There is a virus that commonly affects facebook users called the "Koobface". It spams links and tries to trick people in downloading their "flash player update" called ''flash_player.exe". This is the mechanism that is used to infect individuals.
Removing the virus for Windows XP (print off instructions before proceeding)
- Disable system restore- This step is essential in enabling an antivirus to fully scan your computer.
2. Restart in safe mode.
- Click Start, right-click My Computer, and then click Properties.
- In the System Properties dialog box, click the System Restore tab.
- Click to select the Turn off System Restore check box. Or, click to select the Turn off System Restore on all drives check box.
- Click OK.
- When you receive the following message, click Yes to confirm that you want to turn off System Restore:After a few moments, the System Properties dialog box closes.
From Microsoft Help Website, to do this:
|1.||You should print these instructions before continuing. They will not be available after you shut your computer down in step 2.|
|2.||Click Start and then click Shut Down.|
|3.||In the drop-down list of the Shut Down Windows dialog box, click Restart, and then click OK.|
|4.||As your computer restarts but before Windows launches, press F8. |
On a computer that is configured for booting to multiple operating systems, you can press F8 when the boot menu appears.
|5.||Use the arrow keys to highlight the appropriate safe mode option, and then press ENTER.|
2. Remove start up entries.
1. Click start --> run.
2. Type in "regedit" without quotes
3. Browse through the left hand pane:
4. Delete the entry:
sysftray = "%Windows%\fbtre6.exe"
5. Close the regedit.
3. Remove the following files by using the windows search function. Press windows key +F. Input the following into the search input box.
- %System Root%\5465465465463.BAT
5. Restart computer.
6. Run an antivirus of your choice. If no antivirus has been installed on the computer, use a free online virus scan. My recommendations:
Random Info That May Be Useful
McAfee: As for the motivations behind this Koobface variant, analysis shows that during infection a proxy server is installed to %ProgramFiles%\tinyproxy\tinyproxy.exe and a service named Security Accounts Manager (SamSs) is created to load the server at startup. This component listens on TCP port 9090 and proxies all HTTP traffic, in particular looking for traffic to Google, Yahoo, MSN, and Live.com for the purpose of hijacking search results. Search terms are directed to find-www.net. This enables ad hijacking and click fraud.