A google search for the file name returns many hits,
http://www.google.com/search?q=winsyshp.exe. This is just one of them,
http://www.sophos.com/security/analyses/w32delfext.html.
- Most Delf Trojans add a Startup entry: Startup Entry Name, SysService - Process Name, SysService.exe
Use Task Manager to End the Process. Also to end the startup entry, Windows Start, Run, type 'msconfig without the quotes, in the new window select the Startup Tab, find the SysService entry and uncheck it.
If you really want to be sure then you should check it against a multi-engine scanner at:
VirusTotal - Multi engine on-line virus scanner I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently 30 different scanners.
Or
Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive.
Whichever scanner you use, you can't do this with the file in the chest, you will need to move it out.If avast isn't detecting this and others are you should send a sample to avast before dealing with it.
Send the sample to
virus@avast.com zipped and password protected with password in email body and false positive/undetected malware in the subject.
Or you can also add the file to the User Files (File, Add) section of the avast chest where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.
