Edited by james42519, 22 December 2009 - 01:55 AM.
Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.
think have the facebook koobface worm.
Started by
james42519
, Dec 22 2009 12:59 AM
4 replies to this topic
#1
james42519
-
- Members
- 47 posts
- OFFLINE
- Gender:Male
- Location:pulaski ky
- Local time:01:09 PM
Posted 22 December 2009 - 12:59 AM
ok this is my moms computer and get a popup from avira when turn computer on that there is worm/koobface.aeh detected. i click onto deny access so far. this computer is windows vista. what should i do? thank you.
Back to top
#2
cookmiester
-
- Members
- 65 posts
- OFFLINE
- Gender:Male
- Location:Stoke-on-Trent
- Local time:05:09 PM
Posted 22 December 2009 - 05:17 AM
We can establish if you have all of the koobface virus by, A. If your getting search redirects, B. You can see remote control of the computer, the remote controller is abusing it, and C. Your getting rouge anti-virus software installed. If so, then you have koobface. To stop this problem, do the following. Subscribe to this topic so when i reply, you don't have to keep checking up on the forum. Download MalwareBytes Anti-Malware on a CLEAN computer as koobface blocks access to known security websites. When downloaded, rename to zztoy.exe, and put it on a removable disk, e.g flash drive. Install the software and MAKE SURE YOU UPDATE THE SOFTWARE. Ok, then run a FULL SCAN, and then post us your log. I'll be waiting.
EDIT: The Microsoft Malicious Software Removal Tool will also be able to combat koobface as well. So give that a go.
EDIT: The Microsoft Malicious Software Removal Tool will also be able to combat koobface as well. So give that a go.
Edited by cookmiester, 22 December 2009 - 05:19 AM.
#3
james42519
- Topic Starter
-
- Members
- 47 posts
- OFFLINE
- Gender:Male
- Location:pulaski ky
- Local time:01:09 PM
Posted 22 December 2009 - 02:32 PM
ok took awhile. looks like it is not doing the stuff you said because antivirus is stoping it when it trys to start. here is the log and i click on remove selected. hope that was right.
Malwarebytes' Anti-Malware 1.42
Database version: 3409
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865
12/22/2009 1:33:13 PM
mbam-log-2009-12-22 (13-33-13).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 266859
Time elapsed: 1 hour(s), 27 minute(s), 36 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\ProgramData\03184420 (Rogue.Multiple) -> Quarantined and deleted successfully.
Files Infected:
C:\Users\Diane\Desktop\RetrogamerSetup2.3.50.49.RGfox000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Users\Diane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.42
Database version: 3409
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865
12/22/2009 1:33:13 PM
mbam-log-2009-12-22 (13-33-13).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 266859
Time elapsed: 1 hour(s), 27 minute(s), 36 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\ProgramData\03184420 (Rogue.Multiple) -> Quarantined and deleted successfully.
Files Infected:
C:\Users\Diane\Desktop\RetrogamerSetup2.3.50.49.RGfox000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Users\Diane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.
Edited by james42519, 22 December 2009 - 02:34 PM.
#4
cookmiester
-
- Members
- 65 posts
- OFFLINE
- Gender:Male
- Location:Stoke-on-Trent
- Local time:05:09 PM
Posted 23 December 2009 - 06:12 AM
Ok, we have removed some of koobface by doing this now. The next phase i reccomend you do is on a clean computer again download SUPERantispyware, then run a scan with that, but update the software first. Then post your log of that and we will see what the next cause of action is. Oh and like i said on my first post. Use the Microsoft Malicious Software Removal Tool. http://www.microsoft.com/downloads/details...;displaylang=en
#5
mov cx ax
-
- Members
- 22 posts
- OFFLINE
- Location:NYC
- Local time:12:09 PM
Posted 27 December 2009 - 11:25 AM
Note: Oh And After You Kill this Worm, You Might Want To Change Facebook , Twitter , Im And Email Passwords Just To Be safe
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
