What is KoobFace

Once it gets on a machine, it checks if there are cookies of social networks. If it finds the cookies, it infects victim’s profile. If Koobface worm can’t find evidence of social networking websites, it simply erases itself.

The Koobface.b virus, which targets Facebook users, creates spam messages and sends them to the infected users’ friends via the messaging system on Facebook.

The spam messages and comments include text links such as Paris Hilton Tosses Dwarf On The Street; Examiners Caught Downloading Grades From The Internet; Hello; You must see it!!! LOL. My friend catched you on hidden cam; Is it really celebrity? Funny Moments and many, many others.

Technical Details of KoobFace

  • Full name: KoobFace, win32.KoobFace, BoFace
  • Date Appeared: July 2008
  • Characteristic: Virus
  • URL:

Do I need to remove KoobFace

You can yourself search your computer manually, but it is not recommended unless you are a tech-geek. To save time and effort, we recommend you to download a FREE Scanner.

> > > Download < < <

Free Scanner for KoobFace

.

How to Uninstall KoobFace scam

The best way for the removal of KoobFace is to install a good quality Anti-spyware Program and scan your system for any KoobFace infections.

Automatic removal of KoobFace is always good and complete as compared to any attempts to manually remove KoobFace, which may sometime lead to erroneous results. If you are not completely aware of all the files and registry entries used by this rogue anti-spyware, then we do not recommend you to attempt for the manual removal of KoobFace.

Instructions to get rid of KoobFace

If you really want to remove the KoobFace infection on your system manually then proceed as follows.

Step 1: Kill the KoobFace ProcessesLearn how to do that

  1. %SYSTEMROOT%\bolivar28.exe
  2. che07.exe
  3. bolivar28.exe
  4. %WinDir%\system32\nScan\ekrn.exe
  5. %WinDir%\system32\nScan\ecls.exe
  6. %WinDir%\system32\splm\ncsjapi32.exe
  7. %WinDir%\bolivar28.exe
  8. C:\Windows\fbtre6.exe

Step 2: Remove KoobFace files, folders and all associated KoobFace DLL files:Learn how to do that

%WinDir%\system32\nScan\ekrnEmon.dll
%WinDir%\system32\nScan\ekrnScan.dll
%WinDir%\system32\nScan\ekrnEpfw.dll
%WinDir%\system32\nScan\ekrnAmon.dll
%WinDir%\system32\splm\lmfunit32.dll
%WinDir%\system32\splm\mcaserv32.dll
%WinDir%\system32\splm\kbdsapi.dll

Step 3: Uninstall KoobFace registry entries: Learn how to do that

  1. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Intelli Mouse Pro Version 2.0B\StubPath: “%WinDir% \System32\splm\ncsjapi32.exe”
  2. HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\RunOnce\*Intelli Mouse Pro Version 2.0B*: “%WinDir% \System32\splm\ncsjapi32.exe”
  3. HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\Run\Intelli Mouse Pro Version 2.0B: “%WinDir% \System32\splm\ncsjapi32.exe”
  4. HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden: “2”
  5. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\*Intelli Mouse Pro Version 2.0B*: “%WinDir% \System32\splm\ncsjapi32.exe”
  6. HKEY_USERS\Software\Microsoft\Windows\nScan32\ExecuteDate: “14\8\2008”
  7. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\”systray” = “c:\windows\mstre6.exe”
  8. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\”systray” = “C:\Windows\fbtre6.exe”
  9. HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating

Free Scan for KoobFace