Net-Worm.Koobface.B!rem Description

Net-Worm.Koobface.B!rem is a network-aware worm. Net-Worm.Koobface.B!rem is able to spread by copying itself across existing networks. Net-Worm.Koobface.B!rem may be used to hijack aspects of a victim’s web browser functionality including the default homepage, search page and security settings.

Type: Worms

Aliases: Trojan.Win32.Scar.aqqk (Kaspersky Lab), W32/Koobface.worm.gen.h (McAfee), W32/Koobface-V (Sophos).

How Can You Detect Net-Worm.Koobface.B!rem?

Net-Worm.Koobface.B!rem Removal Details

Net-Worm.Koobface.B!rem has typically the following processes in memory:

• %Temp%\zpskon_1276086438.exe
• %Windir%\rdr_1276072454.exe
• %Temp%\zpskon_1276077495.exe
• %Temp%\zpskon_1276088047.exe
• %Temp%\zpskon_1276098136.exe
• %Windir%\dxxdv34567.bat
• %Windir%\rdr_1276072453.exe
• %Temp%\zpskon_1276077259.exe
• %Temp%\zpskon_1276083019.exe
• %Temp%\zpskon_1276094112.exe
• %Windir%\rdr_1276072542.exe
• %Windir%\ld15.exe
• %Temp%\zpskon_1276087136.exe
• %Windir%\rdr_1276072455.exe
• %Temp%\zpskon_1276081396.exe
• %Temp%\zpskon_1276089368.exe
• %Windir%\rdr_1276072540.exe

Net-Worm.Koobface.B!rem creates the following files in the system:

• %Windir%\010112010146111103.xxe
• %Windir%\0101120101465249.xxe
• %Windir%\0101120101465450.xxe
• %Windir%\010112010146103110.xxe
• %Windir%\01011201014650115.xxe
• %Windir%\0101120101465349.xxe
• %Windir%\0101120101465649.xxe
• %Windir%\dxxdv34567.bat
• %Windir%\010112010146114101.xxe
• %Windir%\0101120101465348.xxe
• %Windir%\0101120101465548.xxe

Net-Worm.Koobface.B!rem creates the following registry entries:

• [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating\.Default]
• [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating\.Current]
• [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating]

Important Article Disclaimer