ld08.exe

Yesterday I received a notice from Facebook that a movie was taken of me at
my neice's wedding, and so I went to the You Tube to view it but I was
advised to download the latest version of Adobe. I did so, with no apparent
result. The next time I rebooted my computer, One Care Firewall told me that
the program ld08.exe was trying to access the Internet.
I blocked it from doing so, and Googled ld08.exe to find out it is a virus.
I can not find it (ld08.exe) in my computer anywhere, but every time I start
my computer, One Care Firewall advises that it has blocked the program
ld08.exe again.
I can see it in my Task Manager listed in 'Processes' but I do not know
enough about computers to end it.
Is there anyone who can help me with this?
Thank You.
From Paul

 

bestenglishclass.com wrote:<!--coloro:blue--><span style="color:blue <!--/coloro-->
> Yesterday I received a notice from Facebook that a movie was taken of me at
> my neice's wedding, and so I went to the You Tube to view it but I was
> advised to download the latest version of Adobe. I did so, with no apparent
> result. The next time I rebooted my computer, One Care Firewall told me that
> the program ld08.exe was trying to access the Internet.
> I blocked it from doing so, and Googled ld08.exe to find out it is a virus.
> I can not find it (ld08.exe) in my computer anywhere, but every time I start
> my computer, One Care Firewall advises that it has blocked the program
> ld08.exe again.
> I can see it in my Task Manager listed in 'Processes' but I do not know
> enough about computers to end it.
> Is there anyone who can help me with this?
> Thank You.
> From Paul<!--colorc--><!--/colorc-->


Well for sure keep blocking it, read here and see if it helps.



Check some other places to compare details, and then you may have to
search the registry for what starts it executing. Be careful if you pick
a removal tool, some are really not good at all.

 

=?Utf-8?B?YmVzdGVuZ2xpc2hjbGFzcy5jb20=?=
<bestenglishclasscom@discussions.microsoft.com> wrote in
news:C2ACF47F-7682-4919-AC9F-0CB5BC1349FC@microsoft.com:
<!--coloro:blue--><span style="color:blue <!--/coloro-->
> Yesterday I received a notice from Facebook that a movie was taken of
> me at my neice's wedding, and so I went to the You Tube to view it
> but I was advised to download the latest version of Adobe. I did so,
> with no apparent result. The next time I rebooted my computer, One
> Care Firewall told me that the program ld08.exe was trying to access
> the Internet. I blocked it from doing so, and Googled ld08.exe to find
> out it is a virus. I can not find it (ld08.exe) in my computer
> anywhere, but every time I start my computer, One Care Firewall
> advises that it has blocked the program ld08.exe again.
> I can see it in my Task Manager listed in 'Processes' but I do not
> know enough about computers to end it.
> Is there anyone who can help me with this?
> Thank You.
> From Paul<!--colorc--><!--/colorc-->

If the link to "YouTube" was in the e-mail "from Facebook", it is very
likely that the e-mail didn't actually come from Facebook, and the link
didn't actually go to YouTube. The link went to a YouTube lookalike
(fake) site that tricked you into downloading the virus, by telling you
that you needed the newest Adobe flash or something.

Don't believe ANYTHING that you see in an e-mail. It's likely that
millions of people were sent an e-mail that said "a video was taken of
them at a niece (or nephew)'s wedding", and those people who have
attended a wedding recently might click on the link in the e-mail. This
is what is meant by the term "phishing" although the "phishing" e-mails
more often claim that your bank has upgraded its software.

Links in an e-mail can LIE about where they take you to. Beware.

In hindsight, the best thing for you, would have been to have asked your
niece if there really was a video, and if so, what search terms to use,
and you could have typed manually in the address bar of
your browser (Internet Explorer, or Firefox, or whatever) and searched
for the video.

NEVER click on a link that is in an e-mail.

IF a site tells you that you need the newest Adobe/flash/whatever,
manually type into the address bar and get the newest
"thing" from there. NEVER download a program like this from a video
site.

Hope this helps.

 

File MD5: 0x2E370626B26CBFC03BF2B6913AA2A5FF
Filesize: 15,872 bytes
Packer info: packed with PE_Patch.UPX [Kaspersky Lab]

Filename(s) File Size File MD5 Alias / Other Info
1 c:\d45.bat 159 bytes
2 %Windir%\ld08.exe 15,872 bytes packed with PE_Patch.UPX [Kaspersky Lab]

The following Registry Keys were deleted:
HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating
HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating\.Current
HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating\.Default

The newly created Registry Value is:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
sysldtray = "%Windir%\ld08.exe"

The following Registry Values were deleted:
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating\.Default]
(Default) = "%SystemRoot%\media\Windows XP Start.wav"
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating\.Current]
(Default) = "%SystemRoot%\media\Windows XP Start.wav"
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating]
(Default) = ""

To mark the presence in the system, the following Mutex object was created:
1978gfd63xx08

Make sure to always keep windows up to date and all anti-virus software,
You can try
StopZilla is a virus removal tool and prevention.


Threat fire is a real time protection tool, It includes a ACTIVITY MONITOR
and process and moduel scanning.

 

Hi DamianL,

as you indicated in this PE file that its packed, am just not sure if
stopzilla has the heuristic detection capability should this file be packed
by other packer packaging other than the one you indicated that kaspersky
identified as PE_Patch.UPX what if it's packed using like UPX Aspac or PE
compact?

Or is it just that you're recommending stopzilla

"DamianL" <DamianL@discussions.microsoft.com> wrote in message
news:9383544C-A94A-409A-A431-3C01BA9145FA@microsoft.com...<!--coloro:blue--><span style="color:blue <!--/coloro-->
> File MD5: 0x2E370626B26CBFC03BF2B6913AA2A5FF
> Filesize: 15,872 bytes
> Packer info: packed with PE_Patch.UPX [Kaspersky Lab]
>
> Filename(s) File Size File MD5 Alias / Other Info
> 1 c:d45.bat 159 bytes
> 2 %Windir%ld08.exe 15,872 bytes packed with PE_Patch.UPX [Kaspersky Lab]
>
> The following Registry Keys were deleted:
> HKEY_CURRENT_USERAppEventsSchemesAppsExplorerNavigating
> HKEY_CURRENT_USERAppEventsSchemesAppsExplorerNavigating.Current
> HKEY_CURRENT_USERAppEventsSchemesAppsExplorerNavigating.Default
>
> The newly created Registry Value is:
> [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
> sysldtray = "%Windir%ld08.exe"
>
> The following Registry Values were deleted:
> [HKEY_CURRENT_USERAppEventsSchemesAppsExplorerNavigating.Default]
> (Default) = "%SystemRoot%mediaWindows XP Start.wav"
> [HKEY_CURRENT_USERAppEventsSchemesAppsExplorerNavigating.Current]
> (Default) = "%SystemRoot%mediaWindows XP Start.wav"
> [HKEY_CURRENT_USERAppEventsSchemesAppsExplorerNavigating]
> (Default) = ""
>
> To mark the presence in the system, the following Mutex object was
> created:
> 1978gfd63xx08
>
> Make sure to always keep windows up to date and all anti-virus software,
> You can try
> StopZilla is a virus removal tool and prevention.
>
>
> Threat fire is a real time protection tool, It includes a ACTIVITY MONITOR
> and process and moduel scanning.
>
>
> <!--colorc--><!--/colorc-->