Posted: November 24, 2008

W32.Koobface.B Description

W32.Koobface.B is a very malicious and devious worm which is spread via social networking sites such as Facebook and MySpace. This is how the Koobface.B Worm operates: W32.Koobface.B targets Facebook users by creating spam messages and sending them to the infected users's friends via the Facebook site. The messages and comments include the following texts: "Paris Hilton Tosses Dwarf On The Street," "Examiners Caught Downloading Grades From The Internet," "You must see it!!! LOL. My friend catched you on hidden cam," "Is it really celebrity? Funny Moments," and many others. Messages and comments on MySpace and Facebook include links to youtube.[skip].pl. If the user clicks on this link, they are redirected to youtube.[skip].ru, a site which purportedly contains a video clip. If the user tries to watch the video, a message will appear stating that they need the latest version of Flash Player in order to watch the clip. However, instead of the latest version of Flash Player, a file called codecsetup.exe is downloaded to the users's machine; this file is also a network worm.

Koobface.B Worm is very deceptive and clever because users ordinarily trust messages left by "friends" on social networking sites so the probability of you clicking on the link is high. Koobface.B Worm fiendishly preys on this user vulnerability. Once the W32.Koobface.B begins to run, it configures itself to run automatically whenever the system starts, checks for MySpace cookies, and then if it finds them, modifies your profile by adding links to malevolent sites that contain the worm. Avoid clicking on funny video links from unknown MySpace or Facebook users.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 C:\Windows\fbtre6.exe
    2 C:\Windows\fmark2.dat

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\"systray" = "C:\Windows\fbtre6.exe"

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to W32.Koobface.B may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Worms W32.Koobface.B

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.