cancel
Showing results for 
Search instead for 
Did you mean: 
colestein
Level 7

http://www.facebook.com/l/6ed56;www.starbra***-***.com/603/"---UHOH

I stupidly downloaded the exe file from this site: www.facebook.com/l/6ed56; www.starbra***-***.com/603/", which I got from a friend whose account I now know was hacked. Thinking back, there were many signs that the site was a bad one. A full McAfee scan didn't pick up anything wrong, but I have my fears... Any idea what this is? How do I get rid of it.

Message was edited by: Mark (secured2k) - Edited Link to Malware. on 11/22/09 1:13 PM
0 Kudos
7 Replies
secured2k
Level 11

Re: http://www.facebook.com/l/6ed56;www.starbra***-***.com/603/"---UHOH

I have edited your post as it had a link to Malware. Specifically a variant of KoobFace.

It is worth noting that only 1 major antivirus picked this sample up as something malicious but I can confirm that this is the KoobFace worm.

I have submitted the source sample to multiple AV companies. Hopefluly they will update detection abilities soon.

Do you have Vista? Did you run this file?

0 Kudos
colestein
Level 7

Re: http://www.facebook.com/l/6ed56;www.starbra***-***.com/603/"---UHOH

Thank you so much. I have Vista. I saved the file---didn't run it, but I can't find it now to remove it. Any suggestions are appreciated! Is it ok to turn off and restart my machine, or should I keep it on til McAfee or one of the free programs can detect it? Sue

0 Kudos
secured2k
Level 11

Re: http://www.facebook.com/l/6ed56;www.starbra***-***.com/603/"---UHOH

If you did not run the program file, you are safe.

0 Kudos
colestein
Level 7

Re: http://www.facebook.com/l/6ed56;www.starbra***-***.com/603/"---UHOH

Thanks so much.

0 Kudos
kimofafrica
Level 7

Re: http://www.facebook.com/l/6ed56;www.starbra***-***.com/603/"---UHOH

Hi ,

I have actually ran that file , any idea how to clean it ?!! what is the effect of this virus anyway ?

thax

0 Kudos
secured2k
Level 11

Re: http://www.facebook.com/l/6ed56;www.starbra***-***.com/603/"---UHOH

How did you figure out you ran the exact same file?

In the previous user's case, the dropper/installer of the Koobface worm tries to add some rootkit files which are all detected and blocked by an up-to-date working copy of McAfee. This leaves just the newer components of the virus that will need to be captured and submitted to the AntiVirus companies for research.

Below are two links with some basic information about Koobface.

http://en.wikipedia.org/wiki/Koobface

http://vil.nai.com/vil/content/v_148955.htm

Please post a new discussion thread with more details about your specific case if you need further help.

0 Kudos
kimofafrica
Level 7

Re: http://www.facebook.com/l/6ed56;www.starbra***-***.com/603/"---UHOH

This link was sent to me on facebook and supposedely links to video..

When i went there , i was notified on top of the video screen to install adoble flash ,.. although I was warned by  windows 7, i continued . it downloaded setup.exe and I clicked to ran it.

windows 7 notified me that the program didnt install properly..

Iam not saying iam sure It is there, but iguess it is . is there anyway to check if it is installed on my pc?!

0 Kudos