assalamualaikum dan selamat sejahtera daripada kami,Selang beberapa minggu ini, kami mendapati banyak berita dan sesiapa sahaja yang berada di laman sesawang seperti facebook, myspace, hi5, bebo, friendster dan twitter telah dijangkiti oleh satu virus yang diberi nama "Koobface". Mengikut wikipedia: http://en.wikipedia.org/wiki/Koobface Koobface adalah salah satu ulat/cecacing komputer yang menjadikan laman social sesawang seperti facebook, myspace, hi5, bebo, friendster dan twitter sebagai sumber utama untuk merebak dan berfungsi. Koobface telah dibina dan cipta untuk operasi sistem seperti "Microsoft Windows" dan juga "Mac OS X", tetapi juga berfungsi pada operasi sistem "linux(terhad)". Koobface melakukan pelbagai cara untuk merebak dan setelah sesebuah "komputer" atau "laptop" seseoarang itu di tanam dan disuntikkan virus Koobface, ianya akan mula mendapatkan informasi seperti FTP(file transfer protocol), facebook dan beberapa lagi laman sosial yang lain seperti myspace dan friendster di sesebuah komputer atau laptop yang telah terkena dan tertanam virus Koobface itu, tetapi ianya tidak akan mengambil informasi yang sensitif seperti akaun kewangan. Ia kemudiannya menggunakan komputer dikompromi untuk membina sebuah botnet peer-to-peer. Komputer yang telah dikompromi akan menerima apa sahaja arahan daripada fesyen pear-to-pear. Koobface merebak dengan cara menghantar mesej kepada sesiapa sahaja kawan kepada "penyerang" yang telah dikompromi oleh virus koobface tersebut, apabila seseoarang itu membalas dan virus koobface secara automatik akan menghantar satu pautan yang palsu sama seperti laman facebook atau youtube, dan akan terpapar salah satu pautan atau mesej yang mengatakan untuk memuat turun "adobe flash player" di atas sebab "adobe flash player" itu berada pada versi yang lama, dan tidak dapat membuka "video" ataupun pautan itu sekiranya seseoarang tidak melakukan kemaskini pada versi "adobe flash player" sekarang. Tetapi, pautan itulah yang akan menyebabkan sesebuah komputer itu akan dikompromikan oleh virus koobface itu. Berikut adalah salah satu cara untuk membuang virus koobface "hi. how are you" pada sesebuah komputer yang telah dikompromikan oleh virus "koobface" itu.
Copyright : http://www.gaysec.net/
How to remove Facebook Chat Virus “hi. how are you?” AKA KOOBFACE
Share this page with your friends and family,if you care about them.
Sample Chat :
“hi. how are you?”*If you reply , it will sent you :*“Wanna laugh?”
*If you reply again , it will sent you :*“It is you on the video ?)) want to see?)”*If you reply again , it will sent you the virus link*
The sample website :
Will my computer get infected once I clicked the link ?
No ! Unless you download some files from the link. (Currently they use drive-by method)
No ! Unless you download some files from the link. (Currently they use drive-by method)
HOW TO FIX!
If your computer is infected and can’t access to Facebook , please refer to Method 1.
Method 1 :
Windows operating systems contain a file called ‘hosts’ that will force resolution of your domain name.
Windows operating systems contain a file called ‘hosts’ that will force resolution of your domain name.
- Open the hosts file
- Go to the Start menu and choose Run. Type the following in the Run dialog box:
- For Windows NT and Windows 2000
C:\winnt\system32\drivers\etc
- Windows XP, Windows Vista or Windows 7
C:\Windows\System32\drivers\etc
- For Windows NT and Windows 2000
- Click the OK button (This should open a window with several files in it.)
- Find the file called ‘hosts’ and double–click it. If prompted, specify that you would like to choose a program to open the file withfrom a list of programs.
- Choose ‘Notepad’ from the list of available programs.
- Go to the Start menu and choose Run. Type the following in the Run dialog box:
- Edit and save the hosts file
- The contents of your hosts file should look something like this
- Find the line with the word facebook.com (example: “127.0.0.1 http://www.facebook.com” )
- Remove it.
- Close the hosts file and save it when prompted.
Method 2: [Source]
1.Start Task Manager
2.Kill these processes:
fbtre6.exe
mstre6.exe
fbtre6.exe
mstre6.exe
Delete these registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\”systray” = “c:\windows\mstre6.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\”systray” = “C:\Windows\fbtre6.exe”
HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating;
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\”systray” = “c:\windows\mstre6.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\”systray” = “C:\Windows\fbtre6.exe”
HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating;
Method:
Launch the Registry Editor. Press the Start button and then click Run. Type in regedit into the Open: field. Then click on the OK button.
New window will be pop out and type regedit. click Ok
Find the virus file by following the below steps
HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > Windows > Current Version > Run > ”systray”
To make sure before you delete, delete the value that consist “c:\windows\mstre6.exe” and press delete.
PERHATIAN: JANGAN SEWENANG-WENANGNYA DELETE FAIL YANG ANDA TAK PASTI. LAPTOP/PC ANDA MUNGKIN TAK DAPAT START KALAU TERSALAH DELETEWarning : DO NOT SIMPLY DELETE! YOU COMPUTER MAY NOT ABLE TO BOOT UP.
3 Delete these files:
C:\\Windows\\fbtre6.exe
C:\\Windows\\fmark2.dat
C:\\Windows\\fbtre6.exe
C:\\Windows\\fmark2.dat
Still don’t understand how to use regedit?
More Detailed Guide :
More Info :
Clean your startup (msconfig), use ccleaner.
Run your virus scanner to make sure that the virus on your PC is removed.
If your account has been taken over and used to send spam, you should follow these steps immediately:
- Reset your Facebook password. You can do this by clicking the “Forgot your password?” link on the login page or by going to the Account Settings page once logged in.
- If you can’t reset your password because the email address you use to log in has changed, or if your account has been disabled, visit our help page.
- Make sure you have up-to-date security software on your computer, run a scan, and remove any malicious files. If you don’t do this, and your computer is infected, your account may be taken over again. If you don’t yet have protection for your computer, you can download a complimentary six-month subscription of McAfee security software. Learn more on the Software tab.
Download :
CCleaner: http://www.piriform.com/ccleaner/download
Use this to clean up unneeded files (TEMP files, cookies, etc)
CCleaner: http://www.piriform.com/ccleaner/download
Use this to clean up unneeded files (TEMP files, cookies, etc)
Malwarebytes: http://www.malwarebytes.org/mbam.php
This is a great anti malware software update then scan your PC one time a week at least.
This is a great anti malware software update then scan your PC one time a week at least.
SuperaAntiSpyware: http://www.superantispyware.com/download.html
This is an anti spyware software use this after MB once a week also.
This is an anti spyware software use this after MB once a week also.
How about use Anti-virus/malware to remove?
The virus/worm is now FUD. It need sometime for the antivirus company to update the definition to detect it.
The virus/worm is now FUD. It need sometime for the antivirus company to update the definition to detect it.
FYI : The person who make this virus/worm also can make a new (FUD) virus files that can’t be detected.
VirusTotal Report
File name: Flash-Player.exe
Submission date: 2011-07-21 11:10:11 (UTC)
Result:11/ 43 (25.6%)
Tiada ulasan:
Catat Ulasan