Koobface virüsü adından anlaşılabileceği gibi Facebook benzer ismiyle sahtekarlığa yol açan bir virüstür.Sadece facebook amaçlı olmayıp bilgisayarınıza yüklediğinde trojan özelliğiyle kontrol sahibine vermektedir.Bu virüs shareware veya freeware yazılımlar veya P2P yazılımlarıyla veya sahte sayfalardan bulaşmaktadır.

Aşağıda Koobface virüsünün oluşturduğu dosyaları silin :

[%WINDOWS%]\t55ft3105f44.dat
[%WINDOWS%]\t55ft3165f44.dat
[%WINDOWS%]\freddy43.exe
[%WINDOWS%]\t55ft3192f44.dat
[%WINDOWS%]\mstre19.exe
[%WINDOWS%]\t55ft3601f44.dat
[%WINDOWS%]\010112010146118114.dat
[%WINDOWS%]\0101120101465452.dat
[%WINDOWS%]\0101120101465749.dat
[%WINDOWS%]\0101120101464849.dat
[%WINDOWS%]\0101120101465552.dat
[%WINDOWS%]\ld08.exe
[%WINDOWS%]\pp06.exe
[%WINDOWS%]\pp07.exe
[%WINDOWS%]\0101120101464849.fx
[%PROFILE_TEMP%]\vcru_1247795886.exe
[%PROFILE_TEMP%]\srazo_1250168927.exe
[%PROFILE_TEMP%]\srazo_1250187393.exe
[%WINDOWS%]\0101120101464949.fx
[%PROFILE_TEMP%]\srazo_1250198444.exe
[%PROFILE_TEMP%]\srazo_1250190616.exe
[%PROFILE_TEMP%]\srazo_1250197084.exe
[%PROFILE_TEMP%]\srazo_1250090197.exe
[%PROFILE_TEMP%]\srazo_1250102323.exe
[%WINDOWS%]\st_1242070417.exe
[%WINDOWS%]\st_1242076717.exe
[%WINDOWS%]\st_1242088847.exe
[%WINDOWS%]\nl.exe
[%WINDOWS%]\dk39fi4fe.dat
[%WINDOWS%]\zaponce52597.dat
[%WINDOWS%]\zaponce52689.dat
[%WINDOWS%]\ld09.exe
[%WINDOWS%]\0101120101465752.dat
[%WINDOWS%]\0101120101464850.fx
[%WINDOWS%]\0101120101465553.fx
[%PROFILE_TEMP%]\srazo_1250135222.exe
[%WINDOWS%]\freddy56.exe
[%WINDOWS%]\freddy55.exe
[%WINDOWS%]\0101120101465353.dat
[%WINDOWS%]\freddy53.exe
[%WINDOWS%]\0101120101465453.dat
[%WINDOWS%]\0101120101465153.dat
[%WINDOWS%]\t55ft2772f44.dat
[%WINDOWS%]\t55ft2829f44.dat
[%WINDOWS%]\t55ft2692f44.dat
[%WINDOWS%]\t55ft3223f44.dat
[%WINDOWS%]\t55ft2784f44.dat
[%WINDOWS%]\t55ft2792f44.dat
[%WINDOWS%]\t55ft2803f44.dat
[%WINDOWS%]\t55ft3242f44.dat
[%WINDOWS%]\t55ft3546f44.dat
[%WINDOWS%]\freddy39.exe
[%WINDOWS%]\freddy40.exe
[%WINDOWS%]\t55ft3189f44.dat
[%WINDOWS%]\freddy46.exe
[%WINDOWS%]\zaponce53198.dat
[%WINDOWS%]\zaponce53290.dat
[%WINDOWS%]\zaponce53222.dat
[%WINDOWS%]\sonce123198.dat
[%WINDOWS%]\ro122366.dat
[%WINDOWS%]\ro122390.dat
[%SYSTEM%]\mon32.dll
[%WINDOWS%]\ro122715.dat
[%WINDOWS%]\ro122739.dat
[%WINDOWS%]\sonce123173.dat
[%WINDOWS%]\freddy48.exe
[%WINDOWS%]\freddy49.exe
[%WINDOWS%]\ld02.exe
[%WINDOWS%]\pp04.exe
[%WINDOWS%]\freddy50.exe
[%WINDOWS%]\010112010146120114.dat
[%WINDOWS%]\freddy57.exe
[%WINDOWS%]\ld06.exe
[%WINDOWS%]\pp05.exe
[%WINDOWS%]\st_1241664655.exe
[%WINDOWS%]\st_1242148703.exe
[%WINDOWS%]\t55ft2667f44.dat
[%WINDOWS%]\t55ft3097f44.dat
[%WINDOWS%]\Pp.exe
[%WINDOWS%]\zaponce53173.dat
[%WINDOWS%]\sonce122714.dat
[%WINDOWS%]\sonce122739.dat
[%WINDOWS%]\010112010146118114.lso
[%WINDOWS%]\0101120101465452.lso
[%WINDOWS%]\sonce122715.dat

Koobface virüsünün kayıt defterinde oluşturduğu kayıtları silmek :

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, sysfbtray=[%WINDOWS%]\freddy58.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, pp=[%WINDOWS%]\pp11.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, sysmstray=[%WINDOWS%]\mstre21.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, pp=[%WINDOWS%]\pp10.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, sysfbtray=[%WINDOWS%]\freddy57.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, sysmstray=[%WINDOWS%]\mstre19.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, sysmstray=[%WINDOWS%]\mstre20.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, pp=[%WINDOWS%]\pp06.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, sysfbtray=[%WINDOWS%]\freddy55.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, sysberay2=[%WINDOWS%]\romeo15.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, sysfbtray=[%WINDOWS%]\freddy54.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, sysfbtray=[%WINDOWS%]\freddy53.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, sysfbtray=[%WINDOWS%]\freddy42.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, sysmstray=[%WINDOWS%]\mstre18.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, sysfbtray=[%WINDOWS%]\freddy50.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, sysfbtray=[%WINDOWS%]\freddy46.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, sysfbtray=[%WINDOWS%]\freddy49.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, sysmstray=[%WINDOWS%]\mstre15.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, sysfbtray=[%WINDOWS%]\freddy48.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, systgray2=[%WINDOWS%]\tag07.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, sysberay2=[%WINDOWS%]\romeo14.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, sysfbtray=[%WINDOWS%]\freddy47.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, sysfbtray=[%WINDOWS%]\freddy45.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, sysberay2=[%WINDOWS%]\romeo12.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, systgray2=C:\windows\tag12.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, pp=[%WINDOWS%]\pp04.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, systgray2=[%WINDOWS%]\tag12.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, sysfbtray=[%WINDOWS%]\freddy44.exe