Archive for the 'Worms' Category

How to remove the WORM_KOOBFACE.D Facebook worm.

Tuesday, August 19th, 2008

The WORM_KOOBFACE.D worm is malware that spreads itself through the online social site called Facebook.  When a user becomes infected with this worm, it will install a copy of itself as C:\Windows\fbtre6.exe and then further download the following files:

  • C:\5465465465463.BAT
  • C:\Windows\fmark2.dat

When fbtre6.exe is run it will display the following message in Windows:

Error installing Codec. Please contact support.

It is important to note that this infection will delete itself if it detects that you have not used Facebook.com on the infected computer.  If Facebook cookies are found, though, it will add a link to a location where it can be downloaded in the infected user’s Facebook profile.  It is through these links in infected user’s profiles that the infection spreads.

Automatic Removal Method

If you are infected with this malware, then we suggest you use Trend Micro antivirus to remove this infection. It is know to be able to remove this malware and it is included in its current virus definitions.

DownloadDownload Trend Micro Antivirus to scan your computer

Manual Removal Instructions for

End these processes:

Learn how to end processes

fbtre6.exe


Delete these files:
Lean how to remove files

C:\Windows\fbtre6.exe
C:\5465465465463.BAT
C:\Windows\fmark2.dat

Remove these Registry keys:

Learn how to remove Windows Registry entries

Warning: Editing the Windows Registry incorrectly can cause problems with your computer that may cause it not to operate correctly.  Please edit the Registry only if you know what you are doing.  Otherwise, please use the automated removal method above.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
sysftray = “C:\Windows\fbtre6.exe”

Posted in Backdoor, Malware Removal Guide, Trojan, Worms | No Comments »

How to remove the WORM_SOHANAD.DR infection

Wednesday, August 13th, 2008

The WORM_SOHANAD.DR worm is once that propogates as an attachment to email messages that are spammed by other malware or users.  It is also possible, that this worm can be installed via other malware that download and install it on your computer.  When infected the following files will be created on your computer:

  • C:\Windows\dc.exe
  • C:\Windows\SVIQ.EXE
  • C:\Windows\System\Fun.exe

Once running, the worm will read your Outlook address book and spam all of the addresses in your address book with emails containing the attachments:

  • dc.exe
  • Fun.exe

Automatic Removal Method

If you are infected with this malware, then we suggest you use Trend Micro antivirus to remove this infection. It is know to be able to remove this malware and it is included in its current virus definitions.  A big thumbs up for Trend Micro for being able to remove this infection so quickly.

DownloadDownload Trend Micro Antivirus to scan your computer

Manual Removal Instructions for

End these processes:

Learn how to end processes

dc.exe
sviq.exe
fun.exe


Delete these files:
Lean how to remove files

C:\Windows\dc.exe
C:\Windows\SVIQ.EXE
C:\Windows\System\Fun.exe

Remove these Registry keys:

Learn how to remove Windows Registry entries

Warning: Editing the Windows Registry incorrectly can cause problems with your computer that may cause it not to operate correctly.  Please edit the Registry only if you know what you are doing.  Otherwise, please use the automated removal method above.

HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Run
dc = “C:\Windows\dc.exe”
dc2k5 = “C:\Windows\SVIQ.EXE”
Fun = “C:\Windows\System\Fun.exe”

Posted in Malware Removal Guide, Worms | No Comments »