Avast WEBforum
Other => Viruses and worms => Topic started by: man99 on December 26, 2009, 10:29:40 AM
-
Hello everyone,
My PC has been infected with siszyd32.exe and some trojans and malware. Some passwords are stolen.
These are the scans I did and the items found.
Scanned with Malwarebytes AntiMalware
Vendor> Trojan.Agent Items> siszyd32.exe
Vendor> Malware.Trace Items> avdm.dat
Scanned with SuperAntiSpyware
Trojan.Agent/Gen Files> C:\WINDOWS\TEMP\~TMCA.TMP
Trojan.Agent/Gen-Nullo[Short] Files> C:\SYSTEM VOLUME INFORMATION\_RESTORE...............
Scanned with AVG
File>C:\Program Files\Internet Explorer\iexplore.exe (5060);\memory_00400000 Infection> Trojan horse PSW.Agent.AAJK
File>C:\Program Files\Internet Explorer\iexplore.exe (5060) Infection> Trojan horse PSW.Agent.AAJK
I decide to reformat the PC to remove all malware.
Some questions
1) Does reformating the C drive (windows) kill all virus/trojans/rootkits?
2) My PC has 3 hard disks, Hard disk 1 is formatted into 3 partitions, 1st partition is C: is where windows is installed, the 2nd and 3rd partition contains data files (pdf, doc, excel, music...). The 2nd and 3rd hard disk contain data files.
I will format the C: and reinstall windows only, is it enough to kill all viruses/trojans?
Will trojans hide inside data partitions or somewhere else besides the C:?
3) Does anyone know what other data might be stolen?
4) Can the trojan steal passwords that I have typed into the browser before my PC is infected? Or the trojan can only steal the passwords that I have typed after my PC is infected?
5) When I am offline (modem is off), does the rootkit/virus still works, capturing passwords and keystrokes. After that when I am online, it will start to send data (captured during offline) to the hacker?
I appreciate all help and suggestions. Thanks in advance.
-
Welcome man99
siszyd32.exe has been discussed a lot lately.
Please read:
http://forum.avast.com/index.php?topic=52434.0
http://forum.avast.com/index.php?topic=52532.0
http://forum.avast.com/index.php?topic=52321.0
-
Hi YoKenny,
I did search for siszyd32 and read through all related threads before creating this thread. Those threads are talking about scanning the malware with softwares. They did not mention about reformatting PC to cure the virus.
My questions are related to reformatting the PC to cure the malware and how the malware works.
-
***
If the malware is only on C drive, reformating C drive would help. But, how do you know if the malware is only on C drive? If the malware has spread to the other 2 drives, reformating C drive only will not help.
***
-
I am assuming the malware is on C: because the scans shows problems on C:
How can I check if there is malware in the other 2 drives?
Sometimes malware can also hide in boot sector, CMOS, BIOS? How do I check if there are malware in these areas?
Thanks
-
Make sure to have run Boot scan on all drives. This will ensure bios is clear. Actually if you have the time, you would do better to try to kill off the trojans first and possibly malware then reformat c:
At least the easy to kill ones. Less chance of spread if there are less contaminated files.
-
What kind of boot scan do you mean? How do you do it?
I scanned all drives with the programs as as stated in the first post and deleted all the virus found. Currently doing avast scan and this should be my last scan before I format my PC. I have been doing scans for 3 days and I wonder if I am wasting my time because all malware should be removed if I do a reinstall of C drive.
I intend to scan all drives another time after I have reinstalled C drive. I wonder if I should have straight away do a reinstall of C drive and then do a scan of all drives to detect malware so I can save some time.
-
can u try malwarebytes.org (http://malwarebytes.org) to remove that malware? ...
-
emantoyaks, I have already scanned my PC with malwarebytes as mentioned in my first thread.
-
***
How to do a boot time scan:
http://www.digitalred.com/avast-boot-time.php
***
-
Does anyone know how to do a boot sector scan? From my understanding, a boot time scan is similar to the normal avast scan inside windows, except that a boot time scan is done before windows is loaded.
Malware may hide in boot sector / CMOS / BIOS, so I would like to know how to scan boot sector.
-
Does anyone know how to do a boot sector scan? From my understanding, a boot time scan is similar to the normal avast scan inside windows, except that a boot time scan is done before windows is loaded.
Malware may hide in boot sector / CMOS / BIOS, so I would like to know how to scan boot sector.
Hi, this is a specialized tool for scanning boot sector viruses. http://www.softpedia.com/get/Antivirus/Avira-Boot-Sector-Repair-Tool.shtml (http://www.softpedia.com/get/Antivirus/Avira-Boot-Sector-Repair-Tool.shtml) hope this helps
-
Hi man99,
You'll probably find that most malware does not install itself in the boot-sector, or BIOS or CMOS any more. The virus/malware writers have moved on from that.
Malwarebytes' Antimalware should clear it up, as long as you have the latest definitions. Avasts' boot-time scan scans the disks before windows starts as the malware stores info about itself in the registry, and therefore initialises as windows runs. The boot scan stops this, but will only currently work on 32-bit windows installs.
Formatting drive C: will get rid of any entries in the registry so your machine will not be infected, but it will not clear any files that are resident on your other drives. If you choose to re-install windows, then you will still need to do a scan to get rid of these malware files off of your disks.
Unfortunately, it can be a long process, and as long as you have all your data backed up, it may be quicker and easier in the long run to format C: and re-install windows.
regards, Gizbar.