Tuesday, July 26, 2011

Information about How virus is spreading from facebook!

My Story
One of my facebook friend, on online chat, said me that there is one of my video. I asked him to post it on my  wall but he sent me the link which was looking a little bit abnormal link because it's format was http://some numbers (http://77.244.32.112/639350493 dont click on this though the link does not work at now). I clicked on the link and a page which looks like Youtube shows the heading of the video "Mahesh Ghimire is in leading role, Shocking performance". On the comment of the video, all are from my facebook friend and looks like commenting on me! That leads me to click on the video, but is said to upgrade the flash player. (look at the picture)

My flash player should be up to date, why it is not? So tried to find out this video on the youtube. So I have copied the title and paste on YouTube search box. But no result was there. That was much suspicious but the comments of my friend on the previous page lead me to click there to upgrade my flashplayer! Shocking to me! A message is displayed on the notification area saying virus is detected by your system. Immediately my Antivirus software was not working but showing the notification "Your antivirus software is up to date, No immediate action is required" but my antivirus software was inactive and its logo was changed. I am sure that my system is infected! So I immediately restore its setting to few days back, booted on safe mode and remove some active processes from there with the help of one of my friend.

What is this?

This is a network virus 'Trojan worm' spreading on facebook. PC world state that it is worm named "Koobface" It can collect your profile picture and some information from your cookies of the internet browser. 
A nasty feature of the worm is that it takes the profile picture of the sending infected user and adds it to the linked website. This makes it all look much more legitimate for the potential victim. The worm spreads when a compromised user’s account is used to send message to others with a title such as “LOL. You’ve been catched on hidden cam, yo:”,“Maan,yyou’re great!” , “your ass looks not bad in this video”, “Some0ne thinks your special and has a *Hot_Crush* on you. Find out who it could be*” and a link to a random URL. The linked website is a YouTube-like page that shows a video player along with some comment from your facebook friends ( I think they should be already infected what looks like a standard browser message to update your Flash player. When you will try to update your flash player, you will get infected.

Be Careful!
  • Do not click on the untrusted link. In my case the link was unusual but I made a mistake.
  • If the link said something unusual about you, it could be the trap.
  • Try to find the video on youtube directly searching on youtube. Just type the title on the YouTube, If you cannot find, It can be trap. 
  • Update your flash player from adobe site only. Here is the adobe site link http://www.adobe.com/support/flashplayer/downloads.html 
  • Share this information of facebook, so all the friends are aware of it.
If you got infected!
  • Restore your system (computer setting to any of previous date, rebooting your computer on safe mode will prompt you to the system restore)
  • Update your antivirus software and scan your computer. If you don't have antivirus software, you can download free antivirus software. For example AVG from www.free.avg.com
  • You can find out more information about how to remove the virus on the comments of this post. If you are unable to see the comment, click here
  • Facebook security helps you to scan your computer  by McAfee Antivirus and prompt you to identify and secure your facebook information. For facebook security, Click here 
Like this post! 

    9 comments:

    1. That is great, but do you have any idea how to fix it despite the restoration? I did what i had to do, but i couldn't restore it to a previous day only a few hours ago . So it's back on

      ReplyDelete
    2. Hi, first thank you for visiting my site. If restoring can not help you, you can go to task manager(ctrl+alt+del) and click on process and try to find out fbtre6.exe. Once you find this, click on this and stop the process. It will stop the virus temporarily. Now follow the following step
      >Start and search regedit.exe and then click on it. Prompt ot open the regedit.exe.
      >click on edit menu and go to find. Then in the find box type HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\"systray" = "C:\Windows\fbtre6.exe"
      >When it locate the file, right click-modify and then choose delete.
      >now search fmark2.dat inside c:/windows and delete it. (you have to search inside system foldor)
      >again search fbtre6.exe and delete it.
      Now you are safe. Delete all the items of the recycle bin and restart your system.

      Is it helpful to you? Do not forget to click on the like button of my blog!

      ReplyDelete
    3. what do you do when you can't find the "Fbtre6.exe." file???

      ReplyDelete
    4. Virus is generating random letters and numbers, look for another strange process in tsk manager and stop it. Then delete it from registry.

      >>>what do you do when you can't find the "Fbtre6.exe." file???

      ReplyDelete
    5. Thank you for the info..... I got infected with this virus just now and followed your instructions (restored my computer 2 days before it got infected) but how will you be able to know if the virus was removed??? And thanks again for the info XDXDXD

      ReplyDelete
    6. Absolutely Right!!Thats how my laptop get infected and keep restarting i can't even on my laptop 5 minutes bcause its keep restarting!!Fark IT!!

      ReplyDelete
    7. i dind't find "Fbtre6.exe." file???

      ReplyDelete
    8. hey brother please write detailed instruction how to remove this damn malware...... i didnot find fbtre6.exe..... more my mouse touch panel and keyboard both stop working...... but it works if i connect through USB....

      ReplyDelete
    9. Thanks Naveen for visiting my page, Have you searched inside the system folder? Be sure, you have searched inside system file and folder including hidden files also.

      ReplyDelete