Windows Vista Tips
Home Register Members Search Windows Vista Tips File Database Links
Member Login:

Windows Vista Tips > Newsgroups > Windows Vista Security > ld08.exe

Reply
Thread Tools Display Modes

ld08.exe

 
 
bestenglishclass.com
Guest
Posts: n/a

 
      04-29-2009
Yesterday I received a notice from Facebook that a movie was taken of me at
my neice's wedding, and so I went to the You Tube to view it but I was
advised to download the latest version of Adobe. I did so, with no apparent
result. The next time I rebooted my computer, One Care Firewall told me that
the program ld08.exe was trying to access the Internet.
I blocked it from doing so, and Googled ld08.exe to find out it is a virus.
I can not find it (ld08.exe) in my computer anywhere, but every time I start
my computer, One Care Firewall advises that it has blocked the program
ld08.exe again.
I can see it in my Task Manager listed in 'Processes' but I do not know
enough about computers to end it.
Is there anyone who can help me with this?
Thank You.
From Paul
 
Reply With Quote
 
 
 
 
Charlie Tame
Guest
Posts: n/a

 
      04-29-2009
bestenglishclass.com wrote:
> Yesterday I received a notice from Facebook that a movie was taken of me at
> my neice's wedding, and so I went to the You Tube to view it but I was
> advised to download the latest version of Adobe. I did so, with no apparent
> result. The next time I rebooted my computer, One Care Firewall told me that
> the program ld08.exe was trying to access the Internet.
> I blocked it from doing so, and Googled ld08.exe to find out it is a virus.
> I can not find it (ld08.exe) in my computer anywhere, but every time I start
> my computer, One Care Firewall advises that it has blocked the program
> ld08.exe again.
> I can see it in my Task Manager listed in 'Processes' but I do not know
> enough about computers to end it.
> Is there anyone who can help me with this?
> Thank You.
> From Paul


Well for sure keep blocking it, read here and see if it helps.

http://www.virusremovalguru.com/?p=2395

Check some other places to compare details, and then you may have to
search the registry for what starts it executing. Be careful if you pick
a removal tool, some are really not good at all.
 
Reply With Quote
 
DWalker07
Guest
Posts: n/a

 
      05-01-2009
=?Utf-8?B?YmVzdGVuZ2xpc2hjbGFzcy5jb20=?=
<> wrote in
news:C2ACF47F-7682-4919-AC9F-:

> Yesterday I received a notice from Facebook that a movie was taken of
> me at my neice's wedding, and so I went to the You Tube to view it
> but I was advised to download the latest version of Adobe. I did so,
> with no apparent result. The next time I rebooted my computer, One
> Care Firewall told me that the program ld08.exe was trying to access
> the Internet. I blocked it from doing so, and Googled ld08.exe to find
> out it is a virus. I can not find it (ld08.exe) in my computer
> anywhere, but every time I start my computer, One Care Firewall
> advises that it has blocked the program ld08.exe again.
> I can see it in my Task Manager listed in 'Processes' but I do not
> know enough about computers to end it.
> Is there anyone who can help me with this?
> Thank You.
> From Paul

If the link to "YouTube" was in the e-mail "from Facebook", it is very
likely that the e-mail didn't actually come from Facebook, and the link
didn't actually go to YouTube. The link went to a YouTube lookalike
(fake) site that tricked you into downloading the virus, by telling you
that you needed the newest Adobe flash or something.

Don't believe ANYTHING that you see in an e-mail. It's likely that
millions of people were sent an e-mail that said "a video was taken of
them at a niece (or nephew)'s wedding", and those people who have
attended a wedding recently might click on the link in the e-mail. This
is what is meant by the term "phishing" although the "phishing" e-mails
more often claim that your bank has upgraded its software.

Links in an e-mail can LIE about where they take you to. Beware.

In hindsight, the best thing for you, would have been to have asked your
niece if there really was a video, and if so, what search terms to use,
and you could have typed www.youtube.com manually in the address bar of
your browser (Internet Explorer, or Firefox, or whatever) and searched
for the video.

NEVER click on a link that is in an e-mail.

IF a site tells you that you need the newest Adobe/flash/whatever,
manually type www.adobe.com into the address bar and get the newest
"thing" from there. NEVER download a program like this from a video
site.

Hope this helps.
 
Reply With Quote
 
OG
Guest
Posts: n/a

 
      05-27-2009
A similar link got sent to me by a friend's hacked facebook account.

THe URL was: http://khosa.coolpage.biz/funny-film/ claiming to be on
youtube when in fact it is 'Yuotube'

i also got the 'Install latest version of Adobe Flash Player version 10.37

Being dubious, i checked the official Adobe site and the latest version was:
10.0.22.87

My friend's account (hacked) now gets loads of porn popups.

AVG found the following reg key:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run \Sysldtray

It also found it in:

C:\Windows\ld08.exe
C:\Windows\ld08.exe (2956)
c:\windows\ld08.exe

and indicates it is a Trojan horse Generic13.AWHV

The site it is hosted on is: 79.138.213.26

Cheers.


"DWalker07" wrote:

> =?Utf-8?B?YmVzdGVuZ2xpc2hjbGFzcy5jb20=?=
> <> wrote in
> news:C2ACF47F-7682-4919-AC9F-:
>
> > Yesterday I received a notice from Facebook that a movie was taken of
> > me at my neice's wedding, and so I went to the You Tube to view it
> > but I was advised to download the latest version of Adobe. I did so,
> > with no apparent result. The next time I rebooted my computer, One
> > Care Firewall told me that the program ld08.exe was trying to access
> > the Internet. I blocked it from doing so, and Googled ld08.exe to find
> > out it is a virus. I can not find it (ld08.exe) in my computer
> > anywhere, but every time I start my computer, One Care Firewall
> > advises that it has blocked the program ld08.exe again.
> > I can see it in my Task Manager listed in 'Processes' but I do not
> > know enough about computers to end it.
> > Is there anyone who can help me with this?
> > Thank You.
> > From Paul
>
> If the link to "YouTube" was in the e-mail "from Facebook", it is very
> likely that the e-mail didn't actually come from Facebook, and the link
> didn't actually go to YouTube. The link went to a YouTube lookalike
> (fake) site that tricked you into downloading the virus, by telling you
> that you needed the newest Adobe flash or something.
>
> Don't believe ANYTHING that you see in an e-mail. It's likely that
> millions of people were sent an e-mail that said "a video was taken of
> them at a niece (or nephew)'s wedding", and those people who have
> attended a wedding recently might click on the link in the e-mail. This
> is what is meant by the term "phishing" although the "phishing" e-mails
> more often claim that your bank has upgraded its software.
>
> Links in an e-mail can LIE about where they take you to. Beware.
>
> In hindsight, the best thing for you, would have been to have asked your
> niece if there really was a video, and if so, what search terms to use,
> and you could have typed www.youtube.com manually in the address bar of
> your browser (Internet Explorer, or Firefox, or whatever) and searched
> for the video.
>
> NEVER click on a link that is in an e-mail.
>
> IF a site tells you that you need the newest Adobe/flash/whatever,
> manually type www.adobe.com into the address bar and get the newest
> "thing" from there. NEVER download a program like this from a video
> site.
>
> Hope this helps.
>
>
>
>
 
Reply With Quote
 
DamianL
Guest
Posts: n/a

 
      06-07-2009
File MD5: 0x2E370626B26CBFC03BF2B6913AA2A5FF
Filesize: 15,872 bytes
Packer info: packed with PE_Patch.UPX [Kaspersky Lab]

Filename(s) File Size File MD5 Alias / Other Info
1 c:\d45.bat 159 bytes
2 %Windir%\ld08.exe 15,872 bytes packed with PE_Patch.UPX [Kaspersky Lab]

The following Registry Keys were deleted:
HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\ Navigating
HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\ Navigating\.Current
HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\ Navigating\.Default

The newly created Registry Value is:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
sysldtray = "%Windir%\ld08.exe"

The following Registry Values were deleted:
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\ Navigating\.Default]
(Default) = "%SystemRoot%\media\Windows XP Start.wav"
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\ Navigating\.Current]
(Default) = "%SystemRoot%\media\Windows XP Start.wav"
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\ Navigating]
(Default) = ""

To mark the presence in the system, the following Mutex object was created:
1978gfd63xx08

Make sure to always keep windows up to date and all anti-virus software,
You can try
StopZilla is a virus removal tool and prevention.
http://tinyurl.com/StopZilla

Threat fire is a real time protection tool, It includes a ACTIVITY MONITOR
and process and moduel scanning.
http://tinyurl.com/threatfiretool
 
Reply With Quote
 
Milo
Guest
Posts: n/a

 
      06-08-2009
Hi DamianL,

as you indicated in this PE file that its packed, am just not sure if
stopzilla has the heuristic detection capability should this file be packed
by other packer packaging other than the one you indicated that kaspersky
identified as PE_Patch.UPX what if it's packed using like UPX Aspac or PE
compact?

Or is it just that you're recommending stopzilla

"DamianL" <> wrote in message
news:9383544C-A94A-409A-A431-...
> File MD5: 0x2E370626B26CBFC03BF2B6913AA2A5FF
> Filesize: 15,872 bytes
> Packer info: packed with PE_Patch.UPX [Kaspersky Lab]
>
> Filename(s) File Size File MD5 Alias / Other Info
> 1 c:\d45.bat 159 bytes
> 2 %Windir%\ld08.exe 15,872 bytes packed with PE_Patch.UPX [Kaspersky Lab]
>
> The following Registry Keys were deleted:
> HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\ Navigating
> HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\ Navigating\.Current
> HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\ Navigating\.Default
>
> The newly created Registry Value is:
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
> sysldtray = "%Windir%\ld08.exe"
>
> The following Registry Values were deleted:
> [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\ Navigating\.Default]
> (Default) = "%SystemRoot%\media\Windows XP Start.wav"
> [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\ Navigating\.Current]
> (Default) = "%SystemRoot%\media\Windows XP Start.wav"
> [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\ Navigating]
> (Default) = ""
>
> To mark the presence in the system, the following Mutex object was
> created:
> 1978gfd63xx08
>
> Make sure to always keep windows up to date and all anti-virus software,
> You can try
> StopZilla is a virus removal tool and prevention.
> http://tinyurl.com/StopZilla
>
> Threat fire is a real time protection tool, It includes a ACTIVITY MONITOR
> and process and moduel scanning.
> http://tinyurl.com/threatfiretool
>
>
 
Reply With Quote
 
 
 
Reply

« Vista Windows Security Center | Re: Cannot remove Personal Antivirus - rogue software »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Forum Software Powered by vBulletin®, Copyright Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.2 ©2009, Crawlability, Inc.
Contact Us - Windows Vista Tips - Archive - Privacy Statement - Top

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59