Wednesday, August 26, 2009

Social Networking junkies beware of the worm Koobface

Courtesy: Akash Khare

Are you getting enticing messages in your with video links in your social networking sites such as Facebook, Orkut, Twitter, MySpace, iBibo, Friendster etc? Beware that any attempt to download the video my infect your system with Koobface Worm. This worm can steal sensitive data from your computer.

Koobface spreads by delivering Facebook messages to people that are 'friends' of someone on Facebook whose computer has already been infected. The messages contain innocuous subject headers such as "Paris Hilton Tosses Dwarf On The Street", "LOL", "My friend catched you on hidden cam", and "My home video :)" followed by a link. The link leads to video sharing site like YouTube. Once you are there, you have been asked whether you want to download a software required to watch the video. If you click "Yes" the worm gets activated and infect your computer.

The worm not only disrupts your internet experience by sending your searches on engines like Google elsewhere and return garbled replies, it also steals data that may have been left in your computer's memory.

You may not be able to notice the worm activity. However, your internet activity may highlight it  when you will get abnormal results and you will be misdirected to other site.

Steps to remove KoobFace:

Stop Koobface.B Worm processes:
C:\Windows\fbtre6.exe
Delete Koobface.B Worm files:
C:\Windows\fmark2.dat
Get rid of Koobface.B Worm registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\”systray” = “C:\Windows\fbtre6.exe”
HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating
Note: In any Koobface.B Worm files I mention above, “%UserProfile%” is a variable referring to your current user’s profile folder. If you’re using Windows NT/2000/XP, by default this is “C:\Documents and Settings\[CURRENT USER]” (e.g., “C:\Documents and Settings\JoeSmith”). If you have any questions about manual Koobface.B Worm removal, go ahead and leave a comment.

How Do You Remove Koobface.B Worm Files?

Need help figuring out how to delete Koobface.B Worm files? While there’s some risk involved, and you should only manually remove Koobface.B Worm files if you’re comfortable editing your system, you’ll find it’s fairly easy to delete Koobface.B Worm files in Windows.
How to delete Koobface.B Worm files in Windows XP and Vista:
   1. Click your Windows Start menu, and then click “Search.”
   2. A speech bubble will pop up asking you, “What do you want to search for?” Click “All files and folders.”
   3. Type a Koobface.B Worm file in the search box, and select “Local Hard Drives.”
   4. Click “Search.” Once the file is found, delete it.

How to stop Koobface.B Worm processes:

  1. Click the Start menu, select Run.
  2. Type taskmgr.exe into the the Run command box, and click “OK.” You can also launch the Task Manager by pressing keys CTRL + Shift + ESC.
  3. Click Processes tab, and find Koobface.B Worm processes.
  4. Once you’ve found the Koobface.B Worm processes, right-click them and select “End Process” to kill Koobface.B Worm.

How to remove Koobface.B Worm registry keys:

Koobface.B Worm warning Because your registry is such a key piece of your Windows system, you should always backup your registry before you edit it. Editing your registry can be intimidating if you’re not a computer expert, and when you change or a delete a critical registry key or value, there’s a chance you may need to reinstall your entire system. Make sure your backup your registry before editing it.

  1. Select your Windows menu “Start,” and click “Run.” An “Open” field will appear. Type “regedit” and click “OK” to open up your Registry Editor.
  2. Registry Editor will open as a window with two panes. The left side Registry Editor’s window lets you select various registry keys, and the right side displays the registry values of the registry key you select.
  3. To find a registry key, such as any Koobface.B Worm registry keys, select “Edit,” then select “Find,” and in the search bar type any of Koobface.B Worm’s registry keys.
  4. As soon as Koobface.B Worm registry key appears, you can delete the Koobface.B Worm registry key by right-clicking it and selecting “Modify,” then clicking “Delete.”


How to delete Koobface.B Worm DLL files:

  1. First locate Koobface.B Worm DLL files you want to delete. Open your Windows Start menu, then click “Run.” Type “cmd” in Run, and click “OK.”
  2. To change your current directory, type “cd” in the command box, press your “Space” key, and enter the full directory where the Koobface.B Worm DLL file is located. If you’re not sure if the Koobface.B Worm DLL file is located in a particular directory, enter “dir” in the command box to display a directory’s contents. To go one directory back, enter “cd ..” in the command box and press “Enter.”
  3. When you’ve located the Koobface.B Worm DLL file you want to remove, type “regsvr32 /u SampleDLLName.dll” (e.g., “regsvr32 /u jl27script.dll”) and press your “Enter” key.That’s it. If you want to restore any Koobface.B Worm DLL file you removed, type “regsvr32 DLLJustDeleted.dll” (e.g., “regsvr32 jl27script.dll”) into your command box, and press your “Enter” key.

Did Koobface.B Worm change your homepage?

  1. Click Windows Start menu > Control Panel > Internet Options.
  2. Under Home Page, select the General > Use Default.
  3. Type in the URL you want as your home page (e.g., “http://www.homepage.com”).
  4. Select Apply > OK.
  5. You’ll want to open a fresh web page and make sure that your new default home page pops up.

Posted by Techcorrespondent at 9:13 PM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)