Search This Blog

Beware of Koobace ~ Facebook worm virus

Attention to all Facebook users. Beware of a computer virus called Koobace.

Koobace attacks users via messages posted by social networking site friends inviting you to scope out a video. Here are some examples of the message:

"Hey, I have this hilarious video of you dancing. Your face is so red. You should check it out"

"You look just awesome in this new movie"

The message invited to click on a provided link to download the video.
Never ever click the link!
Once the link is clicked, Koobface prompts you to download a fake updated Adobe Systems Flash player before the video can be displayed.
Of course therein lays the virus, cloaked in a "flash_player.exe" file.

Koobface transforms your machine into zombie computer that form numbers of robot that run autonomously and automatically.
When your computer infected by Koobface, it prompts a downloaded service named Security Accounts Manager (SamSs) to load on start-up.
This system proxy all outgoing HTTP traffic, stealing results from popular search engines (such as Google, Yahoo, and MSN) and hijacking them to lesser-known search sites.
In simpler words, the virus infect your computer system by manages your connectivity to the internet.

To avoid Koobface attack, alert for fraud messages. The messages you tend to get don't look quite right. You can usually spot this mess by weird titles such as following:

"Paris Hilton Tosses Dwarf On The Street"

"My friend catched you on hidden cam"

"yoour blushingg afce is so funny!"

These funny and wrongly spelled titles are obvious indicators that you're being attacked. Ignore all these mess.
Straightly delete all these messages if you received them.

If your computer was hit by Koobface, run updated antivirus software immediately, delete contaminated e-mails and change your Facebook password. This instruction has been provided by Facebook at

If the problem still not solved, you may try this alternative:

1) Stop tinyproxy from managing your internet access.

-Internet explorer user:

From the menu select Tools - Internet Options - "Connections" Tab - Lan Settings - Uncheck "use a proxy server" or reconfigure your proxy settings if you were using one previously.

-Firefox user:

From the menu select Tools - Options - Advanced Tab - Network Tab - Settings under "Connection" - Select "No Proxy", or, if you were using a proxy previously, reconfigure your settings to how you had them previously.

2) Stop the virus.

Open up Windows Task Manager (ctrl+alt+delete)
Go to the processes tab
Right click on the process named "tinyproxy.exe" and select "end process"
Windows will appeared and select "Restart Later" (or equivalent)
Close task manager

3) Stop the start up service.

Open run (Window key + r)
Type msconfig
Go to the "Startup" tab
Find and uncheck "Bolivar28". The number after "Bolivar"may differ.
Click "Ok".
Windows will appeared and select "Restart Later" (or equivalent)

4) Delete the virus.

Go to the program files directory (usually C://Program Files)
Look for the "TinyProxy" and "ProtectService"(if available) folder.
Delete the file/s (right click, select delete).

5) Delete a few files in your windows directory.

Go to Windows directory
From the menu select "Tools"
Select "Folder Options"
Select the "View" tab
Under "Hidden files and folders", select "show hidden files and folders"
Uncheck "Hide protected operating system files".
Click OK
Scroll down, look for, and delete files with the following names:
bolivar26.exe, bolivar28.exe, fmark2.dat, f49f4d98.dat, and kenny*.exe (if available)

6) Restart your computer.

Your computer should be OK. If the problem still occurred, you may ask professional out there.

No comments:

Related Posts with Thumbnails