Options
Help, I'm infected!!
This computer will not let me run my TrendMicro virus software. I even tried uninstalling and reinstalling it with no luck. I cannot even access the TrendMicro home page or any other site offering virus scanning software. There does not seem to be a problem opening any other web pages, just those with virus software. I have run AdAware and Spybot. I cannot download HJT as by IE shuts down when I try to download it. I tried copying the HJT folder from another computer but winzip shuts down trying to unzip the file. I was finally access BitDefender's website and run a scan. (The results are posted below). PLEASE HELP!!
BitDefender Online Scanner
Scan report generated at: Thu, Dec 29, 2005 - 16:11:25
Scan path: C:\;D:\;E:\;
Statistics
Time
00:36:56
Files
299519
Folders
3218
Boot Sectors
4
Archives
3196
Packed Files
33469
Results
Identified Viruses
3
Infected Files
4
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
3
Engines Info
Virus Definitions
248852
Engine build
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)
Scan plugins
13
Archive plugins
39
Unpack plugins
4
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\Jacquelyn Seaman\My Documents\My Shared Folder\kmd210_en.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 2)=>(ZIP Sfx s)=>cd_htm.dll
Detected with: Adware.CyDoor
C:\Documents and Settings\Jacquelyn Seaman\My Documents\My Shared Folder\kmd210_en.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 2)=>(ZIP Sfx s)=>cd_htm.dll
Disinfection failed
C:\Documents and Settings\Jacquelyn Seaman\My Documents\My Shared Folder\kmd210_en.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 2)=>(ZIP Sfx s)=>cd_htm.dll
Deleted
C:\Documents and Settings\Jacquelyn Seaman\My Documents\My Shared Folder\kmd210_en.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 2)=>(ZIP Sfx s)
Updated
C:\Documents and Settings\Jacquelyn Seaman\My Documents\My Shared Folder\kmd210_en.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 2)
Update failed
C:\WINDOWS\system32\drivers\etc\hosts.20051212-233141.backup
Infected with: Generic.Qhost
C:\WINDOWS\system32\drivers\etc\hosts.20051212-233141.backup
Disinfection failed
C:\WINDOWS\system32\drivers\etc\hosts.20051212-233141.backup
Deleted
C:\WINDOWS\system32\drivers\etc\hosts.20051229-151743.backup
Infected with: Generic.Qhost
C:\WINDOWS\system32\drivers\etc\hosts.20051229-151743.backup
Disinfection failed
C:\WINDOWS\system32\drivers\etc\hosts.20051229-151743.backup
Deleted
C:\WINDOWS\system32\knisdrnacl\smss.exe
Infected with: Backdoor.Landis.G
C:\WINDOWS\system32\knisdrnacl\smss.exe
Disinfection failed
C:\WINDOWS\system32\knisdrnacl\smss.exe
Delete failed
BitDefender Online Scanner
Scan report generated at: Thu, Dec 29, 2005 - 16:11:25
Scan path: C:\;D:\;E:\;
Statistics
Time
00:36:56
Files
299519
Folders
3218
Boot Sectors
4
Archives
3196
Packed Files
33469
Results
Identified Viruses
3
Infected Files
4
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
3
Engines Info
Virus Definitions
248852
Engine build
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)
Scan plugins
13
Archive plugins
39
Unpack plugins
4
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\Jacquelyn Seaman\My Documents\My Shared Folder\kmd210_en.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 2)=>(ZIP Sfx s)=>cd_htm.dll
Detected with: Adware.CyDoor
C:\Documents and Settings\Jacquelyn Seaman\My Documents\My Shared Folder\kmd210_en.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 2)=>(ZIP Sfx s)=>cd_htm.dll
Disinfection failed
C:\Documents and Settings\Jacquelyn Seaman\My Documents\My Shared Folder\kmd210_en.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 2)=>(ZIP Sfx s)=>cd_htm.dll
Deleted
C:\Documents and Settings\Jacquelyn Seaman\My Documents\My Shared Folder\kmd210_en.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 2)=>(ZIP Sfx s)
Updated
C:\Documents and Settings\Jacquelyn Seaman\My Documents\My Shared Folder\kmd210_en.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 2)
Update failed
C:\WINDOWS\system32\drivers\etc\hosts.20051212-233141.backup
Infected with: Generic.Qhost
C:\WINDOWS\system32\drivers\etc\hosts.20051212-233141.backup
Disinfection failed
C:\WINDOWS\system32\drivers\etc\hosts.20051212-233141.backup
Deleted
C:\WINDOWS\system32\drivers\etc\hosts.20051229-151743.backup
Infected with: Generic.Qhost
C:\WINDOWS\system32\drivers\etc\hosts.20051229-151743.backup
Disinfection failed
C:\WINDOWS\system32\drivers\etc\hosts.20051229-151743.backup
Deleted
C:\WINDOWS\system32\knisdrnacl\smss.exe
Infected with: Backdoor.Landis.G
C:\WINDOWS\system32\knisdrnacl\smss.exe
Disinfection failed
C:\WINDOWS\system32\knisdrnacl\smss.exe
Delete failed
0
Comments
Start HJT & press the "Do a system scan and save a log file" button. When the scan is finished a window will pop up giving you the option of where to save it. Save it to desktop where it is easy to access. Open the log file and copy the entire contents of the file & paste it into the body of your post. DO NOT FIX ANYTHING YET. Most of what is there is necessary for the running of your system.
If that does not work, find another suitable location for the file and try running it from there