Variant: W32.SPACEFAM
W32.Spacefam is a dangerous computer worm that spreads via social networking sites particularly Facebook. Once the worm is downloaded and executed it steals user’s account login credentials, sends messages with malicious links to the contacts list of the compromised account and then sends the stolen data to a remote link.
To avoid nasty computer worm infection, keep your Anti-Virus definition files constantly updated and perform a full system scan at least once every two weeks.
Manual Removal Guide:
• Disable System Restore (Windows ME and XP users only) Right click My Computer → Properties → System Restore tab → Put a check mark on Turn off system restore on all drives box → Restart Computer
• Restart and boot under safe mode (Press the F8 key before the Windows Logo appears then log in on an account with administrator credentials)
• Show hidden files and folders (Open My Computer → Tools → Folder Options → View Tab → click show hidden folders, files and drives. Uncheck hide operating systems files. Click OK)
• Delete the following malicious files:
%UserProfile%\Application Data\[RANDOM CHARACTERS 1].exe
%UserProfile%\Application Data\[RANDOM CHARACTERS 2].exe
%Temp%\[RANDOM CHARACTERS].tmp
%Windir%\Temp\[RANDOM CHARACTERS 1].tmp
%Windir%\Temp\[RANDOM CHARACTERS 2].tmp
%Windir%\Tasks\fbagent.job
• Delete the following registry values: (To open MS Windows registry editor: Click Start → Run → regedit → Ok)