4 Replies Latest reply on Nov 22, 2009 4:01 AM by secured2k

    trojan koobface worm

      I am having the same problem as april prices friend (in discussion a few minuits ago)  I am running mcafee version 13.15  dat 5807.0000 engin 5301.4018  I have run a few scans and am still having problems

        • 1. Re: trojan koobface worm

          You could also try the freescan utility, just to ensure nothing more is detected.



          However, if that fails, it might be a good idea to install the beta dats on your system, to see if it's something that we have recently added to the DAT source, that just hasn't made it's way into the full DATs just yet.


          Here is a link to the beta DATs, they are refreshed about every hour or so.  http://vil.nai.com/vil/virus-4d.aspx


          For the consumer product, I believe the last link in the list will work for you.


          If you still don't detect anything, it might be useful to run GMER (gmer.net), just hit "scan" and then save the log, and post it here, and we'll see if there is anything obvious on the system.


          Let us know if you need any help at all.


          - David

          • 2. Re: trojan koobface worm

            updated virus scan ran in safe mode w/sys restore disabled, nothing detected..  rAn free scan and it detected a virus and told me to buy, i already have mcafee  wtf!  I dont know enough about beta dats to know what to download, I will try gmer.net well see?

            • 3. Re: trojan koobface worm

              here is scan results

              • 4. Re: trojan koobface worm

                Generally, Koobface does not try to hide itself in a way that would be considered a rootkit. It seems McAfee does not yet detect the variant you have.


                To help McAfee by capturing this new variant of KoobFace, please start with the following:


                Try using AutoRuns to detect non-Microsoft files that aren't Digitally Signed to find out where the virus files are loading.



                Download and Run AutoRuns


                1. When it starts, Press <ESC> to cancel the initial scan.
                2. Go to the OPTIONS menu and make sure "Verify Code Signatures" AND "Hide Microsoft and Windows Entries" are checked.
                3. Choose the FILE menu - > Refresh.


                This will scan your computer's startup locations and list them. It is done when the lower left status bar says "Ready."


                You can us the FILE menu to save a file with a list of your startup items. Please attach it to your post and wait for further instructions.



                To Just Get Rid of KoobFace:


                If you've watched some of the other posts on the forums. you may have also seen recommendations to use MalwareBytes, SuperAntiSpyware, Windows Defender, and other programs that may be able to detect and remove this threat. I recommend MalwareBytes as it may also undo some of the system changes that the virus has made to your system. Microsoft's free Windows Defender may also be able to detect and remove this threat as well.



                Windows Defender