Guide To Remove Koobface Virus

Koobface is the name of a harmful computer virus that made its first appearance in the cyber-world in December 2008. It became one of the most devastating internet viruses in 2009. After being quiescent for years, it re-emerged in year 2013, causing havoc across the world.

Social Engineering & phishing are the best used propagation medium used for this Virus to spread.

Threat Summary

Insight into Koobface Virus & its Threat Behavior

The old computer viruses & worms are as dangerous today as they were at their outset. Some could even make a come-back after being dormant for years & that too a horrific one!

Koobface Malware (often known as Virus or worm) ranks amongst such viruses that uses social networking sites & spam e-mail campaigns to infect the system & steal data.

The behavioral analysis of Koobface Virus has revealed that it can impact e-mails, VOIP (such as Skype, Team Speak, Ventrilo) & social networking sites running on Microsoft, Linux & Mac Systems.

First surfaced to lime-light in December 2008, Koobface Virus is known for creeping into a large number systems across the globe. This devious virus re-emerged in year 2013 after being dormant for years, causing twice the harm in just 3 months if compared to all the attacks reported in year 2009.

Major countries such as the United States, Australia & Europe have been on the target of Koobface Virus. The most recent attack of Koobface was reported in year 2016 in United States.

According to a report by FBI, the cyber-criminals exploited social media to commit over 18,712 crimes online, leading to an overall loss of $66.4 Millions.

Threats Posed by Koobface Virus–

Koobface spreads its infection in many delivery methods such as spam e-mail campaigns, private messaging on social media networks, clicking on/visiting malicious websites & unreliable software download/updates sites.

Reports by cyber-security analysts revealed that Koobface Virus proliferate the networks of major social sites such as Facebook, Twitter, Skype and Gmail to steals sensitive information, financial data & login credentials of the victims.

The threat begins with arrival of some automated messages or e-mails with weird & enticing titles such as – Paris Hilton Tosses Dwarf On The Street, My friend catched you on hidden camera, You were seen on our secret camera, Examiners Caught Downloading Grades From The Internet, Funny Moments, I saw your silly face in that movie, check it! & so on.

A mere click on these spam e-mails & messages could invite & install this menacing virus on your system.

Once the virus has entered your system, it spreads rapidly, rendering the system performance slow & sluggish.

An executable file named tinyproxy.exe is dumped onto the system. The file hijacks your system & allows it automatic operation, making it exposed to other malign infections.

Koobface may not delete the files, but perform some Execution errors that might happen while you start computer or any program.

Common Errors that you may experience are mentioned below-

1. Appearance of potential red flags such as “increased use of RAM & CPU”
2. Appearance of random unknown errors & sudden crashes.
3. The system can become sluggish.
4. Creeping system startup & performance
5. Appearance of Unexpected & infuriating pop-up windows

Few of the Koobface files detected by the security analysts include- Fbtre6.exe, Mstre6.exe, Freddy35.exe, Websrvx.exe, Captcha6.exe, Bolivar28.exe, Ld05.exe, Ld11.exe and Ld12.exe.

Apart from performing execution errors, Koobface tracks & records data on victim’s computer such as-

• Login Credentials to Social Networking sites
• Credit Card & Banking Information
• Contact List in your e-mail & social media accounts
• Technical Information of your system such as IP address, OS Version, Browser & version

Classified as a bot, Koobface Virus allows the infected systems to connect back to the C&C (Control & Command Server) & transmits the stolen data. The stolen can be used to gain illicit access to your accounts, leading to financial losses & identity theft. The cyber-criminals can send malicious files/download links to the contacts of the hijacked accounts, thus leading to a wide-spread propagation of infection.

As the number of infected systems increases, cyber-criminals form a robot network which is known as “botnet”.

By using the botnet, cyber-criminals –

• Give instructions to the infected PC
• Run any software of their choice
• Install Malware (Trojan, Ransomware and Adware) on the system.
• Block certain websites
• Steal License Keys
• Modify System Files
• Inject adverts, pop-ups in to browsers

Distribution Techniques

The chief methods used for the propagation of this virus include social engineering & phishing. The cyber-criminals send hundreds of thousands of deceptive e-mails with enticing subject-lines, hence encouraging the users to open it. These e-mails contain malicious attachments, links & files. A mere click on such e-mails installs Virus on to their systems.

Other spreading techniques employed by hackers for the propagation of Koobface includes-

• Unauthorized software download websites
• Freeware & Shareware download websites
• Free file-hosting sites, Network File Sharing
• Fake software updates/cracks
• Fake Adobe Flash Player Updates

How to Remove Koobface Virus from the System-

 STEP A: Remove the malicious files from System Configuration Settings

1. Type “Msconfig” in search box / Run Box, select it and press Enter.
2. Click on “Services” Tab and click on “Hide all Microsoft services”.
3. Select Koobface Virus from the list of remaining services and disable it by removing the tick mark from the checkbox and click on Apply button.

STEP B: Delete suspicious file from the Registry Key

1. Type “Regedit” in search box / Run Box, select it and press Enter.
2. An authorization dialog box will appear, then you just have to click “Yes”. (The dialog box appearance may vary depending on OS used. For Windows 10 the the dialog box looks like the first screenshot and for windows 7 it appears like the second screenshot)
3. In the registry editor, take the backup of the current registry settings before making any changes in case you want to revert to old settings later. For this, Click on File option in the menu and select Export. Save the entry at a known location.
4. From the Menu, Click Edit and Select Find.
5. Enter Koobface Virus and click Ok in the search box.
6. Select and delete suspicious  enteries.

STEP C: Reboot Your System to Safe mode with Networking

To restart the system to Safe Mode with Networking,  if already switched ON then follow the below steps:

Tips to prevent your computer system from getting infected –

1. Keeping the Operating System Updated- In order to remain protected and avoid such infections, it is recommended to keep your Operating System updated by enabling the automatic update on your system. The systems with outdated or older versions of Operating System become an easy target for the attackers.
2. Resist clicking on spam emails – One of the major techniques used for malware distribution is forwarding spam emails to the user. The system gets infected as soon as the user clicks on the attachment. These mails appear to be genuine, so be aware and resist falling for these tricks.
3. Keep an eye on third party installations- It is quite important that you take due care while installing any third party applications for they are major source of such infections. Such malware programs come bundled with the free applications thereby requiring the user to remain cautious.
4. Regular periodical backup- In order to keep your data and files safe, it is recommended to take regular back up of all your data and files either on an external drive or cloud.
5. Use Anti-Virus Protection- We strongly recommend the use of antivirus protection/internet security in your PC like Kaspersky, Vipre and Hitman Pro so that it remains safe.
6. Enable the Ad Blocker/Popup Blocker in your browser- Enabling the popup blocker/ ad blocker in your chosen browser will help you to stay protected from annoying adware.

Hits: 156