How to delete Worm_Koobface.az?

[Rum]

I have Acer Aspire AS5534-1121 (Athlon 64 X2 L310 1.2GHz, 4GB RAM, 320GB HDD, Windows 7 Home Premium) and using from last 6months. I access internet everyday for my office use as well as for surfing purpose. The most visited site by me is facebook, google search engine, etc. The anti-virus installed on my laptop is AVG 8 trial version. And recently i am facing one problem that is my laptop is infected by a worm called Worm_Koobface.az. AVG detected it, but not able remove it think so. Please show me the way to come out of this problem.

[Milton.J]

Firstly would like to say that this type of worm(i.e Worm_Koobface.az) enters from the social networking sites like facebook, youtube, etc. To take precaution from this worm always avoid messages that comes from friends on social networking sites telling that “Take a look of this picture of yours” or “Check out this video I found of you.” Then this links take you to the malicious website that looks like You Tube. Then you would be asked to install a viewer or a new version of flash which is actually the WORM_KOOBFACE.AZ worm. And to remove this worm i would say install Licensed version of AVG or some other reputed anti-virus.

[Spyrus]

My studies upon worms says that, WORM_KOOBFACE.AZ is a type of worm which are usually targeted from social networking/media sites. This worm will do the monitoring of the cookies on your computer/laptop that contains login data to various social sites. Then use login data they found and will login to your account and start sending messages to your friends and contacts on that site. And this messages will contain links, which takes us to the infection site that will further infect us by visiting the link. The social/networking sites where this infection can be found are: facebook.com, hi5.com, netlog.com, myspace.com, etc. So be aware will visiting this sites. For you i would suggest to remove first the AVG( crap anti-virus) and install new McAfee licensed version.

[Snake08]

Usually this worm(i.e Worm_Koobface.az) may be dropped by other malware. It would be downloaded with known by a user when visiting malicious web sites. When this is executed, it will search for cookies created by social networking/media web sites. After that it then creates a DNS query to check IP addresses that corresponds to remote domains. The said servers can be send and receive data about the affected system. Once connected to the said servers, the remote malicious user may perform certain commands on the affected system. This worm can be removed by installing Trend Micro software which is more reputed to remove high risk viruses and worms. Hope this will able to fix your problem.

[Shen]

As you mentioned that you are already infected worm, then it would have created the file C:\Windows\freddy35.exe. This worm(i.e Worm_Koobface.az) comes from social networking website(in your case is facebook). The file freddy35.exe is the main program that sends infected messages to your friends. And then it will create the follow registry key to start itself automatically:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”sysftray2″ = “%WinDir%\freddy35.exe”
To remove this worm manually:
1] End these processes if they exist.
2] Delete these files if they exist.
3] Remove these Registry keys if they exist.

[Steve123]

Worm_Koobface.az is a kind of worm that will enter from social networking/media web sites such as Facebook, netlog and bebo. It also generates the mutex(31225d5335) to make sure that only 1 instance that worm is running at one time. And also this worm shows a false error messages and changes the system registry to allow the worm to go into comments into the social network pages. The worm also disables IE navigation and proxy use. I would tell to remove this free version of AVG as soon as possible and buy licensed copy version of Norton which can protect you this kind of worms and many others also.