Solved

Koobface virus


Does webroot security protect against the koobface virus?
icon

Best answer by aadams 30 October 2015, 17:42

View original

18 replies

Userlevel 7
Hi jzemanek1
 
Welcome to the Community Forums.
 
WSA protects against a vast array of the malware out there but as to whether it protects against this specific trheat I cannot say with 100% certainty.
 
If this is a not so new threat then the answer is 'Yes' whereas if it is a much newer threat or there is a much newer variant of the original malware then the answer is most probably 'Yes' given WSA's shields a number of which are specifically designed to deal with this latter scenario.
 
To illustrate what I mean please see the Webroot approach as depicted in the diagram below.
 


 
May I also ask as to why you ask?  Are you concerned that you may have been infecrted by the aforementioned malware?  If so then please be advised that in that case you are entitled to Open a Support Ticket to let the Support Team know of your concerns and they should then be able to undertake some checks for you and if malwasre is found then assist in removing it.  This is free servcie available to all WSA users with an active/current subscription.
 
I hope that something in the above is of assistance?  But if you have further questions then please post back.
 
Regards, Baldrick
Received an error message this morning locking me out of my computer.  Sent from Microsoft.  Contacted them to run a quick scan regarding error message.  Came up as a koobface virus.  I have since run several webroot scans detecting no viruses.  Currently having no problems but I do want to make sure that this isn't going to be a reacurring problem.
Userlevel 7
Hi jzemanek1
 
Thanks for the update.  I have to say that I have never heard of an error message locking one out of the computer, and sent by Microsoft. Do you still have the details of the message and if so then can you provide them?
 
Whilst Koobface is a nasty piece of amlware to come up against given that if one is infected (and I am not saying that you are) it allows attacker to get into your personal information like your banking information, passwords, or personal identity (IP Address), and so should be removed ASAP.  But given it's age I would be very surprised if WSA does not detect and prevent the infection.
 
It is also worth considering/noting that the Koobface threat is also the subject of many hoax warnings designed to trick social networking users into spreading misinformation across the Internet.
 
I would say that if WSA is not detecting anything then you are most likely safe but you may want to get hold of a second opnion scanner (there are a number of good, portable ones out there) and give your system the once over just to make sure.  And of course, you always have the option to open the SUpport ticket I mentioned previously so that the Support Desk can investigate to either reassure yo that you system is clean or assit in removing the malware if it is infact present.
 
Regards, Baldrick
In Webroot vernacular does "scanning for malware" include viruses?  If so, how can it scan zillions of files in less than two minutes? Disconcerting to new user, i.e., me. 
Userlevel 7
Hi NickB27
 
Yes, it does.  Malware is a generic term for many forms of nasty such as trojans, keyloggers, viruses and the various type of virus, etc.
 
For more information please see the Wikipedia definition of malware...here...and hopefully that will provide the assurance you require.
 
Regards, Baldrick
Hey there, also here about the koobface virus.
 
Earlier today while looking up song lyrics I was locked out of searching and prompted to call microsoft.  Could not bypass this through explorer.  After a nice talk with India, I mean Microsoft, the employee accessed my pc and ran a scan that found koobface had entered my computer and server.  I witnessed this through watching him run the scan.  The laughable 250 price tag had me get off the phone shortly after. 
 
Now, I've run webroot (my primary program) and malwarebytes.  Neither have come up with anything.  Should I be worried?
Userlevel 7
Badge +56
Hello and Welcome to the Webroot Community!
 
To have a security check just Submit a Support Ticket and Webroot can look into it for you!
 
Thanks,
 
Daniel 😉
Hello ?
 
Welcome to the Webroot Community.
 
 
If I may just add to what ? has posted,
 
 
I regret to inform you that you were NOT speaking with Microsoft.
 
Please read on...
 
 
 
THIS IS A SCAM!!  Neither Microsoft nor any other company sends emails, pop ups, or phone calls of any kind advising that you may have a problem.
 
If you clicked anything links, allowed them to remote into your computer, or went to any web sites please submit a Trouble Ticket ASAP.  (Now would be a good idea....)
 
If you would like more information, read on (After submitting that Trouble Ticket.....)
 
NEWS ARTICLE: Tech Support Scams are on the rise.
 
 
Microsoft never issues this type of warning or email or anything of a sort!  Please see the following link for Microsofts official word on this:
http://www.microsoft.com/security/online-privacy/avoid-phone-scams.aspx
 
"Neither Microsoft nor our partners make unsolicited phone calls (also known as cold calls) to charge you for computer security or software fixes.
 
Cybercriminals often use publicly available phone directories so they might know your name and other personal information when they call you. They might even guess what operating system you're using.
 
Once they've gained your trust, they might ask for your user name and password or ask you to go to a website to install software that will let them access your computer to fix it. Once you do this, your computer and your personal information is vulnerable."
 
Also see Avoid scams that use the Microsoft name fraudulently
http://www.microsoft.com/security/online-privacy/msname.aspx 
 
 
For more information here iwhat the United States Federal Trade Commission has to say on the subject::
http://www.consumer.ftc.gov/articles/0346-tech-support-scams
 
"In a recent twist, scam artists are using the phone to try to break into your computer. They call, claiming to be computer techs associated with well-known companies like Microsoft. They say that they’ve detected viruses or other malware on your computer to trick you into giving them remote access or paying for software you don’t need.
 
These scammers take advantage of your reasonable concerns about viruses and other threats. They know that computer users have heard time and again that it’s important to install security software. But the purpose behind their elaborate scheme isn’t to protect your computer; it’s to make money."
 
This scam is common and has been around for quite a while.  Here is a good Webroot Blog article from April 2013 by Threat Researcher Roy Tobin.
http://www.webroot.com/blog/2013/04/30/fake-microsoft-security-scam/
 
Also add a good free Ad Blocker like the ones suggested below:
 
For Internet Explorer Ad Block Plus: https://adblockplus.org/
 
For Firefox uBlock: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/?src=ss or Privacy Badger: https://addons.mozilla.org/en-us/firefox/addon/privacy-badger-firefox/

 
Google Chrome uBlock: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm?hl=en or Privacy Badger: https://chrome.google.com/webstore/detail/privacy-badger/pkehgijcmpdhfbdbbnkijodmdjhbjlgp
 
 
I would definitely install one of the adblockers mentioned, too. This will help prevent further Pop-ups like the one you experienced.
 
Hope this info helps. If you have more questions or need further assistance we will be happy to help. :)
 
Have a good evening...
 
BD
 
 
________________________
Well well well, it turns out the jokes on me.  Remote access was NOT a microsoft employee. Ugh, I'm getting old.  Is there anything I should do besides uninstalling the program used to remote access?  I don't keep anything personal on this pc.
Userlevel 7
Hi bandofthehawk
 
I would Open a Support Ticket and get the Support Team to give your system a once over...just in case. Most likely there was nothing untoward done to it but it never hurts to get the professionals opinion. The servcie is free of charge to WSA user with a  current/active subscription.
 
Regards, Baldrick
Userlevel 7
Just to add a comment: even with removing the remote access software, it is common that such software is just the way in order to add OTHER items, that you do not see or know about.  Removing it only really is probably not the part that one should worry about.  Get the Trouble Ticket and let Support take a look to make sure.
Badge +1
Hi there! There have currently been a lot of people reporting the Koobface virus. This is most likely not the case, this is an old virus that is very uncommon currently.
The pop-up that came up on your screen is typically related to cookies that your browser saves. You can simply clear these out and the pop-ups should not come back. If they don't go away after clearing your cookies I would recommend calling support and not submitting a ticket as soon as possible since it could be something more severe.
Finally, please never call a number that pops up on your screen like that, they are usually sent out by companies that don't have your best interests in mind and will try to trick or confuse you into paying them to "remove" the "infection." I use quotes here because they typically don't remove anything other than the cookies to stop the pop-ups and since you were never infected there is no infection to remove.
 
This is the most common scenario and sounds like what you had based on your description of the pop-up - it is not the case 100% of the time though. It is always better to ask before calling a number like that. If you can't close it you can simply restart the computer and they will go away. Do not be scared by any of the empty threats or warnings that the pop-up has and clear your cookies once you are able to use the computer again. If you know how to close programs with the task manager you can also simply "end task" to clear the pop-up as well.
 
I hope this helps you understand what is happening a little better!
Userlevel 7
? I know the koobface is an old one, but when you say "There have currently been a lot of people reporting the Koobface virus" does that mean Support is getting a lot more traffic related to this again?
 
Also, as you may have noticed, usually when there is a chance of malware that WSA did not pick up, we suggest a Ticket.  Should we be changing our SOP into going with Phone Support (During business hours) and keeping Trouble Ticket for after-hours and weekends?
 
Thanks!
Userlevel 7
?  Please see the reply by asadams above.  If you decide to call Support, here is the contact information:
 
Call 1-866-612-4227 M-F 7am?6pm MT
Badge +1
@
I'm mostly referring to what I have seen after hours and from social media. It seems like a company has started to say koobface instead of the usual virus or trojan that those pop-ups have. They are most likely doing this as a scare tactic because if you do a web search for koobface it will have a lot of scary information about how that particular infection works.

I do agree with you that a ticket is the best solution because if they submit it from the computer in question it can help give us information to assist them whether we need to call them, ask them to call us, or walk them through removal.
If you are receiving pop-ups that aren't removed from clearing cookies it can be related to something more serious. An example would be if you're receiving pop-ups on the side of the screen that don't go away when you clear your cookies. This isn't very common and a ticket can be submitted and can be used to narrow down the issue to determine whether or not it is something that we would need to remotely address or not.
I would agree with what you're currently doing and say that tickets are the best for most situations and allows us to provide more support to more people.

I hope this clears everything up!
Userlevel 7
@asadams wrote:
@
I'm mostly referring to what I have seen after hours and from social media. It seems like a company has started to say koobface instead of the usual virus or trojan that those pop-ups have. They are most likely doing this as a scare tactic because if you do a web search for koobface it will have a lot of scary information about how that particular infection works.

I do agree with you that a ticket is the best solution because if they submit it from the computer in question it can help give us information to assist them whether we need to call them, ask them to call us, or walk them through removal.
If you are receiving pop-ups that aren't removed from clearing cookies it can be related to something more serious. An example would be if you're receiving pop-ups on the side of the screen that don't go away when you clear your cookies. This isn't very common and a ticket can be submitted and can be used to narrow down the issue to determine whether or not it is something that we would need to remotely address or not.
I would agree with what you're currently doing and say that tickets are the best for most situations and allows us to provide more support to more people.

I hope this clears everything up!
Perfectly, thanks!!
 
I was assuming the above in regards to koobface, but one thing I have learned around here is never stick with just an assumption... :)
 
Thank you very much, and a huge WELCOME to the Community to you!  I noticed today is the first time you have posted, and  you registered not very long ago.  I hope to see you here more often!
Badge +1
Thanks for the welcome David 🙂 I did only recently join the community and thought I could help out a little bit.
All of you that are here helping in your spare time are amazing! It helps alleviate the load for our tech support team and get answers to the customers faster so it is greatly appreciated.
Userlevel 7
@asadams wrote:
Thanks for the welcome David 🙂 I did only recently join the community and thought I could help out a little bit.
All of you that are here helping in your spare time are amazing! It helps alleviate the load for our tech support team and get answers to the customers faster so it is greatly appreciated.
Well, it gives us something to do that we really enjoy, and that is the whole point of the Community: to try to take some of the strain of Support.  It works well for both sides!

Reply