Just to mention I defrag and delete cookies on a weekly basis (and since infection) to try and keep the sys clean.
I have tried the suggested downloads to no avail. Click on TFC link reads:
you have chosen to open TFC.exe
which is a:Application
would you like to save this file?
I then click: SAVE FILE
Immediately it comes up on my downloads as CANCELED
Then I try right click option to START and it appears to download, yet I cannot locate it (via file path or computer "search")
I move the cursor over apparent downloaded file reads:
To: C:\Documents and settings\HP_Administrator\My Documents\Downloads\TFC.exe
File Size: File not found
Time to complete: <00:01
Average speed: Unknown
Obviously right click option to open or open containing folder does not work since there is no file to be found. It gives option to "delete from system", which is confusing since I can't find it
Next I tried manually typing in link addy, with same results (same with RKill, Malwarebytes Anti-Malware link tells me "problem loading page""file not found" ).
My guess, this has a self-defense mode, preventing me from downloading software to remove it, scary.
AVG Virus Vault lists:
Infection: Trojan Horse Proxy AKGV. C:\Documents and Settings\HP_Administrator\Local Settings\Temp\zpskon_1276008504.exe
Infection: Trojan Horse Proxy AKGV. C:\Documents and Settings\HP_Administrator\Temporary Internet Files\Content.IE5\5Z37HX0E\ws.exe
Infection: Virus Identified Worm/Koobface.AB c:\Documents and Settings\HP_Administrator\Temporary Internet Files\Content.IE5\UNS18Z0T\se1ws.exe
looked up koobface on Wikipedia: http://en.wikipedia.org/wiki/Koobface
I have since had confirmation that it was the video that was infected:
**FACEBOOK MESSAGE TITLED: (no subject) Prviate ivdeo wtih you and yuor firend. Who opsted it?**
I will not post the video addy for fear of the spread of infection.
AVG is still popping up every 5 min or so with "Blocked Threat" messages, mostly Exploit Rouge Scanner (type 889), one time listed Exploit Neosploit Toolkit type 11?? (missed the last couple #'s) and Koobface Worm detected which I vaulted.
Unsure of where to go from here. Will deleting or emptying items from the vault remove the worm? Or should I keep them vaulted for ID purposes in case it is necessary to call in a professional IT? Thanks again for any help/solution provided