Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

Cannot get rid of koobface

  • 1.  Cannot get rid of koobface

    Posted Jul 27, 2009 11:43 AM
    Hello all,
    I've been trying for days, with no avail, to get rid of the koobface virus on my computer.  I've run symantec several times, somtimes it comes up clean sometimes it finds the bugs but never has it found what  keeps downloading it back onto my computer.

    I've run symantec several times. Sometimes it finds the virus and its other processes and sometimes it doesn't. I thought i got rid of everything on my computer when i shut it down a few days ago but when i started it up this morning it was back. I've once again run symantec and deleted everything i could but i think my anti virus is missing something. I believe there is a file on my computer that goes undetected and keeps re-downloading this virus. Can someone please help? Idk what to do anymore :(


  • 2.  RE: Cannot get rid of koobface

    Posted Jul 27, 2009 11:56 AM
    Hi,

    which one of these risk do you have?

    HTTP W32 Koobface File Download
    HTTP W32 Koobface Activity
    W32.Koobface.B
    W32.Koobface.A

    Check it in your security and risk logs.

    Regards,




  • 3.  RE: Cannot get rid of koobface

    Posted Jul 27, 2009 09:52 PM
    I would suggest you to call the support & run the ESUG loadpoint & they will help you to submit some suspected files.


  • 4.  RE: Cannot get rid of koobface

    Posted Jul 27, 2009 11:29 PM
    Please try the follow the instruction given below

    http://www.symantec.com/security_response/writeup.jsp?docid=2008-080315-0217-99&tabid=3


  • 5.  RE: Cannot get rid of koobface

    Posted Jul 28, 2009 03:13 AM
    Run the TrendMicro HijackThis tool to find out which BHO's (Browser Helper Objects) are still being loaded by the threat. Once those have been identified, use the HijackThis console to remove them completely.

    ESUG will only help to identify standard locations where the files are loaded, and not ALL the new places where such nasty stuff loads itself apart from the standard load points.

    HTH


  • 6.  RE: Cannot get rid of koobface

    Posted Jul 31, 2009 06:11 AM
    Update virus definition file, then run Fullscan @ safemode.


  • 7.  RE: Cannot get rid of koobface

    Posted Jul 31, 2009 06:13 AM
    and also try removing add-ons of your browser... clear temp files, cookies, history from Tools>Internet Options...

    Remove any unknown startup programs using msconfig, click Start, run, then type the command : MSCONFIG. Startup Tab..


  • 8.  RE: Cannot get rid of koobface

    Posted Jul 31, 2009 01:22 PM
    @ Scala, Can you give us an update on your issue?

    Are you finding W32.Koobface.C on your system?

    See removal instructions -
    http://www.symantec.com/security_response/writeup.jsp?docid=2009-071514-3245-99&tabid=3

    Thanks,
    Thomas



  • 9.  RE: Cannot get rid of koobface

    Posted Aug 19, 2009 07:08 PM
    I have exactly the same problem as Scala, but I am finding your answers a bit too technical for me. Windows told me that it is Net-worm.Win32.koobface.bjo ?

    Please help!
    Rachel


  • 10.  RE: Cannot get rid of koobface

    Posted Aug 19, 2009 11:56 PM
    hi Rachel,

    Is would probably be best if you made your own thread for this. That way you are able to post screenshots, log files and things of that nature. Only the thread owner can do this, and only the thread owner can mark the answer solved. If you don't own the thread you can't give the points back to the people that helped you. But regardless I will try to shed a little light on this.

    1. Was it a Symantec product that located this virus?
    The reason I ask this is because our naming convention for this virus is a little different than what you posted. It looks more like Kaspersky's which calls them something like this: Net-Worm.Win32.Koobface.b [Kaspersky] Personally I don't care what product you are using, I will try to help you regardless, but if it is not a symantec product then I am affraid our answers to your questions might be confusing considering you are not using our product. But maybe I am wrong and we switched our naming convention.

    2. Second a little history on this virus
    This virus is one that attacks social networking sites. Even the name itself is a switch around from the work FACEBOOK which becomes KOOBFACE. Currently it is making its way through twitter. What it does is it hijacks your twitter profile, and uses it to spread malware to your followers or friends. In reality it is relatively harmless and just malware. The most I have ever heard of it doing is posting tiny url's to your friends page to links of erotic sites or illegal software ect ect. Regardless you should still get rid of this as soon as possible.

    3. How to get rid of it.
    Well if you are running a symantec product then these are the usual steps to follow. First boot your computer in safe mode. Usually this can be done by pressing F8 right when you start your computer up. Make sure system restore is off and run a full system scan. It should tell you whether it was deleted or quarentined or something else. Try this and report back to let us know how it goes. If it doesn't find anything or can't get rid of it we can suggest other options.


    Cheers
    Grant


  • 11.  RE: Cannot get rid of koobface

    Posted Aug 19, 2009 11:56 PM
    @ slug64, Try to remove using these instructions.

    http://www.symantec.com/security_response/writeup.jsp?docid=2008-080315-0217-99&tabid=3

    You may also find this KB helpful.

    The 5 Steps of Virus Troubleshooting - http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007011014341948

    Thomas