siszyd32.exe detected

[MERL|N]

Hello everyone,

Since Monday my system is running very slowly. A scan with Hijackthis showed the presence of siszyd32.exe on the startup folder.
After manually remove all occurencies of the file as well as all registry entries, i did a reboot of the system.
A rescan with Hijackthis stated that the Trojan is still in the startup folder but i can not find it on disk. Also some registry entries are there again.

How can i deleted it correctly and be sure or to check if it is deleted permanently?

Thanks in advance

[Frank!]

Malwarebytes' AntiMalware detected and removed it from my pc yesterday without problems.

[Lisandro]

Hope avast improve detection...

[Exothermic]

Malwarebytes' AntiMalware fixed me as far as I could tell also.

[MERL|N]

Thaks for the hints. But unfortunately, although Malwarebytes found something, after the removal and reboot the anti virus scanner find it again in atapi.sys..... 

[Hermite15]

there's another thread here from someone who experienced siszyd too...
http://forum.avast.com/index.php?topic=52265.msg442382#msg442382

[thunder24]

This is not a complete fix but at least i managed to stop the process from running on my system -so far
First you should run something like trojan remover that kills suspicous registry entries in the usual
HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

To stop the syszyd32.exe from running proceed as follows:
- boot in safe mode
- remove the siszyd32.exe in the "..\Startmenü\Programme\Autostart" folder
- copy a text or bitmap into the same folder and rename it to siszyd32.exe (-set to read only)
- reboot

this worked for me, only thing remaining is a cmd window opening for a couple of seconds on my desktop trying to run the siszyd32.exe
still have to figure out from where that comes, does anybody know about that?

[polonus]

Hi malware fighters,

This is part of a spawner virus. Deleting the file does not fix the problem, only if you have the simple form, else you need to find the rootkit that has attached itself to an exsiting program and will pull in other virus attacks.  The mother load file is hidden and you can't find it here, there I propose the cleansing method and help of essexboy here on the forums,

To remove the simple process and siszyd32.exe file:
Two methods to cure this simple form:
How to remove siszyd32.exe with Freefixer:
1. Download and install FreeFixer: http://www.freefixer.com/download.html Freefixer is freeware, so it will not cost you anything.
2. Start FreeFixer and click "Scan". The will scan finish in approximately 5 minutes.
3. In the Scan result, scroll down to "Autostart shortcuts". Locate the siszyd32.exe item and check its "Delete" checkbox. DO NOT check anything else for removal, unless you 100% it's malware.
4. Click "Fix".
5. Restart your machine.
6. Start FreeFixer and scan your computer again.
7. Verify that siszyd32.exe no longer appear anywhere in the scan result.
8. Done.

Did that completely remove siszyd32.exe from your machine?

siszyd32.exe is part of Troj/Agent-LVN as documented over at Sophos:
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentlvn.html

A simple one:
. start computer in safe mode
2. remove siszyd32 procces from msconfig
3. remove the file siszyd32 from this location C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
4. restart computer.
5. gone,

polonus

[sarafova]

My way to deal with siszyd32.exe

Im with XP and I have a program called RegCleaner.. very old haha so:

1. Run Windows in "Safe Mod"
2. Open RegCleaner
3. Delete siszyd32.exe from "Start List"
4. Never run Microsoft Internet Explorer again :DD

My computer is back to normal speed :}
I hope this will be usefull for someone :}

[YoKenny]

@ sarafova

Internet Explorer is integral to the operating system and is used to display everything.

[Hermite15]

someone's confusing Windows Explorer and Internet Explorer here   ...where Internet Explorer has been and will still be...for a while...the worse piece of software...integrated...into Windows  

ps: screenshots are from Secunia

4. Never run Microsoft Internet Explorer again :DD

+1

[mahesh557]

Hi,

I got it where is the rootkit -- >C:\Local Settings\Temporary Internet Files\Content.IE5\U864OJE4\load[1].exe

It actually creates a tmp file in %windir%/Temp from which it spams from your computer. I could see SMTP packets going from my sys.

Really freefixer is a superbtool if one has minimum knowledge