ld08.exe

  • Thread starter Thread starter bestenglishclass.com
  • Start date Start date
B

bestenglishclass.com

Yesterday I received a notice from Facebook that a movie was taken of me at
my neice's wedding, and so I went to the You Tube to view it but I was
advised to download the latest version of Adobe. I did so, with no apparent
result. The next time I rebooted my computer, One Care Firewall told me that
the program ld08.exe was trying to access the Internet.
I blocked it from doing so, and Googled ld08.exe to find out it is a virus.
I can not find it (ld08.exe) in my computer anywhere, but every time I start
my computer, One Care Firewall advises that it has blocked the program
ld08.exe again.
I can see it in my Task Manager listed in 'Processes' but I do not know
enough about computers to end it.
Is there anyone who can help me with this?
Thank You.
From Paul
 
bestenglishclass.com said:
Yesterday I received a notice from Facebook that a movie was taken of me at
my neice's wedding, and so I went to the You Tube to view it but I was
advised to download the latest version of Adobe. I did so, with no apparent
result. The next time I rebooted my computer, One Care Firewall told me that
the program ld08.exe was trying to access the Internet.
I blocked it from doing so, and Googled ld08.exe to find out it is a virus.
I can not find it (ld08.exe) in my computer anywhere, but every time I start
my computer, One Care Firewall advises that it has blocked the program
ld08.exe again.
I can see it in my Task Manager listed in 'Processes' but I do not know
enough about computers to end it.
Is there anyone who can help me with this?
Thank You.
From Paul
Click to expand...


Well for sure keep blocking it, read here and see if it helps.

http://www.virusremovalguru.com/?p=2395

Check some other places to compare details, and then you may have to
search the registry for what starts it executing. Be careful if you pick
a removal tool, some are really not good at all.
 
=?Utf-8?B?YmVzdGVuZ2xpc2hjbGFzcy5jb20=?=
Yesterday I received a notice from Facebook that a movie was taken of
me at my neice's wedding, and so I went to the You Tube to view it
but I was advised to download the latest version of Adobe. I did so,
with no apparent result. The next time I rebooted my computer, One
Care Firewall told me that the program ld08.exe was trying to access
the Internet. I blocked it from doing so, and Googled ld08.exe to find
out it is a virus. I can not find it (ld08.exe) in my computer
anywhere, but every time I start my computer, One Care Firewall
advises that it has blocked the program ld08.exe again.
I can see it in my Task Manager listed in 'Processes' but I do not
know enough about computers to end it.
Is there anyone who can help me with this?
Thank You.
From Paul
Click to expand...

If the link to "YouTube" was in the e-mail "from Facebook", it is very
likely that the e-mail didn't actually come from Facebook, and the link
didn't actually go to YouTube. The link went to a YouTube lookalike
(fake) site that tricked you into downloading the virus, by telling you
that you needed the newest Adobe flash or something.

Don't believe ANYTHING that you see in an e-mail. It's likely that
millions of people were sent an e-mail that said "a video was taken of
them at a niece (or nephew)'s wedding", and those people who have
attended a wedding recently might click on the link in the e-mail. This
is what is meant by the term "phishing" although the "phishing" e-mails
more often claim that your bank has upgraded its software.

Links in an e-mail can LIE about where they take you to. Beware.

In hindsight, the best thing for you, would have been to have asked your
niece if there really was a video, and if so, what search terms to use,
and you could have typed www.youtube.com manually in the address bar of
your browser (Internet Explorer, or Firefox, or whatever) and searched
for the video.

NEVER click on a link that is in an e-mail.

IF a site tells you that you need the newest Adobe/flash/whatever,
manually type www.adobe.com into the address bar and get the newest
"thing" from there. NEVER download a program like this from a video
site.

Hope this helps.
 
A similar link got sent to me by a friend's hacked facebook account.

THe URL was: http://khosa.coolpage.biz/funny-film/ claiming to be on
youtube when in fact it is 'Yuotube'

i also got the 'Install latest version of Adobe Flash Player version 10.37

Being dubious, i checked the official Adobe site and the latest version was:
10.0.22.87

My friend's account (hacked) now gets loads of porn popups.

AVG found the following reg key:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Sysldtray

It also found it in:

C:\Windows\ld08.exe
C:\Windows\ld08.exe (2956)
c:\windows\ld08.exe

and indicates it is a Trojan horse Generic13.AWHV

The site it is hosted on is: 79.138.213.26

Cheers.
 
File MD5: 0x2E370626B26CBFC03BF2B6913AA2A5FF
Filesize: 15,872 bytes
Packer info: packed with PE_Patch.UPX [Kaspersky Lab]

Filename(s) File Size File MD5 Alias / Other Info
1 c:\d45.bat 159 bytes
2 %Windir%\ld08.exe 15,872 bytes packed with PE_Patch.UPX [Kaspersky Lab]

The following Registry Keys were deleted:
HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating
HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating\.Current
HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating\.Default

The newly created Registry Value is:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
sysldtray = "%Windir%\ld08.exe"

The following Registry Values were deleted:
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating\.Default]
(Default) = "%SystemRoot%\media\Windows XP Start.wav"
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating\.Current]
(Default) = "%SystemRoot%\media\Windows XP Start.wav"
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating]
(Default) = ""

To mark the presence in the system, the following Mutex object was created:
1978gfd63xx08

Make sure to always keep windows up to date and all anti-virus software,
You can try
StopZilla is a virus removal tool and prevention.
http://tinyurl.com/StopZilla

Threat fire is a real time protection tool, It includes a ACTIVITY MONITOR
and process and moduel scanning.
http://tinyurl.com/threatfiretool
 
Hi DamianL,

as you indicated in this PE file that its packed, am just not sure if
stopzilla has the heuristic detection capability should this file be packed
by other packer packaging other than the one you indicated that kaspersky
identified as PE_Patch.UPX what if it's packed using like UPX Aspac or PE
compact?

Or is it just that you're recommending stopzilla
 
Back
Top