My computer is infected by braviax and wisdstr, but I can't run dds.scr

Posted 9/17/2009 7:47 AM
#77444
User avatar

Agieman Member

Date Joined Nov 2016
Total Posts: 4
Dear Moderator,


I can't run dds.scr. after i run dds.scr, command promt come up and it says

:'C:\WINDOWS\system32\servlog.exe' is not recognized as an internal or external command,
operable program or batch file.

C:\DOCUME~1\HENDRA~1\LOCALS~1\Temp\RarSFX0>



what is going on with my computer???



Should I skip running dds.scr, and just scan with Mbam?



Please help me
Posted 9/17/2009 9:10 AM
#77448
User avatar

Agieman Member

Date Joined Nov 2016
Total Posts: 4
I already scan my pc with mbam, but the alert is keep poping up after I used my outlook express (send/receive) and it's very very annoying.

Now the command processor is back to normal, after I do something on regedit, but still it won't run dds.scr
At this time it's written :
"GOTO was unexpected at this time."
Posted 9/17/2009 9:11 AM
#77449
User avatar

Agieman Member

Date Joined Nov 2016
Total Posts: 4
I already scan my pc with mbam, but the alert is keep poping up after I used my outlook express (send/receive) and it's very very annoying.

Now the command processor is back to normal, after I do something on regedit, but still it won't run dds.scr
At this time it's written :
"GOTO was unexpected at this time."

Please someone help me :_(
Posted 9/17/2009 9:17 AM
#77450
User avatar

Agieman Member

Date Joined Nov 2016
Total Posts: 4
I'm sorry i forgot to attach the log from MbAM
There it is:

First scan (Quick Scan) :

Malwarebytes' Anti-Malware 1.41
Database version: 2814
Windows 5.1.2600 Service Pack 2

9/17/2009 3:01:02 PM
mbam-log-2009-09-17 (15-01-02).txt

Scan type: Quick Scan
Objects scanned: 96013
Time elapsed: 2 minute(s), 35 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 11
Registry Values Infected: 3
Registry Data Items Infected: 10
Folders Infected: 1
Files Infected: 9

Memory Processes Infected:
C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
C:\Documents and Settings\Hendra Santoso\Local Settings\Temp\2F5.tmp (Trojan.Downloader) -> Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\sdra64.exe -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe rundll32.exe tapi.nfo beforeglav) Good: (Explorer.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot.

Files Infected:
C:\Documents and Settings\Hendra Santoso\Local Settings\Temp\2F5.tmp (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\system32\wisdstr.exe (Rogue.AntivirusPro) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tapi.nfo (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot.
C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sdra64.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\Hendra Santoso\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.

=============================####========================================

Second Scan (Full Scan) :

Malwarebytes' Anti-Malware 1.41
Database version: 2814
Windows 5.1.2600 Service Pack 2

9/17/2009 3:37:34 PM
mbam-log-2009-09-17 (15-37-34).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 146900
Time elapsed: 26 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Administrator\Desktop\Ansav32 (XP)\Plugins\DeepSlayer.dll (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Desktop\Ansav32 (XP)\Plugins\SOR.dll (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4910D66A-E0BE-4007-B664-451AE5F4FD35}\RP482\A0065758.nfo (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Ansav32 (XP)\Plugins\DeepSlayer.dll (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
D:\Ansav32 (XP)\Plugins\SOR.dll (Malware.Packer.Morphine) -> Quarantined and deleted successfully.

=============================########===================================

Shat should I do now ??

I need help
Posted 9/17/2009 11:05 AM
#77453
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Hello Agieman and welcome :smile:





Download OTL by OldTimer, saving it to your desktop: http://oldtimer.geekstogo.com/OTL.exe

Close all open windows on the Task Bar. Click the OTL icon (for Vista, right click the icon and Run as Administrator) to start the program.

In the lower right corner of the Top Panel, checkmark "LOP Check" and checkmark "Purity Check".

Now click Run Scan at Top left and let the program run uninterrupted. The scan may take 5-10 minutes.

Do not TOUCH your keyboard until the scan completes!

It will produce two (2) logs on your desktop, one will pop up called OTL.txt; the other will be named Extras.txt.

Exit Notepad. Remember where you've saved these 2 files.

Exit OTL by clicking the X at top right.


Then copy/paste the following into your post (in order):
the contents of OTL.txt

the contents of Extras.txt

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Tuesday, January 24, 2017, 8:00 AM (GMT +1)
There are a total of 61,167 posts in 13,450 threads.
In the last 3 days there were 1 new threads and 4 reply posts.

Who's online

This forum has 37,989 registered members. Please welcome our newest member, paulglissov@hotmail.com.
There are currently no users on-line.
We use cookies to ensure that we give you the best experience on our website. By continuing to browse, we are assuming that you have no objection in accepting cookies. You can change your cookie settings at any time.