My computer is infected by braviax and wisdstr, but I can't run dds.scr

Posted 9/17/2009 7:47 AM
#77444
User avatar

Agieman Member

Date Joined Nov 2016
Total Posts: 4
Dear Moderator, <br/> <br/> <br/>I can't run dds.scr. after i run dds.scr, command promt come up and it says <br/> <br/>:'C:\WINDOWS\system32\servlog.exe' is not recognized as an internal or external command, <br/>operable program or batch file. <br/> <br/>C:\DOCUME~1\HENDRA~1\LOCALS~1\Temp\RarSFX0> <br/> <br/> <br/> <br/>what is going on with my computer??? <br/> <br/> <br/> <br/>Should I skip running dds.scr, and just scan with Mbam? <br/> <br/> <br/> <br/>Please help me
Posted 9/17/2009 9:10 AM
#77448
User avatar

Agieman Member

Date Joined Nov 2016
Total Posts: 4
I already scan my pc with mbam, but the alert is keep poping up after I used my outlook express (send/receive) and it's very very annoying. <br/> <br/>Now the command processor is back to normal, after I do something on regedit, but still it won't run dds.scr <br/>At this time it's written : <br/>"GOTO was unexpected at this time."
Posted 9/17/2009 9:11 AM
#77449
User avatar

Agieman Member

Date Joined Nov 2016
Total Posts: 4
I already scan my pc with mbam, but the alert is keep poping up after I used my outlook express (send/receive) and it's very very annoying. <br/> <br/>Now the command processor is back to normal, after I do something on regedit, but still it won't run dds.scr <br/>At this time it's written : <br/>"GOTO was unexpected at this time." <br/> <br/>Please someone help me :_(
Posted 9/17/2009 9:17 AM
#77450
User avatar

Agieman Member

Date Joined Nov 2016
Total Posts: 4
I'm sorry i forgot to attach the log from MbAM <br/>There it is: <br/> <br/>First scan (Quick Scan) : <br/> <br/>Malwarebytes' Anti-Malware 1.41 <br/>Database version: 2814 <br/>Windows 5.1.2600 Service Pack 2 <br/> <br/>9/17/2009 3:01:02 PM <br/>mbam-log-2009-09-17 (15-01-02).txt <br/> <br/>Scan type: Quick Scan <br/>Objects scanned: 96013 <br/>Time elapsed: 2 minute(s), 35 second(s) <br/> <br/>Memory Processes Infected: 1 <br/>Memory Modules Infected: 1 <br/>Registry Keys Infected: 11 <br/>Registry Values Infected: 3 <br/>Registry Data Items Infected: 10 <br/>Folders Infected: 1 <br/>Files Infected: 9 <br/> <br/>Memory Processes Infected: <br/>C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> Unloaded process successfully. <br/> <br/>Memory Modules Infected: <br/>C:\Documents and Settings\Hendra Santoso\Local Settings\Temp\2F5.tmp (Trojan.Downloader) -> Delete on reboot. <br/> <br/>Registry Keys Infected: <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully. <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. <br/>HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. <br/>HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully. <br/>HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. <br/>HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. <br/>HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully. <br/> <br/>Registry Values Infected: <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> Quarantined and deleted successfully. <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully. <br/> <br/>Registry Data Items Infected: <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\sdra64.exe -> Delete on reboot. <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe rundll32.exe tapi.nfo beforeglav) Good: (Explorer.exe) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully. <br/> <br/>Folders Infected: <br/>C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot. <br/> <br/>Files Infected: <br/>C:\Documents and Settings\Hendra Santoso\Local Settings\Temp\2F5.tmp (Trojan.Downloader) -> Delete on reboot. <br/>C:\WINDOWS\system32\wisdstr.exe (Rogue.AntivirusPro) -> Quarantined and deleted successfully. <br/>C:\WINDOWS\system32\tapi.nfo (Trojan.Downloader) -> Quarantined and deleted successfully. <br/>C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. <br/>C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot. <br/>C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot. <br/>C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully. <br/>C:\WINDOWS\system32\sdra64.exe (Trojan.FakeAlert) -> Delete on reboot. <br/>C:\Documents and Settings\Hendra Santoso\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully. <br/> <br/>=============================####======================================== <br/> <br/>Second Scan (Full Scan) : <br/> <br/>Malwarebytes' Anti-Malware 1.41 <br/>Database version: 2814 <br/>Windows 5.1.2600 Service Pack 2 <br/> <br/>9/17/2009 3:37:34 PM <br/>mbam-log-2009-09-17 (15-37-34).txt <br/> <br/>Scan type: Full Scan (C:\|D:\|) <br/>Objects scanned: 146900 <br/>Time elapsed: 26 minute(s), 13 second(s) <br/> <br/>Memory Processes Infected: 0 <br/>Memory Modules Infected: 0 <br/>Registry Keys Infected: 0 <br/>Registry Values Infected: 0 <br/>Registry Data Items Infected: 0 <br/>Folders Infected: 0 <br/>Files Infected: 5 <br/> <br/>Memory Processes Infected: <br/>(No malicious items detected) <br/> <br/>Memory Modules Infected: <br/>(No malicious items detected) <br/> <br/>Registry Keys Infected: <br/>(No malicious items detected) <br/> <br/>Registry Values Infected: <br/>(No malicious items detected) <br/> <br/>Registry Data Items Infected: <br/>(No malicious items detected) <br/> <br/>Folders Infected: <br/>(No malicious items detected) <br/> <br/>Files Infected: <br/>C:\Documents and Settings\Administrator\Desktop\Ansav32 (XP)\Plugins\DeepSlayer.dll (Malware.Packer.Morphine) -> Quarantined and deleted successfully. <br/>C:\Documents and Settings\Administrator\Desktop\Ansav32 (XP)\Plugins\SOR.dll (Malware.Packer.Morphine) -> Quarantined and deleted successfully. <br/>C:\System Volume Information\_restore{4910D66A-E0BE-4007-B664-451AE5F4FD35}\RP482\A0065758.nfo (Trojan.Downloader) -> Quarantined and deleted successfully. <br/>D:\Ansav32 (XP)\Plugins\DeepSlayer.dll (Malware.Packer.Morphine) -> Quarantined and deleted successfully. <br/>D:\Ansav32 (XP)\Plugins\SOR.dll (Malware.Packer.Morphine) -> Quarantined and deleted successfully. <br/> <br/>=============================########=================================== <br/> <br/>Shat should I do now ?? <br/> <br/>I need help
Posted 9/17/2009 11:05 AM
#77453
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Hello Agieman and welcome :smile: <br/> <br/> <br/> <br/> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY: 'Trebuchet MS'; mso-ansi-language: EN-GB">Download OTL by OldTimer, saving it to your desktop: <SPAN style="FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY: 'Trebuchet MS'"><SPAN lang=EN-GB style="COLOR: black; mso-ansi-language: EN-GB">http://oldtimer.geekstogo.com/OTL.exe<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY: 'Trebuchet MS'; mso-ansi-language: EN-GB">Close all open windows on the Task Bar. Click the OTL icon (for Vista, right click the icon and Run as Administrator) to start the program. <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY: 'Trebuchet MS'; mso-ansi-language: EN-GB">In the lower right corner of the Top Panel, checkmark "LOP Check" and checkmark "Purity Check". <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY: 'Trebuchet MS'; mso-ansi-language: EN-GB">Now click Run Scan at Top left and let the program run uninterrupted. The scan may take 5-10 minutes. <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY: 'Trebuchet MS'; mso-ansi-language: EN-GB">Do not TOUCH your keyboard until the scan completes! <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY: 'Trebuchet MS'; mso-ansi-language: EN-GB">It will produce two (2) logs on your desktop, one will pop up called OTL.txt; the other will be named Extras.txt. <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY: 'Trebuchet MS'; mso-ansi-language: EN-GB">Exit Notepad. Remember where you've saved these 2 files.<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY: 'Trebuchet MS'; mso-ansi-language: EN-GB">Exit OTL by clicking the X at top right.<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY: 'Trebuchet MS'; mso-ansi-language: EN-GB"> <br/>Then copy/paste the following into your post (in order): <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY: 'Trebuchet MS'; mso-ansi-language: EN-GB">the contents of OTL.txt<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY: 'Trebuchet MS'; mso-ansi-language: EN-GB">the contents of Extras.txt <o:p></o:p>

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Saturday, December 10, 2016, 12:19 AM (GMT +1)
There are a total of 61,163 posts in 13,450 threads.
In the last 3 days there were 1 new threads and 3 reply posts.

Who's online

This forum has 37,969 registered members. Please welcome our newest member, Heisenberg.
There are currently no users on-line.