The Koobface Virus: What It Is and How to Remove It

Koobface worms its way to your computer through social media

A conceptual illustration of the Koobface virus destroying a laptop computer.

Theresa Chiechi / Lifewire 

People who use social media are prime targets for hackers. The old Koobface worm, discovered in 2008, reemerged in 2013 with a vengeance and is still out there, looking for victims on all types of social media platforms.

This sneaky worm attacks any computer platform that can run social media sites, email programs, or messaging programs including Facebook, Twitter, YouTube, Yahoo Messenger, Skype, GMail, Yahoo Mail, and many more.

What Is the Koobface Virus?

Technically a worm instead of a virus, Koobface is malware that typically infects a single file on your computer system. Its very name is a play on the fact that it attacks social media users, particularly Facebook users. To combat the worm, Facebook itself launched an investigation and ultimately identified the hackers, who are based in St. Petersburg, Russia. No arrests were ever made.

There are numerous hoaxes associated with Koobface, including some that assert Facebook applications are the source of the virus or that it has the ability to delete all your computer files and burn your hard disk. Those have not been found to have any factual basis.

How Does the Koobface Virus Work?

Koobface spreads through social networking sites, then uses hacked computers to create a botnet involving thousands of compromised computers to build an entire peer-to-peer network to do its dirty work. Each computer follows commands established by the cybercriminal involved; the worm runs in the background without the user's knowledge.

This network is typically used in distributed denial of service attacks that are run by masterminds somewhere far, far away in an effort to disrupt computer systems run by large corporations or governments.

Computers infected by bots such as Koobface are known as zombie hosts. Every time you use your computer with this worm lurking in the background, hackers can monitor your actions for passwords, account numbers, credit card numbers, and more.

How Do I Know If I Have the Koobface Worm?

You might notice your computer has slowed considerably or even experience unexpected system crashes. Your antivirus software, too, might identify a executable file known to be connected to Koobface.

If you have this worm, some common names that might show up in your computer system’s activity/process monitor are:

  • Captcha6.exe
  • Fbtre6.exe
  • Mstre6.exe
  • Ld12.exe
  • Freddy35.exe
  • Websrvx.exe
  • Bolivar28.exe

On Windows computers, you can use Task Manager to check for these files via the Processes tab. OS X computers can check for them through the Activity Monitor (go to /Applications/Utilities).

How Did I Get This Worm?

The most common way Koobface spreads is through an infected link. When you click it, the worm is set free onto your computer and can tunnel its way into the files it needs to overtake your system for use as part of the botnet.

You probably opened a message or a link sent to you by a 'friend' on social media, particularly video links. These links are often associated with subject lines like 'you look so amazingly funny in our new video' or include some other semi-personalized note. The reality is that your friend's computer was infected and the computer sent the message, not your friend. When the link is opened, the worm is set free.

Other ways Koobface spreads include:

  • Malicious ads on websites
  • Browser redirects to unsafe sites
  • Downloads of infected software, particularly from freeware sites

How Do I Get Rid of Koobface?

Manual removal is not recommended since this worm infiltrates registry entries, DLL files and other system-dependent processes.

  1. The best way to remove it is to use a strong antivirus program that can ferret out worms and other malware threats. Choose a program that also has solid removal features; it will eradicate Koobface for you. Antivirus software can take several hours to complete the removal process, depending on the speed of your computer, but it offers you the best methods in which to remove the malicious files. 

  2. You can also use System Restore to return to an earlier point on your computer before you picked up the Koobface virus. Be sure to pick a time period where you know you definitely didn't already have it on your computer. 

  3. It's unlikely that you'll need to reformat and reinstall your computer, but it is the best guarantee that you've completely deleted Koobface from your system. However, this process is highly complicated and requires a solid understanding of how computers are set up. Don't try this method unless you have already tried everything else possible.

How Do I Avoid Getting A Virus Or Worm Again?

In addition to installing antivirus on your computers, it's also worth installing a malware removal tool which helps detect malware like Koobface and delete it before it causes any problems.

There are a few simple ways you can lower your chances of reinfection as well as these specific tips:

  • Update your antivirus software and malware protection. New virus definitions are released regularly to ensure your PC stays informed on what to look for with new virus and malware-based threats. 
  • Be very careful when downloading new programs. Confirm the source of the programs and apps you're downloading and be aware that less reputable sites bundle in extra add-ons that you don't need, which can often includes spyware, viruses and other threats. 
  • Confirm all links and attachments before opening. If a message from a friend seems even a little random, contact your friend to confirm they actually sent it.
  • Don't click on banner ads. When a pop-up ad appears when browsing a website, never click on it. It's safer to go to a different website than stay on a site that inundates you with pop-up advertisements.