Help getting rid of a virus

[GCI]

Hi there everyone, you guys seem really knowledgeable in the software area, so I'm hoping you guys could help me in getting rid of a virus.

Anyhow, one of my computers got infected, and it pretty much redirects my browsing on that computer to various websites, as well as disabling certain av programs. (Like Spybot S&D, it can't startup.) So I was hoping you guys could give me a list of Anti malware tools you like, and I'd like to give them a shot and see if I can clean up my computer.

Many thanks in advance!

[Sonar]

Whats the Virus/Spyware name causing the problem?

ESET NOD32 AntiVirus 4.0.437

Malwarebytes' Anti-Malware 1.36 - Tick Box In Options -> Shut Down IE when deleting

Trojan Remover 6.7.9 Build 2578

CCleaner 2.19.901 - Untick Box In Options -> "Only delete files older then 48 hours"

Windows Vista/XP = C:\WINDOWS\SYSTEM32\DRIVERS\ETC
Windows 2K = C:\WINNT\SYSTEM32\DRIVERS\ETC
Are there any entries not going to 127.0.0.1 or 0.0.0.0?

If there is remove those entries. If that doesn't help post a log file from GSI so forum members can take a look at it to see if any possible issues.

http://gsi.kaspersky.fr/index.php?&hl=en

Download it and let the app create an log after the log is created go on the page again and upload it....

This is way better than hijackthis.

Try scans in safe mode as well.

[GCI]

Whats the virus/spyware name causing the problem.

ESET NOD32 AntiVirus 4.0.437

Malwarebytes' Anti-Malware 1.36 - Tick Box In Options >> Shut Down IE when deleting

Trojan Remover 6.7.9 Build 2578

The first thing i would do is check your HOSTS file (open with notepad). Which is located here:

Windows Vista/XP = C:\WINDOWS\SYSTEM32\DRIVERS\ETC

Windows 2K = C:\WINNT\SYSTEM32\DRIVERS\ETC

Are there any entries not going to 127.0.0.1 or 0.0.0.0?

If there is remove those entries. If that doesn't help post a HijackThis! log file so forum members can take a look at it to see if any possible issues.

Use This Last

If some thing happens again then try this:

http://gsi.kaspersky.fr/index.php?&hl=en

Download it and let the app create an log after the log is created go on the page again and upload it....

You will see every information about your pc it makes a deep scan log so you can see what dangerous apps,services.... are on your computer!!

This is way better than hijackthis!

Try safe mode as well.

Well, the infecting file was named Ld08.exe, and according to some research, it is the "koobface" worm. I will try all of your steps above, thanks.

[Marik]

Well, the infecting file was named Ld08.exe, and according to some research, it is the "koobface" worm. I will try all of your steps above, thanks.

I also had that virus 1 week ago

Malwarebytes' Anti-Malware will wipe it from existence.

[GCI]

Well, the infecting file was named Ld08.exe, and according to some research, it is the "koobface" worm. I will try all of your steps above, thanks.

I also had that virus 1 week ago

Malwarebytes' Anti-Malware will wipe it from existence.

Only problem for me was, it's installer's process would load, but nothing else would happen. This goes for normal and safe mode. I don't know why. However, I just downloaded the "trojan remover" and it detected a Trojan.Agent in an svchost file, I think it was in C:\Windows\system32\drivers\svchost.exe. My only option would be to rename it, could that possibly screw up my pc even more if I did?

[GCI]

Well, I went ahead and did it anyways. ESET no longer detects it, so I think I'm almost free of it! Turns out it made Internet Explorer use it's proxy, which was why some things weren't loading for me. Now I will try using Malwarebytes again and see if it loads this time.

[Sonar]

Well, I went ahead and did it anyways. ESET no longer detects it, so I think I'm almost free of it! Turns out it made Internet Explorer use it's proxy, which was why some things weren't loading for me. Now I will try using Malwarebytes again and see if it loads this time.

Renaming svchost.exe will only cause dll's/services to stop working and giving permission to scanners to remove the infections (which could be bad) cos it might remove a DLL that you need.

Svchost.exe wont be the infection as this file only runns DLLs in groups. The infection is in a DLL somewhere - but its saying its the svchost. but as you said you found a Ld08.exe so maybe that's the route to go if nothing has cleaned it.

I'm guessing it came from Facebook? as % of google is facebook too.

Koobface W32.Koobface.A W32.Koobface.B Worm Removal Help - manual removal there.

[shought]

Most of the time viruses don't come alone(sometimes they do).

I recommend running an online antivirus like Trendmicro HouseCall. After you ran it DO NOT reboot and try using different Antimalware solutions like Spybot, Trojan Remover and Malwarebytes.

[GCI]

Well... whatever I did, all seems good now. I'm just too lazy to get good protection, I guess I'll just let ESET's run out :P

[Sonar]

Well... whatever I did, all seems good now. I'm just too lazy to get good protection, I guess I'll just let ESET's run out :P

Try and forward all your infections to ESET.

Info or files it all helps.

ESET: samples[@]eset.com

[GCI]

Well... whatever I did, all seems good now. I'm just too lazy to get good protection, I guess I'll just let ESET's run out :P

Try and forward all your infections to ESET.

Info or files it all helps.

ESET: samples[@]eset.com

Well, it's all over. Thanks for your help, everyone.

[Sonar]

Well... whatever I did, all seems good now. I'm just too lazy to get good protection, I guess I'll just let ESET's run out :angry:

Try and forward all your infections to ESET.

Info or files it all helps.

ESET: samples[@]eset.com

Well, it's all over. Thanks for your help, everyone.

Good luck, Keep full protection on malware bytes and along side with ESET you should be protected.