To remove it manually follow these steps:
1. Click start on the taskbar, and then click "My Computer."
2. Hit F3 and select "All Files and Folders and search "Koobface."
3. Copy the file path of Koobface.
4. Open "Task Manager" this can be done by eithering holding Ctrl+Alt+Del or clicking "Start" and then "Run" and type "taskmgr.exe"
5. You must disable Koobface's process first.
6. Next you must disable the other following processes
1. %SYSTEMROOT%\bolivar28.exe
2. bolivar28.exe
3. che07.exe
4. %WinDir%\system32\nScan\ecls.exe
5. %WinDir%\system32\nScan\ekrn.exe
6. %WinDir%\system32\splm\ncsjapi32.exe
7. %WinDir%\bolivar28.exe
8. C:\Windows\fbtre6.exe
Now that this is done, it is time to go into the registry and remove this worm.
1. Click "Start" "Run" and type "Regedit"
2. Locate and delete these registry files
1. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ac… Setup\Installed Components\Intelli Mouse Pro Version 2.0B\StubPath: "%WinDir% \System32\splm\ncsjapi32.exe
2. HKEY_USERS\Software\Microsoft\Windows\Cu… Mouse Pro Version 2.0B*: "%WinDir% \System32\splm\ncsjapi32.exe"
3. HKEY_USERS\Software\Microsoft\Windows\Cu… "2"
4. HKEY_USERS\Software\Microsoft\Windows\Cu… Mouse Pro Version 2.0B: "%WinDir% \System32\splm\ncsjapi32.exe"
5. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wi… Mouse Pro Version 2.0B*: "%WinDir% \System32\splm\ncsjapi32.exe"
6. HKEY_USERS\Software\Microsoft\Windows\nS… "14\8\2008"
7. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wi… Version\Run\"systray" = "C:\Windows\fbtre6.exe"
9. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wi… Version\Run\"systray" = "c:\windows\mstre6.exe"
Now we must unregister these dll files in Command Prompt.
1. Click "Start", "Run", and type "cmd"
2. Now locate and the follwing dll files by typing dir and then the following:
1. %WinDir%\system32\nScan\ekrnScan.dll
2. %WinDir%\system32\nScan\ekrnEpfw.dll
3. %WinDir%\system32\nScan\ekrnEmon.dll
4. %WinDir%\system32\splm\lmfunit32.dll
5. %WinDir%\system32\splm\kbdsapi.dll
6. %WinDir%\system32\nScan\ekrnAmon.dll
7. %WinDir%\system32\splm\mcaserv32.dll
now that you have the paths for those now we can change it type "cd" then a space and type the dll path for all of those, and hit eneter and now unregister them.
Now unregister each and by using the following format "path+'regsvr32/u'+dll name"
No comments:
Post a Comment