Click on screenshot to zoom
Danger level 8
Type: Worms
Common infection symptoms:
  • Connects to the internet without permission
  • Slow internet connection
  • Slow Computer
Other mutations known as:

Net.Worm.Koobface.ld

Net.Worm.Koobface.ld is a computer worm that was ultimately designed to gather sensitive information from the victim’s computer system, such as credit card numbers, personal identity information, etc.

This dubious application targets the users of social networking websites, for example: Facebook and MySpace.

Net.Worm.Koobface.ld spreads by delivering Facebook messages to people that are 'friends' of the infected user.

The messages contain innocuous subject headers the likes of: "Paris Hilton Tosses Dwarf on the Street", "LOL", and "My friend catched [sic] you on hidden cam".

Upon receipt, the message will redirect the recipients to a third-party website, unaffiliated with the social networking website, where they are then prompted to download what is purported to be an update of the Adobe Flash player.

Should the unsuspecting user choose to download the file, they will in effect only be ensuring the infiltration and ultimate infection of their computer with Net.Worm.Koobface.ld.

Once integrated within a computer system, Net.Worm.Koobface.ld then commandeers all surfing activities and directs users to contaminated websites (all of which are obviously in close association with the Koobface infection) when they attempt to access search engines from Google, Yahoo, MSN and Live.com.

Once a user clicks a link and installs the “video codec,” they are actually downloading Net.Worm.Koobface.ld.

Net.Worm.Koobface.ld launches and searches your PC for social networking site cookies, and uses these cookies to modify your profiles with Net.Worm.Koobface.ld links.

If you suspect your system has been infected with the Net.Worm.Koobface.ld virus, you should begin a removal procedure immediately!

Download Spyware Removal Tool to Remove* Net.Worm.Koobface.ld
  • Quick & tested solution for Net.Worm.Koobface.ld removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Net.Worm.Koobface.ld

Files associated with Net.Worm.Koobface.ld infection:

svchost.exe
Explorer.exe
vmusbw32.dll
nnBOhWioHpG62R.exe
MgKPyEORiQUvGj.exe
aadrive32.exe
6DSS92c31Apgjk.exe
winlogon.exe
rundll32.exe
questscan143.exe
Photoshop.exe
netiepad.dll
ftppost2.exe
svrwsc.exe
itlnfw32.dll
Recycle.Bin.exe
gh5h166.exe
jjp155.exe
andy129.exe
mike148.exe
MakeTheWebBetter.exe
jjp156.exe
andy145.exe
setup.exe
andy143.exe
install.exe
host32.exe
bill113.exe
bill115.exe
lsass.exe
bill112.exe
bill110.exe
bill109.exe
bill108.exe
bill107.exe
bill106.exe
mrxoko.sys
imapioko.sys
sber20.exe
che6.exe
fbtre6.exe
bill104.exe
o6ko.sys
kenny17.exe
kenny14.exe
bill103.exe
freddy101.exe
Filter.sys
freddy80.exe
freddy81.exe
freddy54.exe
freddy37.exe
webserver.exe
pp14.exe
freddy79.exe
hippy16.exe
pp13.exe
mstre26.exe
ld16.exe
mstre25.exe
fio32.sys
mstre24.exe
freddy75.exe
mstre23.exe
freddy73.exe
freddy71.exe
freddy72.exe
tag14.exe
freddy60.exe
freddy56.exe
freddy48.exe
freddy39.exe
sber18.exe
freddy70.exe
freddy69.exe
ld06.exe
sber17.exe
freddy65.exe
freddy64.exe
freddy66.exe
restorer32_a.exe
ld15.exe
freddy67.exe
mstre22.exe
freddy63.exe
freddy61.exe
pp12.exe
nl15.exe
freddy62.exe
captcha7.dll
freddy59.exe
ld14.exe
BrowserCtl.sys
pp11.exe
mstre21.exe
freddy58.exe
freddy49.exe
ld12.exe
ld11.exe
ugo03.exe
bolivar27.exe
tag12.exe
romeo15.exe
SYSDLL.exe
websrvx.exe
pp2.exe
che07.exe
che3.exe
mstre6.exe
pp07.exe
pp.06[1].exe
mstre18.exe
freddy41.exe
ld07.exe
mon32.dll
pp06.exe
freddy40.exe
jopaxx_1238002451.exe
ld03.exe
pp05.exe
mstre15.exe
pp04.exe
mstre12.exe
pp03.exe
pp02.exe
ld02.exe
pp1.exe
bolivar30.exe
bolivar28.exe
bolivar26.exe
bolivar25.exe
mstre8.exe
bolivar24.exe
bolivar20.exe
kenny16.exe
higeorge12.exe
freddy43.exe
freddy45.exe
freddy44.exe
freddy42.exe
ld10.exe
freddy46.exe
mstre19.exe
ld09.exe
pp10.exe
ld08.exe

Net.Worm.Koobface.ld DLL's to remove:

vmusbw32.dll
netiepad.dll
itlnfw32.dll
captcha7.dll
mon32.dll

Net.Worm.Koobface.ld processes to kill:

svchost.exe
Explorer.exe
nnBOhWioHpG62R.exe
MgKPyEORiQUvGj.exe
aadrive32.exe
6DSS92c31Apgjk.exe
winlogon.exe
rundll32.exe
questscan143.exe
Photoshop.exe
ftppost2.exe
svrwsc.exe
Recycle.Bin.exe
gh5h166.exe
jjp155.exe
andy129.exe
mike148.exe
MakeTheWebBetter.exe
jjp156.exe
andy145.exe
setup.exe
andy143.exe
install.exe
host32.exe
bill113.exe
bill115.exe
lsass.exe
bill112.exe
bill110.exe
bill109.exe
bill108.exe
bill107.exe
bill106.exe
sber20.exe
che6.exe
fbtre6.exe
bill104.exe
kenny17.exe
kenny14.exe
bill103.exe
freddy101.exe
freddy80.exe
freddy81.exe
freddy54.exe
freddy37.exe
webserver.exe
pp14.exe
freddy79.exe
hippy16.exe
pp13.exe
mstre26.exe
ld16.exe
mstre25.exe
mstre24.exe
freddy75.exe
mstre23.exe
freddy73.exe
freddy71.exe
freddy72.exe
tag14.exe
freddy60.exe
freddy56.exe
freddy48.exe
freddy39.exe
sber18.exe
freddy70.exe
freddy69.exe
ld06.exe
sber17.exe
freddy65.exe
freddy64.exe
freddy66.exe
restorer32_a.exe
ld15.exe
freddy67.exe
mstre22.exe
freddy63.exe
freddy61.exe
pp12.exe
nl15.exe
freddy62.exe
freddy59.exe
ld14.exe
pp11.exe
mstre21.exe
freddy58.exe
freddy49.exe
ld12.exe
ld11.exe
ugo03.exe
bolivar27.exe
tag12.exe
romeo15.exe
SYSDLL.exe
websrvx.exe
pp2.exe
che07.exe
che3.exe
mstre6.exe
pp07.exe
pp.06[1].exe
mstre18.exe
freddy41.exe
ld07.exe
pp06.exe
freddy40.exe
jopaxx_1238002451.exe
ld03.exe
pp05.exe
mstre15.exe
pp04.exe
mstre12.exe
pp03.exe
pp02.exe
ld02.exe
pp1.exe
bolivar30.exe
bolivar28.exe
bolivar26.exe
bolivar25.exe
mstre8.exe
bolivar24.exe
bolivar20.exe
kenny16.exe
higeorge12.exe
freddy43.exe
freddy45.exe
freddy44.exe
freddy42.exe
ld10.exe
freddy46.exe
mstre19.exe
ld09.exe
pp10.exe
ld08.exe

Remove Net.Worm.Koobface.ld registry entries:

HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ RTHDBPL
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ pp
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ restorer32_a
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ sysberay2
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ sysbetray2
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ sysfbtray
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ sysftray2
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ syshitray2
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ sysldtray
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ sysmstray
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ sysnltray2
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ systgray2
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ systray
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\msnager32
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\apto6ko
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\browserctldrv
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Filter
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\fio32
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\o6ko
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ql600oko
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\webserver
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\websrvx
MICROSOFT\WINDOWS\CURRENTVERSION\RUN\sysftray2
RUNNING PROGRAM\bill103.exe
RUNNING PROGRAM\Explorer.EXE
RUNNING PROGRAM\freddy37.exe
RUNNING PROGRAM\freddy54.exe
RUNNING PROGRAM\ld08.exe
RUNNING PROGRAM\pp1.exe
RUNNING PROGRAM\pp10.exe
RUNNING PROGRAM\pp12.exe
RUNNING PROGRAM\SYSDLL.exe
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.