Danger! Danger! Do you use facebook or know someone who does? If so, check this out…
The koobface virus is spreading through facebook and is purported to be a harvester of personal information such as passwords and credit card info.
First things first, How can you tell if you are already infected?
Open the Windows Task Manager (CTRL-ALT-DEL) and look in the “processes” tab. If you see a process listed in the left-hand column named mstre6.exe or fbtre6.exe (or both), your computer is infected and the virus is currently active on your sytem.
BTW, if hitting CTRL-ALT-DEL doesn’t open the task manager, or appears to do nothing at all, then it’s still likely that you are infected with a virus or spyware or other malicious software, even if not the koobface virus. See more info at the Geek Housecalls website.
About Koobface…
The koobface virus that already made the rounds of Myspace is again running rampant, this time through facebook where it basically takes advantage of the trusted messaging environment to spread by showing up as a message from a friend (who is already infected). There are apparently several variants being reported with subject lines that range from “You look just awesome in this new movie.” to supposed footage of Paris Hilton, or even yourself caught on hidden camera.
If you click the link you are taken to a site that displays a Youtube-like video player with a dialogue box superimposed over it that says you need to download an update in order to view the video.
If you give it the okay though, you will in fact, be authorizing the download and installation of the virus (pretty sneaky eh?)
And once your computer is infected, the virus then takes control and messages all your facebook friends as a video coming from you!
What to do if infected…
First, open the Windows Task Manager (see above) and in the processes tab, highlight, by clicking once, the process named mstre6.exe then click the “end process” button, then confirm. Do the same for the fbtre6.exe process.
Next, try updating and performing a scan with your virus scanner as many commercial scanners are currently catching and cleaning koobface (Hint: if you got infected despite having a good commercial antivirus package installed, it may be that your package has expired or is not up to date).
If your commercial antivirus software is unsuccesful, it’s time to get geeky or call in a professional geek. To see the steps for cleaning koobface manually, click here:
IMPORTANT NOTE: The following instructions require editing of the windows registry. The registry is the backbone of the windows operating system, and if mishandled, may render your computer inoperable. If you are not familiar with the registry and how to edit the registry, Geek Housecalls strongly recommends that you contact a professional for assistance!
How to manually remove the koobface virus…
1. Boot into safe mode
2. Remove the following registry keys (note that the entire string is wrapped)
HKLM\SOFTWARE\Microsoft\Windows\Current Version\Run\”systray” = “c:\windows\mstre6.exe”
HKLM\SOFTWARE\Microsoft\Windows\Current Version\Run\”systray” = “C:\Windows\fbtre6.exe”
HKCU\AppEvents\Schemes\Apps\Explorer\Navigating
HELP:
3. Delete the following files (and empty recycle bin)
C:\Windows\fbtre6.exe
C:\Windows\fmark2.dat
4. Restart in normal startup mode
If you have recovered from infection, Facebook recommends that you also change your account password as your old password may have been harvested or compromised by the virus.
This content also available as a discussion on the facebook website in the Geek Housecalls fan page.
This article was written by Andy Trask, Head Geek at Geek Housecalls, the New England area’s original traveling computer geeks, on the web at www.geekhousecalls.com. Geek Housecalls specializes in “anything computer” and, since 2001, has become the trusted in-home computer and technology support provider for over 15,000 families and small business computer users in eastern Massachusetts, Rhode Island, and southern New Hampshire. For help with your computers, gadgets, or network at home or at the office, click here to contact Geek Housecalls via the web, or call toll free:
1-877-4PC-GEEK (1-877-472-4335)
Tags: channel 12, eyewitness news, facebook, facebook virus, flash update, geek, geek housecalls, koobface, myspace, virus, worm, wpri, You look just awesome in this new movie