W32.Koobface.B

Posted by elise in Blog Latest Spyware Threats, Recent Articles, Worm on January 23rd, 2009 | Leave a comment
TAGS: , , ,

What is W32.Koobface.B?

W32.Koobface.B is a Windows platform network worm that spreads via social network sites such as Facebook and MySpace, in order to send users a copy of itself. This threat usually targets Facebook users by creating spam messages and sending them to the E-mail addresses within the victim’s system via the Facebook web site.

When the threat firstly executes, it automatically creates the following registry entry so that it runs whenever Windows system starts up: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\”systray” = “C:\Windows\fbtre6.exe” Then it will show up the error message saying: Error installing Codec. Please contact support. Moreover, W32.Koobface.B will check for social network cookies, and change your profile by adding links to hazardous sites that contain worms.

Download automatic scanner for W32.Koobface.B
Spyware Cease – the technology-oriented security protection that provides a risk-free computing environment for your home and office – with detection, removal and guard in one intuitive and straight-forward interface. Only Spyware Cease gives you individual fix against the most dangerous spyware problems.

Manual W32.Koobface.B removal instructions
WARNING: The manually removal method is for advanced users. W32.Koobface.B manually removal can be difficult and time-consuming. There is no guarantee that W32.Koobface.B can be completely removed, for there are hundreds of files generated when W32.Koobface.B installed on your system. Make sure to back up your computer in case that you make any mistakes and your system does not work.

Follow the instructions below for W32.Koobface.B removal manually:

Navigate and stop the W32.Koobface.B processes:
C:\Windows\fbtre6.exe

Navigate and delete W32.Koobface.B files:
C:\Windows\fmark2.dat
C:\Windows\fbtre6.exe

Navigate and remove W32.Koobface.B registry keys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\”systray” = “C:\Windows\fbtre6.exe”

What are the symptoms of W32.Koobface.B?

  • W32.Koobface.B may drop a malicious file
  • W32.Koobface.B may send spam E-mail
  • W32.Koobface.B may make use of software vulnerability
  • W32.Koobface.B may lead to registry modification

How do I keep away from W32.Koobface.B
Once you have cleaned up W32.Koobface.B, the most important point to prevent W32.Koobface.B and future malicious programs from reverting is to stay suspicious of spam E-mail attachment and unknown websites. Here are several ways in which you can help protect your computer against W32.Koobface.B and other malware:

  • Use a computer firewall
  • Confirm that you have downloaded all the latest critical security updates
  • Adjust Internet Explorer web browser’s security settings
  • Download and install anti-spyware protection, such as, Spyware Cease
  • Surf sites and download programs from the web sites you trust

What is Worm?
W32.Koobface.B is a type of Worm.

In a computer, a worm is a self-replicating computer program that does not alter files but resides in active memory. The difference between a computer worm and a computer virus is that a computer virus can not run itself. A virus usually needs a virus program to run, and the virus code also runs as part of the host program. However, a worm does not need a host program to run; it uses a network to spread itself over computers on the network.

The original computer worm was released (maybe accidentally) on the Internet by Robert Tappan Morris in 1988. The Internet Worm used sendmail, fingerd, and rsh/rexec to spread itself across the Internet.

The SQL Slammer Worm of 2003 used a vulnerability in Microsoft SQL Server 2000 to spread itself across the Internet. The Blaster Worm, also of 2003, used a vulnerability in Microsoft DCOM RPC to spread itself.

The Melissa worm of 1999, the Sobig worms of 2003 and the Mydoom worm of 2004, all spread through e-mail. These worms shared some features of a trojan horse, in that they spread by enticing a user to open an infected e-mail attachment.

Mydoom also attempted to spread itself through the peer-to-peer file sharing application KaZaA. The Mydoom worms attempted a Denial of Service (DoS) attack against SCO and Microsoft.