Author Topic: siszyd32.exe  (Read 50947 times)

0 Members and 1 Guest are viewing this topic.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: siszyd32.exe
« Reply #30 on: December 15, 2009, 11:06:12 PM »
OOpps  :-[

ghosty85

  • Guest
Re: siszyd32.exe
« Reply #31 on: December 16, 2009, 01:04:47 AM »
Essexboy, the siszyd32.exe file is no longer on my system i believe. It doesn't show up in my automatic start ups which it always used to do, so thank you for that.

However, i've tried copying the atapi.sys file from my housemates computer but it won't let me copy it to a storage device as it's 'in use' on his system. Any ideas on what to do there?

Also, sometimes my laptop decides to display an error message and a 1 minute countdown till a system restart. It mentions there's an error with system32's 'services.exe' or something like that. Probably because my atapi.sys is messed up (or deleted now).

You've been a star so far and i really appreciate you killing the little bastard (by far the worst virus i've had). So again thank you.

Here is the second OTS.txt as per your request: http://www.mediafire.com/?ihljgenytjz

mjolnirthor

  • Guest
Re: siszyd32.exe
« Reply #32 on: December 16, 2009, 10:37:48 AM »
Hello,

I've got the same problem. Can I use the fix you made for ghosty85?

sebster

  • Guest
Re: siszyd32.exe
« Reply #33 on: December 16, 2009, 12:45:04 PM »
Hello Essexboy,

I have the same problem with siszyd32.exe.

When I started my computer, Windows Defender warned me and I could easily delete this Trojan, but I'm still not sure if it is deleted entirely :s. Can I use your fixes you have made for the others?

Thanks in advance

spg SCOTT

  • Guest
Re: siszyd32.exe
« Reply #34 on: December 16, 2009, 12:58:01 PM »
To all asking to use the fixes...

I would say no. They were created specifically for that user, and could cause more problems for you in the long term...

I would create a new thread, to save essexboy getting confused, like he asked:

...could you start your own thread <snip> as I cannot run two infections in one thread Ta
It will just be too confusing for him...

I'm sure he will notice your posts, as he will be able to help you better.

He is not online at the moment, so I don't know how long it will be before he is here...
Thanks,

-Scott-
« Last Edit: December 16, 2009, 01:08:37 PM by spg SCOTT »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: siszyd32.exe
« Reply #35 on: December 16, 2009, 03:38:45 PM »
Hello,

I've got the same problem. Can I use the fix you made for ghosty85?

I would say the short answer is no. Any specific fix is crafted from the logs submitted by the person the fix is for. So as has been said it would have to be in a topic of its own, so as not to confuse/complicate this one.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Frank!

  • Guest
Re: siszyd32.exe
« Reply #36 on: December 16, 2009, 07:07:46 PM »
I had the same virus (siszyd32.exe) in my startup this morning.
It made svchost.exe (wmiprvse.exe to be more specific) use all of the CPU power.

It was removed by Malwarebytes' Anti-Malware without problems.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: siszyd32.exe
« Reply #37 on: December 16, 2009, 08:48:10 PM »
@ghosty85

Look in the following locations on the other system for the atapi.sys file
Quote
C:\WINDOWS\ServicePackFiles\i386\atapi.sys
C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys
C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

Or run the following small programme on the computer and it will show you all the locations to copy from.  Use the backup caches to copy from

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
Code: [Select]
:filefind
atapi.sys
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Any file not in use can be copied

EACH FIX IS INDIVIDUAL TO THAT COMPUTER AND MAY BREAK ANOTHER SYSTEM

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: siszyd32.exe
« Reply #38 on: December 16, 2009, 09:43:49 PM »
@ghosty85 there is a new programme by Kaspersky that has had good results so far and is now out of Beta

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v


  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

chickensandducks

  • Guest
Re: siszyd32.exe
« Reply #39 on: December 19, 2009, 10:27:52 PM »
Ok I am having this same siszyd32.exe problem pop up on my computer, and I'm not extremely good with computers. I have done some stuff with combo fix before but am not exactly sure how to use it.

can anyone assist me in removing the pesky thing? help would be super appreciated.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: siszyd32.exe
« Reply #40 on: December 19, 2009, 11:53:07 PM »
Unfortunately no two attacks are the same so first I will need to see what you have.  But could you start a new thread and put the following in it.  Post the link to the new thread here and I will receive notification 

To ensure that I get all the information this log will need to be uploaded to Mediafire and post the sharing link.

Download OTS  to your Desktop
  • Close ALL OTHER PROGRAMS.
  • Double-click on OTS.exe to start the program.
  • Check the box that says Scan All Users
  • Under Additional Scans check the following:
    • File - Lop Check
    • File - Purity Scan
    • Evnt - EvtViewer (last 10)
    • Under custom scans copy and paste the following
      netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      /md5stop
      %systemroot%\*. /mp /s
      c:\$recycle.bin\*.* /s
      CREATERESTOREPOINT
      [/list]
      • Now click the Run Scan button on the toolbar.
      • Let it run unhindered until it finishes.
      • When the scan is complete Notepad will open with the report file loaded in it.
      • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

      ghosty85

      • Guest
      Re: siszyd32.exe
      « Reply #41 on: December 23, 2009, 10:59:34 PM »
      Right, now this is really (beep) me off now. The (beep) virus has well an truely (beep) up my system. Although the virus is destroyed, the damage it has left has (beep) everything up.

      I use a little Eee pc laptop (this is the opne that had the siszyd32.exe virus on it). Now the laptop doesn't even start up. The part when it's booting up where the 'windows' logo apears (with the loading up progress bar) the laptop freezes and just maintains a blank black screen. That's about as far as i get.

      The (beep) virus has well and truely (beep) up the operating system.

      The (beep) laptop hasn't even got a cd drive so i can't even reformat. How the (beep) do you reformat without a (beep) CD drive?!!

      Grrrrrrrrrrrrrrrrr.... (beep) (beep).

      As you can tell, the little (beep) has (beep) me off.
      « Last Edit: December 24, 2009, 12:20:41 AM by ghosty85 »

      Offline DavidR

      • Avast Überevangelist
      • Certainly Bot
      • *****
      • Posts: 88900
      • No support PMs thanks
      Re: siszyd32.exe
      « Reply #42 on: December 23, 2009, 11:40:00 PM »
      I appreciate that this is very frustrating, but this forum is open to all and that includes the young, so please modify the language in your post..
      Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

      randle

      • Guest
      Re: siszyd32.exe
      « Reply #43 on: December 27, 2009, 12:02:30 AM »
      get up your statup programs or a program that disables startup programs (like avg antispyware) and identify the file. you wont be able to delete it. it just denies you everytime. next go in to your taskmanager, keeping the other window open. go in to processes and find the svchost that is running really high cpu (around 90 - 99) and end the process. your computer will now say its shutting down in 1 minute. quickly disable or delete the malicious file or startup program. now let the pc restart and do a virus scan. itll now find the file and delete it if you havent already done so. i only know this because i just did it myself. youll also want to do a registry scan with a program like ccleaner and fix all the issues becaus it messes your registry up like a bastard.
      DONE DONE DONE DONE DONE!
      no one seems to have been able to do it, and this virus has been fooled by a 17 year old boy. amatuer programmers.

      Offline Tarq57

      • Avast Evangelist
      • Massive Poster
      • ***
      • Posts: 3695
      • If at first you don’t succeed; call it version 1.0
      Re: siszyd32.exe
      « Reply #44 on: December 27, 2009, 12:13:57 AM »
      get up your statup programs or a program that disables startup programs (like avg antispyware) and identify the file. you wont be able to delete it. it just denies you everytime. next go in to your taskmanager, keeping the other window open. go in to processes and find the svchost that is running really high cpu (around 90 - 99) and end the process. your computer will now say its shutting down in 1 minute. quickly disable or delete the malicious file or startup program. now let the pc restart and do a virus scan. itll now find the file and delete it if you havent already done so. i only know this because i just did it myself. youll also want to do a registry scan with a program like ccleaner and fix all the issues becaus it messes your registry up like a bastard.
      DONE DONE DONE DONE DONE!
      no one seems to have been able to do it, and this virus has been fooled by a 17 year old boy. amatuer programmers.
      Perhaps in your youthful exuberance you may have failed to take account of the possibility that the infection and its related garbage might have a different manifestation on different systems, and what worked for you may not work for others.
      AVG Antispyware was discontinued as a stand-alone program some time ago.
      Windows 10,Windows Firewall,Firefox w/Adblock.