in this new movie";
  • "My friend caught you on hidden cam."

What you can do to secure your computer from this worm?

  1. Do not browse unreliable websites. If you have opened a website which asks to update your Flash Player, and you know that it was possible to open other videos before, you should know that the website is suspicious. Close it immediately.
  2. If you have at least a smallest suspicion that your friend did not send the suspicious message with a hyperlink, ask him twice. 
  3. Keep an anti-malware program on your computer to prevent infectious computer threats; we recommend SpyHunter.

How to remove this infection?

You can check if you have this infection by opening Windows Task Manager and looking for such processes: freddy79.exe, fbtre6.exe, mstre6.exe, ld08.exe, Ld12.exe. You must remove this malicious threat from your computer and stop the spread of it. You can remove it manually, and we have provided the instructions how to do it below this article. Nonetheless, we strongly advise you to remove Koobface worm automatically. After removal, change your social media and banking passwords to ensure that the cyber-criminals will not use them again.

Related files: fmark2.dat

Koobface properties:
• Connects itself to the internet
• Hides from the user
• Stays resident in background

It might be that we are affiliated with any of our recommended products. Full disclosure can be found in our Agreement of Use.
By downloading any of provided Anti-spyware software you agree with our Privacy Policy and Agreement of Use.
Do it now!
SpyHunter - remover Happiness
Compatible with Microsoft Windows
What to do if failed? If you failed to remove infection using Webroot SecureAnywhere AntiVirus SpyHunter, read here how to submit a support ticket or submit a question to our support team and provide as much details as possible.
SpyHunter is recommended to uninstall Koobface. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of SpyHunter malware removal tool.

More information about this program can be found in SpyHunter review.

If you decided to select another anti-spyware, uninstall SpyHunter from your computer.
more than 40.000.000 downloads!
Webroot SecureAnywhere AntiVirus is recommended remover to uninstall Koobface. You should confirm using free trial that it detects current version of parasite.
Not using OS X? Download a remover for Windows.
Alternate Software
Malwarebytes Anti Malware
We are testing Malwarebytes Anti Malware's efficiency (2015-11-10 08:43)
Koobface screenshot

Koobface manual removal

Kill processes:
Delete registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\"systray" = "c:\windows\mstre6.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\"systray" = "C:\Windows\fbtre6.exe"
Delete files:

Geolocation of Koobface

Map reveals the prevalence of Koobface. Countries and regions that have been affected the most are: United States, Canada, United Kingdom, Italy and Germany.

Information updated:

Comments on Koobface

George Kinal
Great. Article says koobface can infect Macs BUT it says bloody well NOTHING at all about how to do so.
SpyHunter worked very well, thank you!!!!! This malicious threat is gone for good, god damn it! need to change my passwords now
boka choda
koob face amar computer chude deache
Avira gets rid of koobface.
hey guys after i infected with koobface my Google Chrome cant login facebook and any google related sites. Is it also koobfaces effect??
Yeah it can! Try to retrieve your account by answering the security questions or send the password reset link to your e-mail. BUT FIRSTLY REMOVE KOOBFACE!!! otherwise this worm will see your new passowrds as well
uhh, i found a bill something, but deleted it as soon as i found it (i run in safemode so i know what processz arnt suppose to be there) but i cant find it anywhere on my laptop, any help on where bill105 would be in the registry?
Avira (free) gets rid of Koobface
More comments »

Post a comment

Attention: Use this form only if you have additional information about a parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.

Home page Name


(All fields are required)
Like us on Facebook