Koobface is the latest buzz in the arena of computers.
No it is not a web service, and neither is it an amazing software package.
Koobface is actually the latest Internet worm which targets the popular social networking sites.
Many Facebook users have already been infected by this highly contagious Internet worm.
Why Koobface targets Social Networking sites
Social networking has become a daily activity of nearly every Internet user and that is the reason why the Koobface creators have decided to make users of social networks their targets.
Koobface spreads rapidly once it enters your computer, leading to slow and sluggish performance.
It dumps a ‘tinyproxy.exe” file on to your computer which then hijacks your machine and leads to its automatic operation, leaving it very vulnerable.
How to avoid the Koobface Virus
It starts with the arrival of some automated messages or emails having catchy or weird titles like:
• Paris Hilton Tosses Dwarf On The Street
• You must see it!!! LOL.
• My friend catched you on hidden cam
• Examiners Caught Downloading Grades From The Internet
• Is it really celebrity?
• You look so amazing funny on our new video
• Funny Moments
Avoid accessing the content of such messages and emails.
How do I remove the Koobface Virus?
As soon as you realize its presence, scan your computer with a good antivirus program.
This should be the first and foremost step.
Use the Add/Remove Program tool from your computer’s Control Panel to remove the Koobface virus.
Some of the Koobface files can restore themselves back on to your system.
Under such cases, it is better to delete it’s processes and registry files.
Its not too difficult and this is how you do it:
Press Alt + Ctrl + Delete to open the Task Manager
End all the Koobface processes such as
%SYSTEMROOT%\bolivar28.exe
che07.exe
bolivar28.exe
%WinDir%\system32\nScan\ekrn.exe
%WinDir%\system32\nScan\ecls.exe
%WinDir%\system32\splm\ncsjapi32.exe
%WinDir%\bolivar28.exe
C:\Windows\fbtre6.exe
Now you need find and remove it’s Registry Files.
Type “regedit” inside the RUN field and press ENTER to access the registry files of your computer.
Find all the Koobface Registry values installed on your system and delete them.
Below are a few examples of what you are looking for:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Intelli Mouse Pro Version 2.0B\StubPath: “%WinDir% \System32\splm\ncsjapi32.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\”systray” = “C:\Windows\fbtre6.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\*Intelli Mouse Pro Version 2.0B*: “%WinDir% \System32\splm\ncsjapi32.exe”
HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\RunOnce\*Intelli Mouse Pro Version 2.0B*: “%WinDir% \System32\splm\ncsjapi32.exe”
HKEY_USERS\Software\Microsoft\Windows\nScan32\ExecuteDate: “14\8\2008″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\”systray” = “c:\windows\mstre6.exe”
HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\Run\Intelli Mouse Pro Version 2.0B: “%WinDir% \System32\splm\ncsjapi32.exe”
HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden: “2″
HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating
Always update your Operating System and make sure that you always Turn On your Firewall settings.
And keep updating your antivirus program as this will be an effective first defence against the Koobface Virus.
Always take care when engaging in Social Networking activities – never visit strange websites and avoid accessing the URLs and content posted by strangers.
Surf Carefully To Keep Your Computer Healthy!
{ 2 trackbacks }
{ 0 comments… add one now }