Koobface Description

Koobface is a worm that infects computers by using the messaging system of social networks like Facebook and MySpace. Other Koobface known variants are Boface, W32.Koobface, Net-Worm.Win32.Koobface.b, and W32/Koobface. The Koobface worm attacks profiles by sending an email to a user’s Facebook inbox with subjects like “You look just awesome in this new movie” or “You look funny in this new video” and the email message provides a link to a malicious video website. The malicious video website will prompt the user to download the fake video codec file flash_player.exe under the assumption that the user needs to update the Flash program to view a video.

» Learn more about SpyHunter's Spyware Detection Tool
and steps to uninstall SpyHunter.

The flash_player.exe is really a doorway meant to let Koobface infect your computer.

Once installed, Koobface downloads a program called tinyproxy.exe. Tinyproxy.exe loads a proxy server called Security Accounts Manager which Koobface uses to monitor traffic on TCP port 9090 and proxies all outgoing HTTP traffic. Koobface hijacks search results from search engines like Google, Yahoo, and MSN and replaces the results with links of malicious websites.

Koobface may redirect you to malicous websites that sell rogue security tools. Koobface has the ability to recreate itself after reboot. It is strongly recommended to remove Koobface from your system upon detection.


Worm.Win32.Koobface.bn [Rising]Win-Trojan/Injecter.17920.ES [AhnLab-V3]Trojan.Win32.Downloader.17920.GQ [ViRobot]TrojanDownloader.Injecter.abx [Jiangmin]Trojan.Dropper.Koobface.AEJ [McAfee-GW-Edition]DR/Koobface.AEJ [AntiVir]Trojan.DownLoad.40118 [DrWeb]TrojWare.Win32.TrojanDownloader.Injecter.ddn0 [Comodo]Worm.Koobface-125 [ClamAV]W32/Downldr2.FZRM [F-Prot]

More aliases (3069)

Koobface Automatic Detection Tool (Recommended)

Is your PC infected with Koobface? To safely & quickly detect Koobface we highly recommend you run the malware scanner listed below.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

Registry Modifications

Tutorial: To edit and delete registry entries manually, read the tutorial on how to remove malicious registry entries.

Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.
  • The following newly produced Registry Values are:

Related Posts

Posted: December 5, 2008 | By
Rate this article:
1 Star2 Stars3 Stars4 Stars5 Stars (2 votes, average: 4.00 out of 5)
Loading ... Loading ...
Threat Metric
Threat Level: 5/10
Detection Count: 5,644


  • Clark Creery says:

    My wife’s laptop downloaded all sorts of things and she could not get to anything, we called Microsoft Support and they charged us 299 to run both her computer and my laptop to look for and fix koobface. In Feb we had a similar infection and the microsoft group charged 99 dollars and their fix did not work, so they tried again and it worked so I filed a complaint with my credit card company. That is currently in litigation. I am a retired service member living on my retirement and i find by looking up this worm, everyone has a fix? I am very concerned with Microsoft. I tried their MRT program and it appears to do the same thing that their fix did and it was free. Daily I run CCleaner followed up by malware bytes. This really haunts me.

  • Jared Clifford says:

    Thanks for the info!!

  • Irvin Ciraolo says:

    Awesome post . Thanks for, commenting on this blog mate. I shall email you soon! I didnt realise that.

  • p90x worksheets says:

    A person necessarily assist to make seriously articles I would state. This is the first time I frequented your web page and up to now? I amazed with the research you made to make this particular submit extraordinary. Magnificent job!

  • jyoti jitender kaur says:

    my computer is not opening facebook due to virus. please help me to remove virus from my computer.

  • Lyndell says:


  • Rhonda says:

    I have received all of the warnings this week about some kind of password stealing trojans being on my computer and then for $99.00 purchased Avast to fix the problem, and on my laptop another bunch of crap is going on and I purchased a program for $49.00 yesterday on Reg tool and am still trying to get it to work properly. I am so pissed, because I currently lost my job last week and I sure didn’t need to spend that money.

  • John Myers says:

    My computer wont allow me to download spyhunter and when I manually try to find in computer or all harddrives “Koobface” is not found. Please help me. Thank You, John Myers

Leave a Reply

What is 11 + 5 ?
Please leave these two fields as-is:
IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)