PCBugSquad

Description:

WORM_KOOBFACE.AZ is a worm that targets social media sites. It does this by monitoring the cookies on your computer that contain login information to various social sites.  When login information is found it will login to your account and start sending messages to your friends and contacts on the site.  For example, if you use Facebook, it will login to your account and send all your friends messages about a video they should see. These messages will contain links to the infection that will further infect the person who visits the link.

The social sites that this infection monitors are:

• facebook.com
• hi5.com
• friendster.com
• myyearbook.com
• myspace.com
• bebo.com
• tagged.com
• netlog.com
• fubar.com
• livejournal.com

Once infected, the worm will create the file C:\Windows\freddy35.exe.  This file is the main program that sends infected messages to your friends. It will then create the follow registry key to start itself automatically:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”sysftray2″ = “%WinDir%\freddy35.exe”

Manual Removal Instructions for WORM_KOOBFACE.AZ

End these processes if they exist:
Learn how to end processes

freddy35.exe

Delete these files if they exist:
Lean how to remove files

C:\Windows\freddy35.exe

Remove these Registry keys if they exist:
Learn how to remove Windows Registry entries

Warning: Editing the Windows Registry incorrectly can cause problems with your computer that may cause it not to operate correctly.  Please edit the Registry only if you know what you are doing.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”sysftray2″

This entry was posted on Wednesday, March 4th, 2009 at 7:17 pm and is filed under Malware Removal Guide, Worms. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.