Ld12.exe (Ld12) Worm Virus File Information

Danger Ld12.exe is a dangerous file which creates activities on a user’s computer which may be highly undesirable. This file is unsafe.

Type: Computer Worm (Click Here To Learn More)
Location: C:\WINDOWS\ld12.exe (Click Here To Learn How To Locate)
Risk Level: Moderate (Learn More About Risk Levels)

Ld12.exe is another variant of the koobface worm. Below is our recommended removal tool for Ld12.exe. The removal tool has been rated 5 cows out of 5 by Tucows and was previously CNET’s Editor’s Choice. Feel free to download it below.

Manual Removal – Ld12.exe may be removed through analyzing your HijackThis log. Feel free to post your hijackthis log below if you need assistance analyzing it. Hijackthis will be ideal to manually remove the virus

Click Here To Learn About HijackThis. To download HijackThis, please click HERE.

Ld12.exe File Details -
File Type – EXE – Ld12.exe is a executable file
First Identified – July 03 2023
Possible Future Variants – Ld13.exe, LD14.exe, and LD15.exe

Common Questions -
1. What is a computer virus? (Click Here To Read)
2. How did I get this computer virus? (Click Here To Read)
3. What are some common symptoms that show that my computer may be infected? (Click Here To Read)
4. What are some antivirus and antispyware programs which I can use to remove viruses and spyware? (Click Here To Read)

We recommend that you follow our safety tips so that you can keep your computer clean. Please click here to view our safety tips

Please post comments below. Your comments are both useful to visitors and to us.

Posted in: Suspicious File |

This entry was posted on Friday, July 3rd, 2023 at 12:26 pm and is filed under Suspicious File. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

3 Responses to “Ld12.exe (Ld12) Worm Virus File Information”

Joe July 7th, 2023 at 12:58 am

Hijack this was the bomb! Great tool and worked the first time.

1776blues July 10th, 2023 at 4:50 pm

Avira anti-virus found this on my slave drive and removed it. In addition I removed any reference to it from my registry after exporting the entry.

Justin July 15th, 2023 at 4:16 am

I need help BAD. I’ve been having IE popups even though I use Mozilla and also stopped the b.exe process. I used Security Task Manager and continued to investigate. Any help is greatly appreciated

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\sopidkc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\msa.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\umonit.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\V0500Mon.exe
C:\Program Files\Hercules\DualPix Exchange\Camservice.exe
C:\windows\ld12.exe
C:\windows\pp10.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\windows\freddy49.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot – Search & Destroy\TeaTimer.exe
C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Cisco Systems\VPN Client\ipseclog.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Program Files\Security Task Manager\TaskMan.exe
C:\DOCUME~1\Justin\LOCALS~1\Temp\b.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://securityresponse.symantec.com/avcenter/fix_homepage/
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 – Hosts: 82.98.231.89 url.adtrgt.com
O1 – Hosts: 82.98.231.89 googleads2.gdoubleclick.net
O2 – BHO: XML module – {500BCA15-57A7-4eaf-8143-8C619470B13D} – C:\WINDOWS\system32\msxml71.dll
O2 – BHO: (no name) – {75B3D4CE-C37C-45C4-AC6F-14265CDC3C3B} – C:\WINDOWS\system32\ljJBuuuv.dll (file missing)
O2 – BHO: Java(tm) Plug-In SSV Helper – {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} – C:\Program Files\Java\jre6\bin\ssv.dll
O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 – BHO: JQSIEStartDetectorImpl – {E7E6F031-17CE-4C07-BC86-EABFE594F69C} – C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 – BHO: (no name) – {fa258ba0-7d2c-45f8-a621-9f27d08a550c} – C:\WINDOWS\system32\wajoranu.dll (file missing)
O4 – HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 – HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 – HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 – HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 – HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 – HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 – HKLM\..\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe”
O4 – HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 – HKLM\..\Run: [type32] “C:\Program Files\Microsoft IntelliType Pro\type32.exe”
O4 – HKLM\..\Run: [IntelliPoint] “C:\Program Files\Microsoft IntelliPoint\point32.exe”
O4 – HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 – HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 – HKLM\..\Run: [DVDLauncher] “C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe”
O4 – HKLM\..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe
O4 – HKLM\..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 – HKLM\..\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 – HKLM\..\Run: [CPMcfc12b0f] Rundll32.exe “c:\windows\system32\huyewipu.dll”,a
O4 – HKLM\..\Run: [fapadikeni] Rundll32.exe “C:\WINDOWS\system32\hagenina.dll”,s
O4 – HKLM\..\Run: [ccf21893] rundll32.exe “C:\WINDOWS\system32\zarajubo.dll”,b
O4 – HKLM\..\Run: [V0500Mon.exe] C:\WINDOWS\V0500Mon.exe
O4 – HKLM\..\Run: [CamserviceDP] C:\Program Files\Hercules\DualPix Exchange\Camservice.exe /startup
O4 – HKLM\..\Run: [net] “C:\WINDOWS\system32\net.net”
O4 – HKLM\..\Run: [19527654] C:\Documents and Settings\All Users\Application Data\19527654\19527654.exe
O4 – HKLM\..\Run: [sysldtray] C:\windows\ld12.exe
O4 – HKLM\..\Run: [pp] C:\windows\pp10.exe
O4 – HKLM\..\Run: [avgnt] “C:\Program Files\Avira\AntiVir Desktop\avgnt.exe” /min
O4 – HKLM\..\Run: [sysfbtray] c:\windows\freddy49.exe
O4 – HKLM\..\RunOnce: [Spybot - Search & Destroy] “C:\Program Files\Spybot – Search & Destroy\SpybotSD.exe” /autocheck
O4 – HKCU\..\Run: [DAEMON Tools Lite] “C:\Program Files\DAEMON Tools Lite\daemon.exe” -autorun
O4 – HKCU\..\Run: [Cognac] C:\DOCUME~1\Justin\LOCALS~1\Temp\b.exe
O4 – HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot – Search & Destroy\TeaTimer.exe
O4 – HKUS\S-1-5-19\..\Run: [fapadikeni] Rundll32.exe “C:\WINDOWS\system32\hagenina.dll”,s (User ‘LOCAL SERVICE’)
O4 – HKUS\S-1-5-20\..\Run: [fapadikeni] Rundll32.exe “C:\WINDOWS\system32\hagenina.dll”,s (User ‘NETWORK SERVICE’)
O4 – Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 – Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 – Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 – Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 – Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe (file missing)
O15 – Trusted Zone: *.antimalwareguard.com
O15 – Trusted Zone: *.gomyhit.com
O15 – Trusted Zone: *.antimalwareguard.com (HKLM)
O15 – Trusted Zone: *.gomyhit.com (HKLM)
O18 – Protocol: skype4com – {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} – C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 – AppInit_DLLs: nvlkra.dllavgrsstx.dll C:\WINDOWS\system32\zimimenu.dll c:\windows\system32\huyewipu.dll
O21 – SSODL: SSODL – {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} – c:\windows\system32\huyewipu.dll (file missing)
O22 – SharedTaskScheduler: STS – {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} – c:\windows\system32\huyewipu.dll (file missing)
O23 – Service: Avira AntiVir Scheduler (AntiVirSchedulerService) – Avira GmbH – C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 – Service: Avira AntiVir Guard (AntiVirService) – Avira GmbH – C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 – Service: Apple Mobile Device – Apple Inc. – C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 – Service: Bonjour Service – Apple Inc. – C:\Program Files\Bonjour\mDNSResponder.exe
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 – Service: Cisco Systems, Inc. VPN Service (CVPND) – Cisco Systems, Inc. – C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 – Service: Symantec AntiVirus Definition Watcher (DefWatch) – Symantec Corporation – C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 – Service: Google Update Service (gupdate1c9c3d8d8632be0) (gupdate1c9c3d8d8632be0) – Google Inc. – C:\Program Files\Google\Update\GoogleUpdate.exe
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 – Service: iPod Service – Apple Inc. – C:\Program Files\iPod\bin\iPodService.exe
O23 – Service: Java Quick Starter (JavaQuickStarterService) – Sun Microsystems, Inc. – C:\Program Files\Java\jre6\bin\jqs.exe
O23 – Service: LiveUpdate – Symantec Corporation – C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 – Service: Pml Driver HPZ12 – HP – C:\WINDOWS\system32\HPZipm12.exe
O23 – Service: SAVRoam (SavRoam) – symantec – C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 – Service: sopidkc Service (sopidkc) – NewYork DVD LT – C:\WINDOWS\system32\sopidkc.exe
O23 – Service: Symantec SPBBCSvc (SPBBCSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 – Service: Symantec AntiVirus – Symantec Corporation – C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 – Service: Viewpoint Manager Service – Viewpoint Corporation – C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 – Service: Dell Wireless WLAN Tray Service (wltrysvc) – Unknown owner – C:\WINDOWS\System32\WLTRYSVC.EXE


End of file – 10693 bytes

Leave a Reply