Koob face hitting facebook & other Social Networking sites

Written by b4bahrain

Topics: Internet

A virus Koob-face  is hitting the facebook. Koob-face is worm  that attacks facebook currently but has been targeted  social networking sites like myspace, Hi5, Bebo.

As we know facebook is famous social networking site which includes 120 million users. Koob-face uses facebook ‘s private  messaging system. When user open his account in facebook then virus gets into user’s computer then it creates spam messages and sends them to the infected user’s friends. After that this worm tries to steal  secret information from your PC  like credit card number , bank account etc.

As koob-face is a worm it spreads itself by sending messages from infected user account to all other user’s friends with subject like “watch this video” , “you look stupid in this vid”, Paris Hilton Tosses Dwarf On The Street, Hello; You must see it!!!. These messages include links which bring user to third party site where they asked from some downloading or updating of software like flash player which is actually virus file… that is point where user starts downloading without thinking. Once the worm is installed it starts its working.

Remove Koob Face Virus From Your Computer

It is very hard to remove this worm from your computer because it is polymorphism worm which is difficult to detect. We can remove it through malware a cleaner that is more preferable but you can also clean your system from this worm manually by following the instructions:

1. Click start on the taskbar, and then click “My Computer.”

2. Hit F3 and select “All Files and Folders and search “Koobface.”

3. Copy the file path of Koobface.

4. Open “Task Manager” this can be done by eithering holding Ctrl+Alt+Del or clicking “Start” and then “Run” and type “taskmgr.exe”

5. You must disable Koobface’s process first.

6. Next you must disable the other following processes

1. %SYSTEMROOT%bolivar28.exe

2. bolivar28.exe

3. che07.exe

4. %WinDir%system32nScanecls.exe

5. %WinDir%system32nScanekrn.exe

6. %WinDir%system32splmncsjapi32.exe

7. %WinDir%bolivar28.exe

8. C:Windowsfbtre6.exe

Now that this is done, it is time to go into the registry and remove this worm.

1. Click “Start” “Run” and type “Regedit”

2. Locate and delete these registry files

1. HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled ComponentsIntelli Mouse Pro Version 2.0BStubPath: “%WinDir% System32splmncsjapi32.exe

2. HKEY_USERSSoftwareMicrosoftWindowsCurrentVersionRunOnce*Intelli Mouse Pro Version 2.0B*: “%WinDir% System32splmncsjapi32.exe”

3. HKEY_USERSSoftwareMicrosoftWindowsCurrentVersionExplorerAdvancedHidden: “2”

4. HKEY_USERSSoftwareMicrosoftWindowsCurrentVersionRunIntelli Mouse Pro Version 2.0B: “%WinDir% System32splmncsjapi32.exe”

5. HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunOnce*Intelli Mouse Pro Version 2.0B*: “%WinDir% System32splmncsjapi32.exe”

6. HKEY_USERSSoftwareMicrosoftWindowsnScan32ExecuteDate: “1482008”

7. HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrent VersionRun”systray” = “C:Windowsfbtre6.exe”


9. HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrent VersionRun”systray” = “c:windowsmstre6.exe”

Now we must unregister these dll files in Command Prompt.

1. Click “Start”, “Run”, and type “cmd”

2. Now locate and the follwing dll files by typing dir and then the following:

1. %WinDir%system32nScanekrnScan.dll

2. %WinDir%system32nScanekrnEpfw.dll

3. %WinDir%system32nScanekrnEmon.dll

4. %WinDir%system32splmlmfunit32.dll

5. %WinDir%system32splmkbdsapi.dll

6. %WinDir%system32nScanekrnAmon.dll

7. %WinDir%system32splmmcaserv32.dll

now that you have the paths for those now we can change it type “cd” then a space and type the dll path for all of those, and hit eneter and now unregister them.

Now unregister each and by using the following format “path+’regsvr32/u’+dll name”

But don’t do this, it can harm your computer always go for anti-malware software.

Facebook and McAfee is working together to solve this problem it will take some time.

In mean time, by avoiding unexpected email attachments, videos or other links we can protect our PCs.



7 Comments For This Post I'd Love to Hear Yours!

  1. sweety says:

    This is another version of koob face warm hitting facebook

  2. Nasim says:

    Hey Wooooooooooooooooooow i sucessfully removed koob face from my computer.


  3. Nasim says:

    Facebook must be introduce any tool to automatically get rid from it. Removing koob-face warm from computer is too hard.

  4. Zainoob says:

    Thank you soo much i have successfully removed koob face virus from my computer by your registry editor.

  5. Zainoob says:

    I am using my facebook regularly but i think my Avira anti-virus is removed it because i update my anti virus daily.

  6. Jhon Albert says:

    Koob Face virus is attacking facebook for private data, koob face virus attack on facebook. facbook is unable to stop koob face

  7. Rahel says:

    Facebook is in under very high suspense mode becuase koob face still attacking facebook.com

Trackbacks For This Post

  1. Tweets that mention Koob face hitting facebook & other Social Networking sites | Stylo Soft -- Topsy.com
  2. Koob Face Virus hitting Facebook Get Rid From It · marketing

Leave a Comment Here's Your Chance to Be Heard!