SysChat

SysChat (http://www.syschat.com/forum.php)
-   Security (http://www.syschat.com/tips-n-tricks/security/)
-   -   How to remove Koobface Virus? (http://www.syschat.com/how-to-remove-koobface-virus-5052.html)

Sajid 10-24-2009 11:03 PM

How to remove Koobface Virus?
 
Koobface is the latest buzz in the arena of computers. No it is not a web service, neither it is an amazing software package. Koobface is actually the latest Internet worm which targets the popular social networking phenomenon. Many of the Facebook users have already been infected by this highly contagious Internet worm.

Why Is Your Computer Prone To Fall Its Prey?

Social networking has become a daily activity of every Internet user and that is the reason that Koobface creators have decided to make users of social networks as their targets. Koobface spreads rapidly once it enters your computer leading to slow and sluggish performance. It dumps 'tinyproxy.exe' file on to your computer which hijacks your machine and leads to its automatic operation leaving it very vulnerable.

How to Stay Away From Koobface Virus?

It starts with the arrival of some automated messages or emails having catchy or wired titles like:
  • Paris Hilton Tosses Dwarf On The Street
  • You must see it!!! LOL.
  • My friend catched you on hidden cam
  • Examiners Caught Downloading Grades From The Internet
  • Is it really celebrity?
  • You look so amazing funny on our new vide
  • Funny Moments
Avoid accessing content of such messages and emails.

How to Remove Koobface Virus?

• As soon as you realize its presence, scan your computer with a good anti-virus program. This should be the first and foremost step.

• Use the Add/Remove Program tool from your computer’s Control Panel to remove the Koobface malicious program.

• Some of the Koobface malicious programs restore back on to your system. Under such case, it is better to delete its processes and registry files. It is not that much difficult, as below steps will help you with the same:

Press Alt + Ctrl + Delete to open the Task Manager
End all the Koobface processes such as

Code:

%SYSTEMROOT%\bolivar28.exe
che07.exe
bolivar28.exe
%WinDir%\system32\nScan\ekrn.exe
%WinDir%\system32\nScan\ecls.exe
%WinDir%\system32\splm\ncsjapi32.exe
%WinDir%\bolivar28.exe
C:\Windows\fbtre6.exe

Now you need find and remove its Registry Files.

Type “regedit” inside the RUN field and press ENTER to access the registry files of your computer.

Find all the Koobface Registry values installed on your system and delete them. Below are few of its examples:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Intelli Mouse Pro Version 2.0B\StubPath: "%WinDir% \System32\splm\ncsjapi32.exe"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr ent Version\Run\"systray" = "C:\Windows\fbtre6.exe"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce\*Intelli Mouse Pro Version 2.0B*: "%WinDir% \System32\splm\ncsjapi32.exe"
  • HKEY_USERS\Software\Microsoft\Windows\CurrentVersi on\RunOnce\*Intelli Mouse Pro Version 2.0B*: "%WinDir% \System32\splm\ncsjapi32.exe"
  • HKEY_USERS\Software\Microsoft\Windows\nScan32\Exec uteDate: "14\8\2008"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr ent Version\Run\"systray" = "c:\windows\mstre6.exe"
  • HKEY_USERS\Software\Microsoft\Windows\CurrentVersi on\Run\Intelli Mouse Pro Version 2.0B: "%WinDir% \System32\splm\ncsjapi32.exe"
  • HKEY_USERS\Software\Microsoft\Windows\CurrentVersi on\Explorer\Advanced\Hidden: "2"
  • HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\ Navigating

Always update your Operating System and make sure that you always Turn On your Firewall settings. And keep updating your anti-virus program as it will be the first to intimate you about the arrival of deadly Koobface Virus.

One serious advice is that be careful while you are involved in Social Networking activities. Never ever visit the strange websites and avoid accessing the URLs and content posted by strangers.

Surf Carefully To Keep Your Computer Healthy!


All times are GMT -4. The time now is 07:50 PM.


Copyright © 2005-2013 SysChat.com


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54