What is Koobface?

Koobface is a computer worm that can affect Windows, Linux and macOS operating systems. The worm often spreads via social media like Facebook, Skype, Twitter, Yahoo Messenger, MySpace. When it enters a computer, it will look for cookies containing the login information of social media accounts, and tries to gain access to those accounts. If it succeeds, it then messages people on the victim’s friend list with a link that would lead to them getting infected as well. When people click on the link, they are taken to a site that asks them to install a Flash update.


That is a classic malware distribution technique, and users should know better than to click on weird links and download updates from random websites. Unfortunately, many users are either not aware of this, or they are not security cautious enough to care. When the user downloads the “update”, he/she is actually downloading the worm. Their social media accounts then get taken over and their accounts start sending those malicious massages to people on their friend list. And so it spreads. If you recall pressing on a weird link send by a friend and then your account started sending those same massages, you certainly do have some kind of malware. It may not necessarily be Koobface, so you should scan your computer with anti-malware to find out what you are dealing with. Anti-malware software would also delete Koobface or any other infection present on your device.

It’s primarily an annoying infection because of the spam it sends from your social media accounts. It can also be quite embarrassing once people on your friend list start asking why you sent them malware. However, such infections can also be quite dangerous. They can get access to not only social media accounts, but other ones as well. If you are particularly unlucky, it could get into your online bank account, which could mean financial loss.

How to avoid infecting your computer with Koobface?

Avoiding infections like Koobface is particularly easy. All you need to do is not click on weird links, even if they are sent to you by a friend. Malicious links are always very obvious and are accompanied by massages such as “Is this a video of you” and “Check this out” or simply an emoji. Some messages may also claim that you were filmed, or that there is a weird photo of you. The messages are usually in English, so if a person with whom you do not use English to communicate sends you a link and such a message, you can be sure it’s malware. If you want to protect yourself, treat all unexpected links as potentially malicious, and only open them after you have asked the person who sent it to you about it.

Furthermore, never download anything from unreliable websites. In many cases, malware is disguised as a Flash Player update, supposedly needed in order to watch a video or load content. In such situations, instead of downloading the “update”, you need to leave the page. Legitimate updates are never pushed this way, only malware is. If a program needs to be updated, it will either do it automatically, or inform you via the program itself. Never will you be asked to download legitimate updates from dubious websites.

What does Koobface do?

If you clicked on one of those links and downloaded the fake update, Koobface installed on your computer, whether it’s running Windows, Linux or macOS. Once it’s inside, it looks for certain cookies to get access to your social media. It then uses your social media to infect others. In addition to using your device to spread further, it can also do damage. Infected computers can also become what’s called a zombie, and would connect to a C&C (command-and-control) server regularly to get instructions. As a result, your computer can become infected with other kinds of malware, ones that would be much more damaging.

Koobface runs in the background, so until your friends start questioning you about the weird messages you’re sending, you might not even notice it. In the meantime, it’s monitoring your behavior, possibly recording your login details. This can have disastrous consequences as crooks could gain access to your bank accounts.

You can check your Task Manager or equivalent (Ctrl + Alt + Del -> Task Manager for Windows, Finder -> Applications -> Utilities -> Activity Monitor for macOS, press the Windows key and search for System Monitor for Linux) to see if you can see any processes run by Koobface. They usually include Fbtre6.exe, Freddy35.exe, Websrvx.exe, Ld12.exe, and Captcha6.exe. Other unfamiliar processes could also belong to Koobface.

Koobface removal

In order to remove Koobface, you will need to use anti-malware software. The program would erase all Koobface associated files, and you will not need to do anything. Had you had anti-virus prior to infecting your computer, it would have prevented the infection in the first place. After you uninstall Koobface, you should change all passwords for all important accounts, whether they’re social media or bank accounts.

Koobface is detected as:

  • Worm/Koobface.AU on AVG
  • Worm.KoobFace on Malwarebytes
  • Net-Worm.Win32.Koobface.a on Kaspersky
  • W32.Koobface.A on Symantec
  • Worm/Win32.Koobface on Norton


More information about WiperSoft and Uninstall Instructions. Please review WiperSoft EULA and Privacy Policy. WiperSoft scanner is free. If it detects a malware, purchase its full version to remove it.

  • wipersoft

    WiperSoft Review Details WiperSoft (www.wipersoft.com) is a security tool that provides real-time security from potential threats. Nowadays, many users tend to download free software from the Intern ...

  • mackeeper

    Is MacKeeper a virus? MacKeeper is not a virus, nor is it a scam. While there are various opinions about the program on the Internet, a lot of the people who so notoriously hate the program have neve ...

  • malwarebytes-logo2

    While the creators of MalwareBytes anti-malware have not been in this business for long time, they make up for it with their enthusiastic approach. Statistic from such websites like CNET shows that th ...


Site Disclaimer

2-remove-virus.com is not sponsored, owned, affiliated, or linked to malware developers or distributors that are referenced in this article. The article does not promote or endorse any type of malware. We aim at providing useful information that will help computer users to detect and eliminate the unwanted malicious programs from their computers. This can be done manually by following the instructions presented in the article or automatically by implementing the suggested anti-malware tools.

The article is only meant to be used for educational purposes. If you follow the instructions given in the article, you agree to be contracted by the disclaimer. We do not guarantee that the artcile will present you with a solution that removes the malign threats completely. Malware changes constantly, which is why, in some cases, it may be difficult to clean the computer fully by using only the manual removal instructions.

Leave a Reply