How To Remove Koobface Automatically?
First lets discuss the automatic method. The facebook security page has posted about this but there is no genuine way of removing this malware. They have only asked people to change their password in order to protect user security.
The best automatic method to remove this thing is of course to get a good malware remover which can automatically detect and remove it. If you have already bought a good spyware you can find the removal instructions from the support page. But it can be removed automatically if your software is updated.
The major problem is that the Koobface worm is constantly changing itself, so make sure you have the latest version of the mlaware installed.
How To Remove Koobface Manually?
Although it is highly recommended that Koobface or any other parasite should be removed using a automated software but still if you want to do it manually here is the procedure but before attempting anything,make sure you backup your computer:
Step 1 : Use Windows File Search Tool to Find Koobface Path
- Type in "Koobface" file name and note the file path
- Press Ctrl+Alt+Del to open 'Task Manager'
- Go to 'Processes' tab under image name to End the "Koobface" processes.
Step 2 : Use Windows Task Manager to Remove Koobface Processes
- %SYSTEMROOT%\bolivar28.exe
- che07.exebolivar28.exe
- %WinDir%\system32\nScan\ekrn.exe
- %WinDir%\system32\nScan\ecls.exe
- %WinDir%\system32\splm\ncsjapi32.exe
- %WinDir%\bolivar28.exe
- C:\Windows\fbtre6.exe
Step 3 : Use Registry Editor to Remove Koobface Registry Values
- Type 'regedit' in Run and press Enter to open the Registry Editior
- Locate "Koobface" registry entries and delete them
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Intelli Mouse Pro Version 2.0B\StubPath: "%WinDir% \System32\splm\ncsjapi32.exe"
HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\RunOnce\*Intelli Mouse Pro Version 2.0B*: "%WinDir% \System32\splm\ncsjapi32.exe"
HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\Run\Intelli Mouse Pro Version 2.0B: "%WinDir% \System32\splm\ncsjapi32.exe"
HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden: "2"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\*Intelli Mouse Pro Version 2.0B*: "%WinDir% \System32\splm\ncsjapi32.exe"
HKEY_USERS\Software\Microsoft\Windows\nScan32\ExecuteDate: "14\8\2008"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\"systray" = "c:\windows\mstre6.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\"systray" = "C:\Windows\fbtre6.exe"
HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating
Step 4 : Use Windows Command Prompt to Unregister Koobface DLL Files
Go to start > Run >and type in 'cmd' to open comman prompt.
The following dll files are to be unregistered;
- %WinDir%\system32\nScan\ekrnEmon.dll
- %WinDir%\system32\nScan\ekrnScan.dll
- %WinDir%\system32\nScan\ekrnEpfw.dll
- %WinDir%\system32\nScan\ekrnAmon.dll
- %WinDir%\system32\splm\lmfunit32.dll
- %WinDir%\system32\splm\mcaserv32.dll
- %WinDir%\system32\splm\kbdsapi.dll
To unregister "Koobface" DLL file, type in the exact directory path + "regsvr32 /u" + [DLL_NAME] (for example, :C\Spyware-folder\> regsvr32 /u Koobface.dll) and press the "Enter" button. A message will pop up that says you successfully unregistered the file.
RECOMMENDED: To avoid the unnecessary risk of damaging your computer, we highly recommend you use a good malware remover to track Koobface and automatically remove Koobface as well as other spyware, adware, trojans, and virus threats in your PC.
