Infected need help

I recently clicked on a link on Facebook from a friend. I was a youtube video and was suppose to be funny in the description. I have a twisted sense of humor but not this twisted. I became infected and this is what it is doing.

 

Every five minutes or so it asks for two words to be typed in order that the sessions does not end. It is a microsoft xp professional window. If you do not type the words in it does not shutdown but just sits there. If you type them in all is well for another 5 minutes. I also get these odd pages opening that keep saying they are removing my trojans. I assume they are not and just keep closing them.

 

It also went into my Facebook address book and sent them to everyone I know (or don't... it is facebook after all) so this thing could proprogate like a brecht shampoo comercial.

 

I am a goof and do not really want to think about viruses worms and trojans. Is there some way to fix this thing. A friend let me be one of his 3 computers that can be used with his norton's (for a small fee). I loaded it and well it can not go and get updates from the site.

 

I was hoping to have some insight on what to do.

 

My email is {edited out  personal information}

 

Send lawyers guns and money... Dad get me out of this.

Are you able to give the name of the Rogue that it calls itself when the dialog box is open, or A screenshot of it??

 

Trying to work out if it's the New "Security Tool" variant with Ransomware ability, or Just Ransomware

 

Quads

Hmmm, like this??

 

KC.png

 

 

 


 

 

Memory Modules Infected:

c:\Windows\System32\fio32.dll (Worm.KoobFace) -> No action taken.

C:\Program Files\captcha.dll (Spyware.OnlineGames) -> No action taken.

 

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fioo32 (Worm.KoobFace) -> No action taken.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\fio32 (Worm.KoobFace) -> No action taken.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_FIO32 (Worm.KoobFace) -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\webserver (Worm.KoobFace) -> No action taken.

 

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysldtray (Trojan.Buzus) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\fioo32 (Worm.KoobFace) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\captcha7 (Spyware.OnlineGames) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysfbtray (Worm.KoobFace) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pp (Worm.KoobFace) -> No action taken.

 

Registry Data Items Infected:

 

Folders Infected:

 

 

Files Infected:

C:\Windows\ld16.exe (Trojan.Buzus) -> No action taken.

C:\Windows\System32\drivers\fio32.sys (Worm.Koobface) -> No action taken.

C:\Windows\010112010146114101.xxe (KoobFace.Trace) -> No action taken.

C:\Windows\01011201014650115.xxe (KoobFace.Trace) -> No action taken.

C:\Windows\bk23567.dat (KoobFace.Trace) -> No action taken.

C:\Windows\fdgg34353edfgdfdf (KoobFace.Trace) -> No action taken.

C:\Windows\System32\fio32.dll (Worm.KoobFace) -> No action taken.

C:\Program Files\webserver\webserver.exe (Worm.KoobFace) -> No action taken.

C:\Program Files\captcha.dll (Spyware.OnlineGames) -> No action taken.

C:\Windows\freddy82.exe (Worm.KoobFace) -> No action taken.

C:\Windows\pp14.exe (Worm.KoobFace) -> No action taken.

 


 

 

 

Quads

I recently clicked on a link on Facebook from a friend. I was a youtube video and was suppose to be funny in the description. I have a twisted sense of humor but not this twisted. I became infected and this is what it is doing.

 

Every five minutes or so it asks for two words to be typed in order that the sessions does not end. It is a microsoft xp professional window. If you do not type the words in it does not shutdown but just sits there. If you type them in all is well for another 5 minutes. I also get these odd pages opening that keep saying they are removing my trojans. I assume they are not and just keep closing them.

 

It also went into my Facebook address book and sent them to everyone I know (or don't... it is facebook after all) so this thing could proprogate like a brecht shampoo comercial.

 

I am a goof and do not really want to think about viruses worms and trojans. Is there some way to fix this thing. A friend let me be one of his 3 computers that can be used with his norton's (for a small fee). I loaded it and well it can not go and get updates from the site.

 

I was hoping to have some insight on what to do.

 

My email is {edited out  personal information}

 

Send lawyers guns and money... Dad get me out of this.