Hey guys.. I think my computer might be infected with a horrific virus caused by downloading a fake Flash update. I believe it's called the "Koob Virus"? It was done via Facebook..
I have Geek Squad support, but I was wondering if there might be a way for me to fix this myself. If not, I'll just take my guy in.
Thanks!
Hello Duchess, welcome to SF!
If you're up to it.. follow these steps:
Next, run a full system scan with an updated good AVHere is a step by step process to remove the dreaded facebook virus:
1 – Kill these processes:
fbtre6.exe
mstre6.exe
2 – Delete these registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\”systray” = “c:\windows\mstre6.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\”systray” = “C:\Windows\fbtre6.exe”
HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating
3 – Delete these files:
C:\\Windows\\fbtre6.exe
C:\\Windows\\fmark2.dat
and a full scan with Malwarebytes
Unfortunately, my computer keeps restarting once I log into Windows. :/ I haven't been able to do much of anything!
You could try a system restore to a point before you accepted that fake update. But even if that seems to work, I would start with downloading and running this:
Malwarebytes : Malwarebytes Anti-Malware is a free download that removes viruses and malware from your computer
If everything fails, this is what I found on technocrati (if it is indeed the Koob Virus):
Make sure to ask if you don't understand something before you go about messing in the registry!1 – Kill these processes:
fbtre6.exe
mstre6.exe
2 – Delete these registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\”systray” = “c:\windows\mstre6.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\”systray” = “C:\Windows\fbtre6.exe”
HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating
3 – Delete these files:
C:\\Windows\\fbtre6.exe
C:\\Windows\\fmark2.dat
Once everything is back to working order Make a Backup:
Macrium Reflect FREE Edition - Information and download
-DG
Edit: too slow :)
I've tried this, too. In fact, my computer automatically starts in SafeMode every time it restarts (on it's own..) but then it restarts, again!
You'll need access to another computer that's not infected. You can create a bootable disc from Microsoft that will scan your infected machine before it gets to the Windows 7 boot process.
https://www.sevenforums.com/tutorials...m-sweeper.html
Ugh, don't have one, at the moment.. looks like I'll have to take him in.
Quote