Koobface
Koobface Description
Koobface is a worm that infects computers by using the messaging system of social networks like Facebook and MySpace. Other Koobface known variants are Boface, W32.Koobface, Net-Worm.Win32.Koobface.b, and W32/Koobface. The Koobface worm attacks profiles by sending an email to a user’s Facebook inbox with subjects like “You look just awesome in this new movie” or “You look funny in this new video” and the email message provides a link to a malicious video website. The malicious video website will prompt the user to download the fake video codec file flash_player.exe under the assumption that the user needs to update the Flash program to view a video.
Once installed, Koobface downloads a program called tinyproxy.exe. Tinyproxy.exe loads a proxy server called Security Accounts Manager which Koobface uses to monitor traffic on TCP port 9090 and proxies all outgoing HTTP traffic. Koobface hijacks search results from search engines like Google, Yahoo, and MSN and replaces the results with links of malicious websites.
Koobface may redirect you to malicous websites that sell rogue security tools. Koobface has the ability to recreate itself after reboot. It is strongly recommended to remove Koobface from your system upon detection.
Aliases
Worm.Win32.Koobface.bn [Rising]Win-Trojan/Injecter.17920.ES [AhnLab-V3]Trojan.Win32.Downloader.17920.GQ [ViRobot]TrojanDownloader.Injecter.abx [Jiangmin]Trojan.Dropper.Koobface.AEJ [McAfee-GW-Edition]DR/Koobface.AEJ [AntiVir]Trojan.DownLoad.40118 [DrWeb]TrojWare.Win32.TrojanDownloader.Injecter.ddn0 [Comodo]Worm.Koobface-125 [ClamAV]W32/Downldr2.FZRM [F-Prot]
More aliases (3069)
Koobface Automatic Detection Tool (Recommended)
Is your PC infected with Koobface? To safely & quickly detect Koobface, we highly recommend you run the malware scanner listed below.
Download SpyHunter's* Malware Scanner to detect Koobface
What happens if Koobface does not let you open SpyHunter or blocks the Internet?
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read
the tutorials on how to find malware,
kill unwanted processes,
remove malicious DLLs and
delete other harmful files. Always be
sure to back up your PC before making any changes.
- The following files were created in the system:
# File Name Detection Count 1 bolivar27.exe 672 2 bill113.exe 614 3 bill107.exe 600 4 bill106.exe 454 5 ndisoko.sys 372 6 bill109.exe 262 7 bill108.exe 255 8 bill115.exe 145 9 bill110.exe 103 10 bill112.exe 37
More files
Registry Modifications
Tutorial: To edit and delete registry entries manually, read the tutorial on
how to remove malicious registry entries.
Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.
Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.
- The following newly produced Registry Values are:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}Captcha7fio32sysfbtraysyshitray2sysldtray
Posted: December 5, 2008 | By SpywareRemove
MoreThreat Level: 9/10
(1 votes, average: 5.00 out of 5)
Loading ...Rate this article:
Detection Count: 5,551
Thanks for the info!!
Awesome post . Thanks for, commenting on this blog mate. I shall email you soon! I didnt realise that.
A person necessarily assist to make seriously articles I would state. This is the first time I frequented your web page and up to now? I amazed with the research you made to make this particular submit extraordinary. Magnificent job!
my computer is not opening facebook due to virus. please help me to remove virus from my computer.
Thanks!!
I have received all of the warnings this week about some kind of password stealing trojans being on my computer and then for $99.00 purchased Avast to fix the problem, and on my laptop another bunch of crap is going on and I purchased a program for $49.00 yesterday on Reg tool and am still trying to get it to work properly. I am so pissed, because I currently lost my job last week and I sure didn’t need to spend that money.
My computer wont allow me to download spyhunter and when I manually try to find in computer or all harddrives “Koobface” is not found. Please help me. Thank You, John Myers