« previous next »
Pages: [1]   Go Down

Author Topic: siszyd32.exe  (Read 3769 times)

0 Members and 1 Guest are viewing this topic.

Rocky

  • Guest
siszyd32.exe
« on: December 23, 2009, 09:55:23 PM »
Hello everybody!

I got hit by this bugger, as I believe, few days ago. I have managed to manualy replace siszd32.exe in Startup folder with a dummy one, but as Avast mail scanner tells me, something i still sending spam from my computer and interfering with my internet connection. I have downloaded bunch of tools for removing malware, such as ComboFix, MBAM, OTS, HJT, FreeFixer and more. I have ran OTS with tweaks that essexboy has mentioned in some other thread, I have studied the log it has produced, quite laically, but did not see anything supicious. So here is the OTS log:

http://www.mediafire.com/?zzjglje2tnx

If anyone could help me what to do next? Thanks people!
Logged

Rocky

  • Guest
Re: siszyd32.exe
« Reply #1 on: December 24, 2009, 12:50:23 AM »
Sorry for double post. :D

I have ran CoboFix and it did not delete the trojan. c:\winxp\system32\drivers\nhysngpk.sys keeps poping up all the time after computer restarts. I tell avast to delete it, but after a restart it reapears.

Anyway, here's the log from ComboFix in attachment.
Logged

Rocky

  • Guest
Re: siszyd32.exe
« Reply #2 on: December 24, 2009, 09:12:57 PM »
Sorry for triple post, but I think I have managed to get rid of this f**** by myself!  ;D ;D ;D ;D ;D

I ran the folowing script in Avenger, but since I could not get into Windows proper, only into Safe mode, and since ComboFix installed Recovery console I deleted .sys file by hand, and Avenger deleted registry entries.

So, here's the script:
Code: [Select]
Files to delete:
C:\WINXP\system32\drivers\nhysngpk.sys

Drivers to delete:
nhysngpk,

and Avenger log is in the attachment. Now I'm installing MBAM and some firewall, and I hope that this would not happen soon.

As for this virus, I think that the key to deleting it is to remove siszyd32.exe and random named sys which installs itself as driver. I think that easiest way to do this is with Avenger. As for finding out the name of the malicious sys driver, I think that easiest way to find out is to wait for avast to display it to you, since sooner or later after starting the computer avast would warn me about suspicious file, which it self could not delete.

I hope that this would help someone.
Logged
Pages: [1]   Go Up
« previous next »