By GoldSparrow in Worms

Threat Scorecard

Threat Level: 50 % (Medium)
Infected Computers: 2,762
First Seen: July 24, 2009
Last Seen: May 24, 2022
OS(es) Affected: Windows

Koobface is a computer worm infection that takes advantage of users through social network messages in Facebook, Twitter, MySpace and others. Koobface attacks social network user’s profiles by sending a message asking them to view videos which redirects users to malicious websites designed to spread the Koobface infection. Many of the illicit messages sent via social networks have the subject line "You look funny in this new video" or "You look just awesome in this new movie." If the link within the message is clicked on, then it will ask that you update your flash player which leads to the download of malware. Koobface is able to infiltrate a users' system through a fake flash player update file named flash_player.exe. Other variants of Koobface are known as W32.Koobface, W32/Koobface, Worm.Win32.Koobface.b and Boface.


15 security vendors flagged this file as malicious.

Anti-Virus Software Detection
AhnLab-V3 Win-Trojan/Injecter.17920.ES
McAfee-GW-Edition Trojan.Dropper.Koobface.AEJ
AntiVir DR/Koobface.AEJ
DrWeb Trojan.DownLoad.40118
Comodo TrojWare.Win32.TrojanDownloader.Injecter.ddn0
ClamAV Worm.Koobface-125
F-Prot W32/Downldr2.FZRM
CAT-QuickHeal TrojanDownloader.Injecter.ddn
McAfee+Artemis Artemis!10377EFE296F
F-Secure Trojan-Downloader.Win32.Injecter.ddn
NOD32 Win32/Koobface.NCD
Ikarus Worm.Koobface
DrWeb Win32.HLLW.Facebook.755
BitDefender Worm.Generic.250945

SpyHunter Detects & Remove Koobface

Koobface Video

Tip: Turn your sound ON and watch the video in Full Screen mode.

File System Details

Koobface may create the following file(s):
# File Name MD5 Detections
1. swe.dll b008856fa107fb14dbfb01ac4bc7ff0a 609
2. PDRV.sys 07e86b47b742f78855ea14b68f4b6fea 505
3. swe.sys 5c02175de191a7fac64bbb77b62637c7 488
4. mas.dll 0ca69d528f881daf9553dd969b16a276 466
5. mas.sys 2428166634a56621d224f2f8883ebb0d 440
6. lsass.exe 714fdafb2028b4c06ce8cef5691b081f 69
7. webserver.exe 5e2754aadeeb72fce607726dec81b350 32
8. btw_oko.dll 175e1679f1d38e6771ca09caa2f63be7 31
9. certoko.dll 9392b9eaab4b07b1b1696f350caf7397 18
10. PDRV.sys 2e04cdb6a5c912acfa21946c8d8b1ec2 10
11. webserver.exe 989db2f4fcda61a6fea51be24459c2b4 6
12. svchost.exe 55d39b196e1ac496a355e9bc16de3ba1 6
13. fio32.dll c1448afa4012e692b85c2755a112c33c 1
14. webserver.exe eeda586b324d69ebf6b537724ad122cb 1
15. bill107.exe 3325f9fdcdcf36a02b6a8f2ee525041a 0
16. bill109.exe 7e35f37167c894c5b4a9c29a1648dcf2 0
17. bill109.exe da5bbe0812987119fdcb282fe08c53b2 0
18. bill110.exe 4fb5e6eea077e43c95c65f072c608c91 0
19. bill110.exe d147fac0c35c9ffa4b32a51a7766db03 0
20. bill110.exe f213646644b5943766db430f3ade0a27 0
21. bill110.exe 1beb0cc256f81a2282d3915cfee0ee1d 0
22. bill110.exe 7dea858c6530e5875cd59d4bd6df1efd 0
23. bill110.exe 6b12128a2c6693a421c9366832798183 0
24. bill112.exe 3a1f9e5af6ee84407feb05b1742108e8 0
25. bill112.exe b3be5e20e18f3c28c56a902b9e13a88c 0
26. bill113.exe d03a7a1c63491f4d0d24a9e084eca1b1 0
More files

Registry Details

Koobface may create the following registry entry or registry entries:
File name without path
Run keys

1 Comment

Have been told I have koobface virus and want to get rid of it.

Related Posts


Most Viewed