Help Removing Koobface Trojan

It appears that someone not-so-bright in my household clicked on a movie link in Facebook and infected my system with Koobface as it wormed through my friends list.  I ran a complete scan this morning and Norton failed to pick the it up.  I also did a search for Fredde35.exe and turned up nothing. 

 

Do I need to manually remove this virus and if so how?  I'd rather not have to pay to install Spyware Doctor.

 

I'm running XP 2002, Service Pack 3 and NIS Ver. 16.5.0.135.

 

Thanks, any help is appreciated (I don't pretend to be a pro at this so go easy on me please) :smileywink:

 

Please also try a scan with SuperAntispyware. www.superantispyware.com . MBAM & SAS should both be able to find it

You can also try the manual removal instructions from the following Symantec Security Response links:

 

W32.Koobface.A

 

W32.Koobface.B

 

The attack signatures and definitions for koobface varients are already released by Symantec. So, run LiveUpdate repeatedly until you see the message "No more updates" and then run full system scan in Safe Mode.


yogesh_mohan wrote:

You can also try the manual removal instructions from the following Symantec Security Response links:

 

W32.Koobface.A

 

W32.Koobface.B

 

The attack signatures and definitions for koobface varients are already released by Symantec. So, run LiveUpdate repeatedly until you see the message "No more updates" and then run full system scan in Safe Mode.


This is probably the most easy solution

It appears that someone not-so-bright in my household clicked on a movie link in Facebook and infected my system with Koobface as it wormed through my friends list.  I ran a complete scan this morning and Norton failed to pick the it up.  I also did a search for Fredde35.exe and turned up nothing. 

 

Do I need to manually remove this virus and if so how?  I'd rather not have to pay to install Spyware Doctor.

 

I'm running XP 2002, Service Pack 3 and NIS Ver. 16.5.0.135.

 

Thanks, any help is appreciated (I don't pretend to be a pro at this so go easy on me please) :smileywink:

 

dbrisendine:

 

Thank you for your response.  I did install MalwareBytes and ran it this moring.  Attached is the log file.  Though the log file doesn't show it, since I saved it before I resolved the issues, I did have Malware remove the infected files. 

 

I'm not sure if I see any indicator of Koobface but I know it has to be on my system if it wormed through my friends list, but I wouldn't know for sure if it's in here.

 

Thanks to the other responders as well. 

 

Katie

 

 

LadieKadie:

 

Could you give us a Hijackthis Log as well just to make sure that all of the MyWebsearch is out, and any DNSchangers?

 

At least it is a quick scan.

 

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis

 

Dbrisendine will have a look at it later.

Attached HijackThis log...again thanks.

 

Katie

Is NIS2009 the only Norton / Symantec product on your system?

 

The HJT log looks pretty good but I'd like to see about the Norton issues.

@LadieKadie

 

on the system are many remnants of older norton software  and things you should check on http://www.virustotal.com . for example.

 

 c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\aim.exe
c:\WINDOWS\system32\Narrator.exe
c:\windows\system32\nwprovau.dll

 

 

In any case you should uninstall Norton and use the NRT tool
http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039

 

After complete cleaning  reinstall your NIS.

Yes, NIS 09 is the only product I'm 'using.'  I installed the NRT last year and used it.  Norton then came up with their upgrade (thank God), and when I subscribed again this year I didn't run the NRT.  Didn't seem like I needed to and I'm not showing any other versions in my system, but it sounds like there are fragments.

 

I'll certainly look into all the good suggestions and see if I can't do something with it without blowing Norton out of the water.  Every time I try to manipulate Norton in any way, I end up fighting with Support about their charges to help fix it.  I'm obviously not anti-Norton as I've had it for years, but it's not very user friendly for the average "knows enough to kill their system" user like myself.

 

In my next life I'm coming back as a computer geek. 

 

Thanks to everyone who responded.  I'll be working on it and see if I can't do some good without making my system worse.  :)

 

Katie

 

 

LadieKadie,

 

Yes, you do have fragments of older Norton products on your system.  You can do this yourself; no need for having Service do it.  The main one I was concerned about is the older Live Update (stand alone) service which is not necessary since Live Update is built into the 2009 and above products (antivirus).  However since the new versions are around the corner, you could wait until then to do this.  Choice is yours.

db:

 

The concern I have is if I run the removal tool, I don't have Norton on disk in any form.  I've updated from their system (and always with problems). 

 

I'm not even sure if I can reinstall the update from my system in lieu of having to go back to Symantec and muttle through that.

 

Any suggestions?

 

 

I've done this many times and if you follow these instructions you will not have a problem.  It looks long but actually only takes about 45 minutes or so.  I would recomend you download fresh copies of the Removal Tool and the installer.

 


1) Copy your Norton key for safe keeping just in case you need it. You should not need this but it is better to have the key on hand than to need it and not have ready access to the key. You can find a copy of your currently installed key in My Documents\Symantec\Norton Internet Security_Key.txt.

2) Download the Norton Removal Tool from this link. Norton Removal Tool Choose the NIS2009 link and download the Norton Removal Tool (NRT) to your desktop. Directions are on the link page.

3) Download the latest version of NIS2009 from this link. Reinstall After Removal Choose the 'I have Norton Internet Security 2006 or later' link on this page. On the next page you can download the latest NIS2009 installation software. Save this file to your desktop also.

4) Disconnect from the Internet until your system needs the connection later in the process.

5) Go to START > Norton Internet Security > Uninstall and let NIS2009 uninstall itself. It will want to reboot the machine. Let it.

6) During the booting of your system, go to Safe Mode by tapping the F8 key until the Advanced Options menu is shown. Choose the Safe Mode option (no network or command prompt).

7) In Safe Mode, run the NRT tool. When the tool is finished, click on the Reboot to restart your system.

8) Let Windows boot into normal mode now.

9) Install NIS2009 by double clicking the file you downloaded and saved to your desktop in step 3.

10) When the installation asks for your key or says activating your product, reconnect to the internet then (plug your cable in or turn on the wireless card). [Note: The installation may not ask for your key and activate by using the previous key on the system. Your system will still need to connect to the internet at this point so updated definitions can be downloaded.]

11) Run the Live Update process manually until Live Update reports that there are no more updates to download, NIS2009 is fully up to date.

12) Reboot your system now to insure that any components updated during step 11 are loaded properly.

13) See if your error is fixed now.

Report back here with how this works for you.