Severity scale  
  (72/100)

Koobface. How to Remove? (Uninstall Guide)

removal by - -   Also known as Boface | Type: Worms
12

Koobface worm proliferates and sucessfully brings money for its developers

Koobface is a malicious program that is capable of affecting Mac OS X, Linux and Microsoft Windows operating systems. Koobface is also known as W32/Koobface, W32/Koobface.AZ, W32.Koobface and Boface. By the time it gets on a machine, it checks if there are cookies of social networks. If it finds the cookies, it infects victim’s profile. Koobface worm is usually spread on these social networks: MySpace, Facebook, Yahoo Messenger, Skype, and Twitter. If Koobface worm can’t find evidence of social networking websites, it simply erases itself and then loads pop-ups that look like MS Windows error messages. The pop-ups contains the following text: "Error installing Codec. Please contact support."

If computer user actively uses social media networks, Koobface detects particular cookies and collects victim's login information of all social media websites that he or she visits. Then it sends messages to people on the victim's friend list, asking to view a video. This message includes a malicious hyperlink. If people click on this hyperlink, they are going to be redirected to a harmful website, which states that an update of Flash is required in order to review the content. The download links includes flash_player.exe file. If the person allows to install the update, he/she gives an access for an installer of Koobface. It means that this .exe file is going to silently download and install Koobface infection files.

Koobface hacking worm allows the cyber-criminals to track and record sensitive data about the victim, for example, it can see what passwords do you enter on particular websites, what are your logins and it can even find out credit card info and banking information! Be aware because it can lead to a financial loss. In addition to that, this malicious worm can display vague ads convincing you to install fake anti-virus programs. Do not install any software promoted by Koobface virus hoax - most likely you will infect your computer even more.

Beware of tech support scammers who claim that your computer has been infected with KoobFace malware. Technical support scammers make victims install a malicious program that displays pop-up messages via user's default web browser, stating that the system has been compromised. Such malicious programs can display a lock screen and prevent the user from accessing the PC, or pose as a phony Windows Update. All of these deceptive programs are designed to showcase technical support number that the user supposedly needs to call in order to get help from "certified technicians." If your computer is telling you that the system is infected with Koobface and urges you to contact tech support team, better scan the system for malware. We also strongly recommend reading this article - Tech Support Scam virus.

The malicious website including the Koobface worm download installer

How does Koobface virus infect computers?

Koobface is usually spread via social engineering. It means that it is spread via social media messages. If your friend has sent you a link that looks suspicious (looks unfamiliar and contains a lot of random symbols), you should double-ask your friend if he/she really sent that. Such Koobface spam usually includes such and similar lines:

  • "I saw your silly face in that movie, check it!";
  • "Why do you look so stupid? xD See yourself";
  • "You look just awesome in this new movie";
  • "My friend caught you on hidden cam."

If you can remember clicking any of these messages, make sure that you double check your computer for Koobface malware. Also, you should scan your computer with the powerful anti-spyware if you have been tricked into downloading a fake version of Flash Player, which was disguised as "flash_player.exe". Otherwise, Koobface can try to overtake your HTTP traffic, steal your personal information and infect your PC system with additional malware. If you think that you are infected, please, scan your computer with Reimage. You can find more about Koobface removal below.

Koobface malware gang demonstrates wealth on the Internet

While the majority of cyber criminals tend to stay underground and not brag about the money they earn in illegal ways, criminals behind Koobface virus behave in an entirely different way. According to research, cyber criminals who have created Koobface project have earned thousands of US dollars daily - up to 10 grand a day. These criminals were so proud of themselves and loved money so much so that they all have set their phones to deliver a message telling how much money has been earned in the previous 24 hours every morning. These criminals have also been spotted swaggering on social media and posting pictures next to money piles and Porsches. Do not let these scammers take advantage of you and protect your computer in advance to avoid Koobface malware attack. Please, do not click on suspicious-looking links while browsing social media websites and do not open links sent by your friends that point to a video that has nothing to do with you. 

Koobface prevention tips

  1. Do not browse unreliable websites. If you have opened a website which asks to update your Flash Player, and you know that it was possible to open other videos before, you should know that the website is suspicious. Close it immediately.
  2. If you have at least a smallest suspicion that your friend did not send the suspicious message with a hyperlink, ask him or her twice.
  3. Keep an anti-malware program on your computer to prevent infectious computer threats; we recommend Reimage.

Koobface infection removal

You can check if you have this infection by opening Windows Task Manager and looking for such processes: freddy79.exe, fbtre6.exe, mstre6.exe, ld08.exe, Ld12.exe. You must remove this malicious threat from your computer and stop the spread of it. You can remove it manually, and we have provided the instructions how to do it below this article. Nonetheless, we strongly advise you to remove Koobface worm automatically. After removal, change your social media and banking passwords to ensure that the cyber-criminals will not use them again.

 

Related files: fmark2.dat

Koobface properties:
• Connects itself to the internet
• Hides from the user
• Stays resident in background

It might be that we are affiliated with any of our recommended products. Full disclosure can be found in our Agreement of Use. By downloading any of provided Anti-spyware software you agree with our Privacy Policy and Agreement of Use.
Do it now!
Download
Reimage - remover Happiness
Guarantee
Compatible with Microsoft Windows
What to do if failed?
If you failed to remove infection using Reimage Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall Koobface. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.
Reimage is recommended to uninstall Koobface. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.
Not using OS X? Download a remover for Windows.
Press Mentions on Reimage
Alternate Software
Alternate Software
Plumbytes
We are testing Plumbytes's efficiency (2016-10-13 10:11)
Malwarebytes Anti Malware
We are testing Malwarebytes Anti Malware's efficiency (2016-10-13 10:11)
Webroot SecureAnywhere AntiVirus
Koobface screenshot
Koobface message snapshot

Koobface manual removal

Kill processes:
freddy79
fbtre6.exe
mstre6.exe
ld08.exe
Ld12.exe
Delete registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\"systray" = "c:\windows\mstre6.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\"systray" = "C:\Windows\fbtre6.exe"
HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating
Delete files:
freddy79
fbtre6.exe
fmark2.dat
ld08.exe
Ld12.exe

Method 1. Remove Koobface using Safe Mode with Networking

Start your computer in Safe Mode with Networking and then run a strong malware removal tool to fetch all components of Koobface Trojan. Do not try to remove this dangerous virus manually, please - this way, you can delete only part of malicious components and leave Koobface remains on the system, which would keep the computer vulnerable to further virus attacks. Mac users should use Mac-compatible anti-malware software, for example, Webroot.

Step 1: Reboot your computer to Safe Mode with Networking
Windows 7 / Vista / XP
  • Click Start Shutdown Restart OK.
  • When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
  • Select Safe Mode with Networking from the list
Select 'Safe Mode with Networking'
Windows 10 / Windows 8
  • Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
  • Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
  • Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window.
Select 'Enable Safe Mode with Networking'
Step 2: Remove Koobface

Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete Koobface removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Reimage is a tool to detect malware. You need to purchase full version to remove infections.
More information about Reimage
Reimage is a tool to detect malware. You need to purchase full version to remove infections. More information about Reimage

Method 2. Remove Koobface using System Restore

Step 1: Reboot your computer to Safe Mode with Command Prompt
Windows 7 / Vista / XP
  • Click Start Shutdown Restart OK.
  • When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
  • Select Command Prompt from the list
Select 'Safe Mode with Command Prompt'
Windows 10 / Windows 8
  • Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
  • Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
  • Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window.
Select 'Enable Safe Mode with Command Prompt'
Step 2: Restore your system files and settings
  • Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
  • Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
  • When a new window shows up, click Next and select your restore point that is prior the infiltration of Koobface. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
  • Now click Yes to start system restore. Click 'Yes' and start system restore
Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that Koobface removal is performed successfully.
Reimage is a tool to detect malware. You need to purchase full version to remove infections.
More information about Reimage
Reimage is a tool to detect malware. You need to purchase full version to remove infections. More information about Reimage

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Koobface and other ransomwares, use a reputable anti-spyware, such as Reimage, PlumbytesWebroot SecureAnywhere AntiVirus or Malwarebytes Anti Malware

Ugnius Kiguolis
Ugnius Kiguolis - Expert in malware removal

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Geolocation of Koobface

Map reveals the prevalence of Koobface. Countries and regions that have been affected the most are: United States, Canada, United Kingdom, Italy and Germany.

Removal guides in other languages


Information updated:

Comments on Koobface

0
0
Allison
Free scan yes, remove the virus, need to pay, I cant afford it. So unless you can afford to buy something, i wouldnt get this.
0
0
Freddie
What about other computers on the same network
0
0
Freddie
What about other computers on the same network
0
0
George Kinal
Great. Article says koobface can infect Macs BUT it says bloody well NOTHING at all about how to do so.
2
0
alicia
SpyHunter worked very well, thank you!!!!! This malicious threat is gone for good, god damn it! need to change my passwords now
4
0
boka choda
koob face amar computer chude deache
1
4
Saleem
Avira gets rid of koobface.
More comments »

Post a comment

Attention: Use this form only if you have additional information about a parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.

Home page Name



«

(All fields are required)