Friday, December 12, 2008

Facebook Virus


It's seems as though the virus known as the Facebook virus is coming up in conversation more and more everyday. Just this week I received a call form a friend saying that they received and email that contained this virus. After telling my friend that I have never heard of the Facebook virus, I went on to doing a bit of research, just to see how serious this virus was.

I found a couple articles saying that the Facebook virus is also known as the Koobface virus and lingers in the background of their computer waiting to record keystrokes and since it's now Christmas time, that's a serious matter because almost everyone is doing their shopping over the Internet these days.

So, how do you kill this annoyance?
I searched and searched this also to find a couple solutions to try which are:
1. Update you anti-virus software and run a complete scan.

2. Since all anti virus software is different, download and install another, say a free one called AVG and scan your computer with that. Make sure you disable your primary anti virus before running a scan with the newly installed anti virus. Also, once the scan is complete and all problems are fixed, uninstall that anti virus and enable your primary anti virus.

3. One thing you could try is doing a system restore, although most of the time the utility becomes more of an annoyance then anything else, give it a try. Roll back your computer to a date before you got that virus.

4. Try this: Open up your command prompt and click the processes tab. What you are looking for are processes called fbtre6.exe and another called fmark2.dat and if you find them running, kill those processes. Now find the following files and delete them for ever:
C:\\Windows\\fbtre6.exe
C:\\Windows\\fmark2.dat

Now, click start, run, regedit, click ok. This should open the registry for your system in which you will have to delete two registry keys created by the virus as follows below:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\”systray” = “c:\windows\mstre6.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\”systray” = “C:\Windows\fbtre6.exe”
HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating
After removing those registry keys, you may be asked to restart your computer.

5. One problem I ran into after the virus was removed was that Internet Explorer went into proxy mode which made it seem as though there was no internet connection even though there limited connection. What I found to fix this problem was:
Open Internet Explorer, click Tools, Internet Options, Choose the Connections Tab, click the LAN Settings button, UnTick the checkbox that says "Use a proxy server for your LAN", click OK, click OK, and refresh Internet Explorer.

That's everything I found for this virus as of today and will update if anymore information and fixes become available.

- Pete

No comments: