W32.Koobface.B

Posted by elise in Blog Latest Spyware Threats, Recent Articles, Worm on January 23rd, 2009 | Leave a comment
TAGS: , , ,

What is W32.Koobface.B?

W32.Koobface.B is a Windows platform network worm that spreads via social network sites such as Facebook and MySpace, in order to send users a copy of itself. This threat usually targets Facebook users by creating spam messages and sending them to the E-mail addresses within the victim’s system via the Facebook web site.

When the threat firstly executes, it automatically creates the following registry entry so that it runs whenever Windows system starts up: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\”systray” = “C:\Windows\fbtre6.exe” Then it will show up the error message saying: Error installing Codec. Please contact support. Moreover, W32.Koobface.B will check for social network cookies, and change your profile by adding links to hazardous sites that contain worms.

Download automatic scanner for W32.Koobface.B
Spyware Cease – the technology-oriented security protection that provides a risk-free computing environment for your home and office – with detection, removal and guard in one intuitive and straight-forward interface. Only Spyware Cease gives you individual fix against the most dangerous spyware problems.

Manual W32.Koobface.B removal instructions
WARNING: The manually removal method is for advanced users. W32.Koobface.B manually removal can be difficult and time-consuming. There is no guarantee that W32.Koobface.B can be completely removed, for there are hundreds of files generated when W32.Koobface.B installed on your system. Make sure to back up your computer in case that you make any mistakes and your system does not work.

Follow the instructions below for W32.Koobface.B removal manually:

Navigate and stop the W32.Koobface.B processes:
C:\Windows\fbtre6.exe

Navigate and delete W32.Koobface.B files:
C:\Windows\fmark2.dat
C:\Windows\fbtre6.exe

Navigate and remove W32.Koobface.B registry keys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\”systray” = “C:\Windows\fbtre6.exe”

What are the symptoms of W32.Koobface.B?

  • W32.Koobface.B may drop a malicious file
  • W32.Koobface.B may send spam E-mail
  • W32.Koobface.B may make use of software vulnerability
  • W32.Koobface.B may lead to registry modification

How do I keep away from W32.Koobface.B
Once you have cleaned up W32.Koobface.B, the most important point to prevent W32.Koobface.B and future malicious programs from reverting is to stay suspicious of spam E-mail attachment and unknown websites. Here are several ways in which you can help protect your computer against W32.Koobface.B and other malware:

  • Use a computer firewall
  • Confirm that you have downloaded all the latest critical security updates
  • Adjust Internet Explorer web browser’s security settings
  • Download and install anti-spyware protection, such as, Spyware Cease
  • Surf sites and download programs from the web sites you trust

What is Worm?
W32.Koobface.B is a type of Worm.

In a computer, a worm is a self-replicating computer program that does not alter files but resides in active memory. The difference between a computer worm and a computer virus is that a computer virus can not run itself. A virus usually needs a virus program to run, and the virus code also runs as part of the host program. However, a worm does not need a host program to run; it uses a network to spread itself over computers on the network.

The original computer worm was released (maybe accidentally) on the Internet by Robert Tappan Morris in 1988. The Internet Worm used sendmail, fingerd, and rsh/rexec to spread itself across the Internet.

The SQL Slammer Worm of 2003 used a vulnerability in Microsoft SQL Server 2000 to spread itself across the Internet. The Blaster Worm, also of 2003, used a vulnerability in Microsoft DCOM RPC to spread itself.

The Melissa worm of 1999, the Sobig worms of 2003 and the Mydoom worm of 2004, all spread through e-mail. These worms shared some features of a trojan horse, in that they spread by enticing a user to open an infected e-mail attachment.

Mydoom also attempted to spread itself through the peer-to-peer file sharing application KaZaA. The Mydoom worms attempted a Denial of Service (DoS) attack against SCO and Microsoft.

Worm/KillAV.GR

Posted by elise in Blog Latest Spyware Threats, Recent Articles, Top Parasite Threats, Top Spyware Threats, Worm on January 15th, 2009 | Leave a comment
TAGS: , , ,

What is Worm/KillAV.GR?
Worm/KillAV.GR is an E-mail and network worm for Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, and Windows XP. This worm automatically checks the system date and attempts to rewrite files with certain extensions (such as doc, xls, mdb, mde, ppt, pps, zip, rar, pdf, psd and dmp) on the third day of every month. This can result in loss of data in these files.

Worm/KillAV.GR propagates by spreading copies of itself to E-mail addresses that it harvests from files on the infected computer, using its own SMTP (Simple Mail Transfer Protocol) engine. Moreover, this worm deletes auto-start registry entries and related files of several programs, most of which are associated with antivirus and firewall applications.

Worm/KillAV.GR is also known as W32/MyWife.d@MM!M24 [McAfee], W32.Blackmal.E@mm [Symantec], Win32.Nyxem.E@mm [Bitdefender], W32/Nyxem-D [Sophos], WORM_GREW.A [Trend Micro], W32/Tearec.A.worm [Panda], Email-Worm.Win32.Nyxem.e [Kaspersky]

Do you have Worm/KillAV.GR?
If you have enough time and expertise, you can search your computer for Worm/KillAV.GR manually. However, it might take hours to find out all files of Worm/KillAV.GR, and it is possible that Worm/KillAV.GR will appear after rebooting, for its hidden files may still be there.

Download automatic scanner for Worm/KillAV.GR
Spyware Cease – the technology-oriented security protection that provides a risk-free computing environment for your home and office – with detection, removal and guard in one intuitive and straight-forward interface. Only Spyware Cease gives you individual fix against the most dangerous spyware problems.

Manual Worm/KillAV.GR removal instructions
WARNING: The manually removal method is for advanced users. Worm/KillAV.GR manually removal can be difficult and time-consuming. There is no guarantee that Worm/KillAV.GR can be completely removed, for there are hundreds of files generated when Worm/KillAV.GR installed on your system. Make sure to back up your computer in case that you make any mistakes and your system does not work.

Follow the instructions below for Worm/KillAV.GR removal manually:

Navigate and stop the Worm/KillAV.GR processes:
N/A

Navigate and delete Worm/KillAV.GR files:
%Windir%\Rundll16.exe
%System%\WINZIP_TMP.EXE
%System%\SAMPLE.ZIP
%System%\New WinZip File.exe
movies.exe
Zipped Files.exe
%System%\scanregw.exe
%System%\Winzip.exe
%System%\Update.exe

Navigate and remove Worm/KillAV.GR registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState

What are the symptoms of Worm/KillAV.GR?

  • Worm/KillAV.GR may block access to security websites
  • Worm/KillAV.GR may drop a malicious file
  • Worm/KillAV.GR may use its own Email engine to send E-mail
  • Worm/KillAV.GR may make use of software vulnerability
  • Worm/KillAV.GR may lead to registry modification

How do I keep away from Worm/KillAV.GR?
Once you have cleaned up Worm/KillAV.GR, the most important point to prevent Worm/KillAV.GR and future malicious programs from reverting is to stay suspicious of spam E-mail attachment and unknown websites. Here are several ways in which you can help protect your computer against Worm/KillAV.GR and other malware:

  • Use a computer firewall
  • Confirm that you have downloaded all the latest critical security updates
  • Adjust Internet Explorer web browser’s security settings
  • Download and install anti-spyware protection, such as, Spyware Cease
  • Surf sites and download programs from the web sites you trust

What is Worm?

Worm/KillAV.GR is a type of Worm.

In a computer, a worm is a self-replicating computer program that does not alter files but resides in active memory. The difference between a computer worm and a computer virus is that a computer virus can not run itself. A virus usually needs a virus program to run, and the virus code also runs as part of the host program. However, a worm does not need a host program to run; it uses a network to spread itself over computers on the network.

The original computer worm was released (maybe accidentally) on the Internet by Robert Tappan Morris in 1988. The Internet Worm used sendmail, fingerd, and rsh/rexec to spread itself across the Internet.

The SQL Slammer Worm of 2003 used a vulnerability in Microsoft SQL Server 2000 to spread itself across the Internet. The Blaster Worm, also of 2003, used a vulnerability in Microsoft DCOM RPC to spread itself.

The Melissa worm of 1999, the Sobig worms of 2003 and the Mydoom worm of 2004, all spread through e-mail. These worms shared some features of a trojan horse, in that they spread by enticing a user to open an infected e-mail attachment.

Mydoom also attempted to spread itself through the peer-to-peer file sharing application KaZaA. The Mydoom worms attempted a Denial of Service (DoS) attack against SCO and Microsoft.
.