Koobface worm on my computer?

Toggle sidebar Toggle sidebar
W

Wickedirish

Distinguished
Apr 30, 2014
39
0
18,530
I'm kind of freaking out... I was recently told my computer had what is supposedly called a koobface worm on it (not a virus). I was told it was destroying my programes and that some of them weren't responding. I have no idea how I could have stumbled on to this worm and I recently just bought and put together a new computer. I'm very concerned and I'm trying to figure out the details of knowing if i do or not. He pulled up some of my programs and it showed my nvidia sound programe along with my adobe flash had stopped running and that it was eating up my programes/destroying them and attacking my drivers. I just recently reformatted my whole computer and I was told "this would not resolve the issue" and that I would have to find a Anti hack specialist. I however did it anyways and im not sure how i can tell if I have one of not.... I have norton anti virus and i have malwarebytes but either program were not able to detect it the first time before redoing my computer. I'm scared to open up emails log on to facebook or get on my bank account. Any feed back would be very appreciated in this matter/experience :??:
 
Solution
Saga Lout
Go to http://www.combofix.org and download ComboFix - not anything else you're offered. Following the links wlil take you to www.bleepingcomupter.com and again, you need to avoid downloading the wrong utility. You also need to read the tutorial at that site before using ComboFix.

Once you have it installed and running, don't do anything until it completes and produces its log. Restart the system then post a copy of that log back here and someone will review it for you. It would be unusual for CF not to fix this but run the system for a day before you go online banking - just in case.
Sort by date Sort by votes
Saga Lout

Saga Lout

Retired Mod
Mar 31, 2010
24,042
310
69,740
Go to http://www.combofix.org and download ComboFix - not anything else you're offered. Following the links wlil take you to www.bleepingcomupter.com and again, you need to avoid downloading the wrong utility. You also need to read the tutorial at that site before using ComboFix.

Once you have it installed and running, don't do anything until it completes and produces its log. Restart the system then post a copy of that log back here and someone will review it for you. It would be unusual for CF not to fix this but run the system for a day before you go online banking - just in case.
 
Upvote 0 Downvote
Solution
W

Wickedirish

Distinguished
Apr 30, 2014
39
0
18,530


No windows didnt not come installed I had a disc I used to install windows 7 on my new computer
 
Upvote 0 Downvote
S

shikharbhardwaj

Reputable
Jun 5, 2014
10
0
4,520
first of all dont to connect to any server,network ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,it can be removed by norton power cleaner


manually it will not remove it 100% but i will tell you how
•Search for "koobface" in Mycomputer using find utility.
•Note down Koobface file path some where.
•Press Ctrl+Alt+Del to open 'Task Manager'
•End the "Koobface" processes.
The following processes must be ended:

1.%SYSTEMROOT%\bolivar28.exe
2.che07.exe
3.bolivar28.exe
4.%WinDir%\system32\nScan\ekrn.exe
5.%WinDir%\system32\nScan\ecls.exe
6.%WinDir%\system32\splm\ncsjapi32.exe
7.%WinDir%\bolivar28.exe
8.C:\Windows\fbtre6.exe
Now you need to change 'Registry Files', here is what to do:

•Type 'regedit' in Run and press Enter.
•The Registry Editor will appear, locate the above mentioned process files and delete them.
•Locate "Koobface" registry entries and delete them, they are as the follows:
1.HKEY_LOCAL_MACHINE\SOFTWARE\Microsof... Setup\Installed Components\Intelli Mouse Pro Version 2.0B\StubPath: "%WinDir% \System32\splm\ncsjapi32.exe"
2.HKEY_USERS\Software\Microsoft\Window... Mouse Pro Version 2.0B*: "%WinDir% \System32\splm\ncsjapi32.exe"
3.HKEY_USERS\Software\Microsoft\Window... Mouse Pro Version 2.0B: "%WinDir% \System32\splm\ncsjapi32.exe"
4.HKEY_USERS\Software\Microsoft\Window... "2"
5.HKEY_LOCAL_MACHINE\SOFTWARE\Microsof... Mouse Pro Version 2.0B*: "%WinDir% \System32\splm\ncsjapi32.exe"
6.HKEY_USERS\Software\Microsoft\Window... "14\8\2008"
7.HKEY_LOCAL_MACHINE\SOFTWARE\Microsof... Version\Run\"systray" = "c:\windows\mstre6.exe"
8.HKEY_LOCAL_MACHINE\SOFTWARE\Microsof... Version\Run\"systray" = "C:\Windows\fbtre6.exe"
9.HKEY_CURRENT_USER\AppEvents\Schemes\...

Now you have to unregister dll file as follows:

•Go to start and type in 'cmd' to open comman prompt.
•First locate the following dll files using 'dir' command.
1.%WinDir%\system32\nScan\ekrnEmon.dll
2.%WinDir%\system32\nScan\ekrnScan.dll
3.%WinDir%\system32\nScan\ekrnEpfw.dll
4.%WinDir%\system32\nScan\ekrnAmon.dll
5.%WinDir%\system32\splm\lmfunit32.dll
6.%WinDir%\system32\splm\mcaserv32.dll
7.%WinDir%\system32\splm\kbdsapi.dll
•Now change the current directory using 'cd' command leave a space after 'cd' and then the path of dll file, which you have located above. Press enter after this.
•Now unregister dll file by typing "directory path+'regsvr32/u'+dll file name". Press enter, the file will be unregistered.


reply
 
Upvote 0 Downvote
W

Wickedirish

Distinguished
Apr 30, 2014
39
0
18,530
I really do appreciate everyone's feed back and time all of you have given to help me get rid of this junk. I have spent the last 6 hrs on resolving this (sad I know) and my mind/body cant take anymore at the moment. I'm going to hit the sack and work on it tomorrow (along with staying away from any personal information sites may need). Thank you again for all your responses I'm sure they will be helpful!!! =)
 
Upvote 0 Downvote
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom