How Can I Remove The Koobface Virus From My Computer?

Koobface is the latest buzz in the arena of computers. No it is not a web service, and neither is it an amazing software package. Koobface is actually the latest Internet worm which targets the popular social networking sites. Many Facebook users have already been infected by this highly contagious Internet worm.

How Can I Remove The Koobface Virus From My Computer?

Why Koobface targets Social Networking sites

Social networking has become a daily activity of nearly every Internet user and that is the reason why the Koobface creators have decided to make users of social networks their targets.

Koobface spreads rapidly once it enters your computer, leading to slow and sluggish performance.

It dumps a ‘tinyproxy.exe” file on to your computer which then hijacks your machine and leads to its automatic operation, leaving it very vulnerable.

How to avoid the Koobface Virus

It starts with the arrival of some automated messages or emails having catchy or weird titles like:

• Paris Hilton Tosses Dwarf On The Street
• You must see it!!! LOL.
• My friend catched you on hidden cam
• Examiners Caught Downloading Grades From The Internet
• Is it really celebrity?
• You look so amazing funny on our new video
• Funny Moments

Avoid accessing the content of such messages and emails.

How do I remove the Koobface Virus?

As soon as you realize its presence, scan your computer with a good antivirus program.

This should be the first and foremost step.

Use the Add/Remove Program tool from your computer’s Control Panel to remove the Koobface virus.

Some of the Koobface files can restore themselves back on to your system.

Under such cases, it is better to delete it’s processes and registry files.

Its not too difficult and this is how you do it:

Press Alt + Ctrl + Delete to open the Task Manager
End all the Koobface processes such as
%SYSTEMROOT%\bolivar28.exe
che07.exe
bolivar28.exe
%WinDir%\system32\nScan\ekrn.exe
%WinDir%\system32\nScan\ecls.exe
%WinDir%\system32\splm\ncsjapi32.exe
%WinDir%\bolivar28.exe
C:\Windows\fbtre6.exe

Now you need find and remove it’s Registry Files.

Type “regedit” inside the RUN field and press ENTER to access the registry files of your computer.

Find all the Koobface Registry values installed on your system and delete them.

Below are a few examples of what you are looking for:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Intelli Mouse Pro Version 2.0B\StubPath: “%WinDir% \System32\splm\ncsjapi32.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\”systray” = “C:\Windows\fbtre6.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\*Intelli Mouse Pro Version 2.0B*: “%WinDir% \System32\splm\ncsjapi32.exe”
HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\RunOnce\*Intelli Mouse Pro Version 2.0B*: “%WinDir% \System32\splm\ncsjapi32.exe”
HKEY_USERS\Software\Microsoft\Windows\nScan32\ExecuteDate: “14\8\2008″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\”systray” = “c:\windows\mstre6.exe”
HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\Run\Intelli Mouse Pro Version 2.0B: “%WinDir% \System32\splm\ncsjapi32.exe”
HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden: “2”
HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating

Always update your Operating System and make sure that you always Turn On your Firewall settings.

And keep updating your antivirus program as this will be an effective first defence against the Koobface Virus.

Always take care when engaging in Social Networking activities – never visit strange websites and avoid accessing the URLs and content posted by strangers.

Surf Carefully To Keep Your Computer Healthy!

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Trackbacks

  1. […] a manner then expect an email from Twitter which will explain what has happened and how you can remove Koobface from your system. AKPC_IDS += […]

  2. […] Update : Here is my guide on removing Koobface. […]

Speak Your Mind

*