Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
My computer is infected by braviax and wisdstr, but I can't run dds.scr
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > My computer is infected by braviax and wisdstr, but I can't run dds.scr  
Forum Quick Jump
 
New Topic Post reply to : My computer is infected by braviax and wisdstr, but I can't run dds.scr Printable version of : My computer is infected by braviax and wisdstr, but I can't run dds.scr
[ << Previous Thread | Next Thread >> ]

Agieman
New Member


Date Joined Sep 2009
Total Posts : 4
  		   Posted 9/17/2009 10:47 AM (GMT +3)    Quote: My computer is infected by braviax and wisdstr, but I can't run dds.scrAlert an admin about: My computer is infected by braviax and wisdstr, but I can't run dds.scr
Dear Moderator,
 
I can't run dds.scr. after i run dds.scr, command promt come up and it says
:'C:\WINDOWS\system32\servlog.exe' is not recognized as an internal or external command,
operable program or batch file.
C:\DOCUME~1\HENDRA~1\LOCALS~1\Temp\RarSFX0>
 
what is going on with my computer???
 
Should I skip running dds.scr, and just scan with Mbam?
 
Please help me
Back to Top
 

Agieman
New Member


Date Joined Sep 2009
Total Posts : 4
  		   Posted 9/17/2009 12:10 PM (GMT +3)    Quote: My computer is infected by braviax and wisdstr, but I can't run dds.scrAlert an admin about: My computer is infected by braviax and wisdstr, but I can't run dds.scr
I already scan my pc with mbam, but the alert is keep poping up after I used my outlook express (send/receive) and it's very very annoying.

Now the command processor is back to normal, after I do something on regedit, but still it won't run dds.scr
At this time it's written :
"GOTO was unexpected at this time."
Back to Top
 

Agieman
New Member


Date Joined Sep 2009
Total Posts : 4
  		   Posted 9/17/2009 12:11 PM (GMT +3)    Quote: My computer is infected by braviax and wisdstr, but I can't run dds.scrAlert an admin about: My computer is infected by braviax and wisdstr, but I can't run dds.scr
I already scan my pc with mbam, but the alert is keep poping up after I used my outlook express (send/receive) and it's very very annoying.

Now the command processor is back to normal, after I do something on regedit, but still it won't run dds.scr
At this time it's written :
"GOTO was unexpected at this time."

Please someone help me :_(
Back to Top
 

Agieman
New Member


Date Joined Sep 2009
Total Posts : 4
  		   Posted 9/17/2009 12:17 PM (GMT +3)    Quote: My computer is infected by braviax and wisdstr, but I can't run dds.scrAlert an admin about: My computer is infected by braviax and wisdstr, but I can't run dds.scr
I'm sorry i forgot to attach the log from MbAM
There it is:

First scan (Quick Scan) :

Malwarebytes' Anti-Malware 1.41
Database version: 2814
Windows 5.1.2600 Service Pack 2

9/17/2009 3:01:02 PM
mbam-log-2009-09-17 (15-01-02).txt

Scan type: Quick Scan
Objects scanned: 96013
Time elapsed: 2 minute(s), 35 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 11
Registry Values Infected: 3
Registry Data Items Infected: 10
Folders Infected: 1
Files Infected: 9

Memory Processes Infected:
C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
C:\Documents and Settings\Hendra Santoso\Local Settings\Temp\2F5.tmp (Trojan.Downloader) -> Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\sdra64.exe -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe rundll32.exe tapi.nfo beforeglav) Good: (Explorer.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot.

Files Infected:
C:\Documents and Settings\Hendra Santoso\Local Settings\Temp\2F5.tmp (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\system32\wisdstr.exe (Rogue.AntivirusPro) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tapi.nfo (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot.
C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sdra64.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\Hendra Santoso\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.

=============================####========================================

Second Scan (Full Scan) :

Malwarebytes' Anti-Malware 1.41
Database version: 2814
Windows 5.1.2600 Service Pack 2

9/17/2009 3:37:34 PM
mbam-log-2009-09-17 (15-37-34).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 146900
Time elapsed: 26 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Administrator\Desktop\Ansav32 (XP)\Plugins\DeepSlayer.dll (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Desktop\Ansav32 (XP)\Plugins\SOR.dll (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4910D66A-E0BE-4007-B664-451AE5F4FD35}\RP482\A0065758.nfo (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Ansav32 (XP)\Plugins\DeepSlayer.dll (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
D:\Ansav32 (XP)\Plugins\SOR.dll (Malware.Packer.Morphine) -> Quarantined and deleted successfully.

=============================########===================================

Shat should I do now ??

I need help
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12862
  		   Posted 9/17/2009 2:05 PM (GMT +3)    Quote: My computer is infected by braviax and wisdstr, but I can't run dds.scrAlert an admin about: My computer is infected by braviax and wisdstr, but I can't run dds.scr
Hello Agieman and welcome smile
 
 
Download OTL by OldTimer, saving it to your desktop: http://oldtimer.geekstogo.com/OTL.exe
Close all open windows on the Task Bar. Click the OTL icon (for Vista, right click the icon and Run as Administrator) to start the program.
In the lower right corner of the Top Panel, checkmark "LOP Check" and checkmark "Purity Check".
Now click Run Scan at Top left and let the program run uninterrupted. The scan may take 5-10 minutes.
Do not TOUCH your keyboard until the scan completes!
It will produce two (2) logs on your desktop, one will pop up called OTL.txt; the other will be named Extras.txt.
Exit Notepad. Remember where you've saved these 2 files.
Exit OTL by clicking the X at top right.

Then copy/paste the following into your post (in order):
the contents of OTL.txt
the contents of Extras.txt

Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 
New Topic Post reply to : My computer is infected by braviax and wisdstr, but I can't run dds.scr Printable version of : My computer is infected by braviax and wisdstr, but I can't run dds.scr
 
Forum Information
Currently it is Friday, May 24, 2013 9:50 PM (GMT +3)
There are a total of 59,552 posts in 13,142 threads.
In the last 3 days there were 3 new threads and 29 reply posts. View Active Threads
Who's Online
This forum has 34621 registered members. Please welcome our newest member, ACSIUS.
27 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Cannot clean/ delete the internet cache/ temp folder from Chrome (9)5/24/2013 4:58:43 PM (Eddy Vl)
More on same (3)5/24/2013 10:54:23 AM (shivendra)
Re:virus allurt (3)5/24/2013 10:40:25 AM (shivendra)
IS THIS VIRUS IN PEN DRIVE? PLZ HELP (4)5/24/2013 10:38:31 AM (shivendra)
Please help save my PC (40)5/24/2013 10:35:56 AM (shivendra)


Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard Internet Security