Evan R asked:


I received a Facebook message with a link to a faux youtube video, which then prompted me to download a Flash update. Like a fool, I did it.

Now my Google search results are heading to “Find-www.net” and then on to “lowpriceshopper”.

I am in a lot of pain now as I search for a way to fix this bad boy.

Any help (ideally beyond the obvious of run a virus and spyware scan) would be appreciated.
I have found someone suffering my problem: http://www.geekstogo.com/forum/Facebook-Virus-Google-Redirect-t212616.html
Unfortunately, this does not seem to have a happy ending yet.
This seems like a possible tool for fixing:
Swandog46’s Public Anti-Malware Tools
http://swandog46.geekstogo.com/avenger2/avenger2.html

ThreatFire just posted an article, but no fix:
http://blog.threatfire.com/

…looks like I am in for a rebuild. :^(
http://www.bleepingcomputer.com/forums/lofiversion/index.php/t178287.html

…looks like I may have a fix…
So Koobface was the correct name of my virus. Tinyproxy.exe and Bolivar28.exe were the two processes that did the damage as described in the ThreatFire article: http://blog.threatfire.com/2008/12/koobface-anti-emulation-time-lock-trick.html

TrendMicro’s HijackThis fixed it, which FYI, is a great piece of software: http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html

Hope no one else gets Koobface, or tinyproxy, or bolivar, but if so, this is the fix.