July 17, 2009

How to remove worm W32.Koobface.C ?

Computer worm W32.Koobface.C passes or downloaded through compromised Twitter account. Once executed the computer worm searches for cookies related to social networking sites, if found it modifies settings to add malicious site links in users profile. This computer worm is getting into the system in the form of Video codec by displaying fake alert message to install missing Video Codec. Then worm connects to remote site and notify attacker about new installation.

How to remove worm W32.Koobface.C ?

1. Perform standard procedure for virus removal
** Standard procedure for virus removal.

2. Delete these registry values added by the worm.
** How to edit registry ?

KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"systwtray" = "%Windir%\twitty[TWO DIGIT NUMBER].exe"

Source: http://www.symantec.com/norton/security_response/writeup.jsp?docid=2009-071514-3245-99&tabid=1

No comments: