Remove Koobface. Description and removal instructions

Title: Koobface	Also known as: W32/Koobface,W32.Koobface,W32/Koobface.AZ,Boface
Type: Worms	Severity scale: (72 / 100)

Koobface worm is distributed on social networks, usually on MySpace and Facebook. It embeds itself on victim’s profile and displays links to malicious websites. The websites promote video codec which is actually the Koobface worm. Those sources might also install the worm without notifying visitors.

Koobface is also known as W32/Koobface, W32/Koobface.AZ, W32.Koobface and Boface. Once it gets on a machine, it checks if there are cookies of social networks. If it finds the cookies, it infects victim’s profile. If Koobface worm can’t find evidence of social networking websites, it simply erases itself.

Koobface also loads pop-ups that look like MS Windows error messages. The pop-up contains the following text: “Error installing Codec. Please contact support.”

FORUM:
Discuss Koobface in
spyware removal forum

Related files: Ld12.exe, fmark2.dat, fbtre6.exe, ld08.exe, freddy79

Koobface properties:
• Connects itself to the internet
• Hides from the user
• Stays resident in background

Automatic Koobface removal:

remover for Koobface

Koobface manual removal:

Kill processes:
freddy79 fbtre6.exe mstre6.exe ld08.exe Ld12.exe

HELP:
how to kill malicious processes

Delete registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\"systray" = "c:\windows\mstre6.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\"systray" = "C:\Windows\fbtre6.exe"
HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating

HELP:
how to remove registry entries

Delete files:
freddy79 fbtre6.exe fmark2.dat ld08.exe Ld12.exe

HELP:
how to remove harmful files

Other programs to remove Koobface:

• Malwarebytes Anti Malware - Review - Download
• Malwarebytes Anti Malware - Review - Download
• Windows Defender - Review - Download

Information added: 24/11/08
Information updated: 28/01/10

Additional resources related to Koobface:

Attention: If you know or you have a website or page about Koobface removal, feel free to add a link to this list: add url

more resources

Post Comment:

Attention: Use this form only if you have additional information about Koobface parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.

Comments from visitors:

1. by . 2010-01-28 04:01:25

I just cleaned this from a friend's laptop last night. It was up to freddy81.

2. by . 2010-01-05 11:01:24

i hate this stupid virus

3. by rodi. 2009-12-31 00:12:15

Thank you, we added freddy79 to the list too. Just download an automatic removal tool and run a system scan. I'm afraid that manual removal won't work for you.

4. by . 2009-12-30 10:12:16

it's freddy79. i was able to manually stop the processes, found the registry entries and deleted them but "freddy79" remains in C:Windows. If anyone has suggestions on getting it deleted, please post. It will no longer let you delete the file.

5. by . 2009-09-17 17:09:08

yah it's freddy64 now

6. by . 2009-08-17 18:08:05

Removed Koobface using AVG, but still can Not connect to the Net using Internet Explorer even after changing the LAN Settings to automaic detect settings from Use a Proxy server. Please help

7. by rodi. 2009-07-27 23:07:25

Thanks, although this file has other anmes as well. Previously it was freddy46, freddy49. Now, it's freddy51. Later it could be freddy52, freddy53 and etc.

8. by . 2009-07-27 14:07:04

I also had to remove a file "freddy51" from the C drive as well.