Author Topic: Need Help removing siszyd32.exe and sr882388.exe et al  (Read 29292 times)

0 Members and 1 Guest are viewing this topic.

gitarslinger

  • Guest
Re: Need Help removing siszyd32.exe and sr882388.exe et al
« Reply #30 on: January 07, 2010, 12:46:23 AM »
It's also saying the extended monitoring driver AVZPM is not installed, so that check wasn't performed.

gitarslinger

  • Guest
Re: Need Help removing siszyd32.exe and sr882388.exe et al
« Reply #31 on: January 07, 2010, 01:50:30 AM »
New files at mediafire: re-run.  http://www.mediafire.com/?jnkky2gunnz and http://www.mediafire.com/?qzkem4ytown    Don't think the result is any different.

I discovered that one of my email accounts had been hacked.  It was being used by a Nigerian-style scammer.  Oddly enough, the thief didn't change the password, hence the address was recovered.  "Captain Raymond Pierce."  I've canceled all the credit cards, changed all the passwords.  Wonderful way to spend a day.

Which file were we going after?

Jim

Offline mkis

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1618
Re: Need Help removing siszyd32.exe and sr882388.exe et al
« Reply #32 on: January 07, 2010, 11:49:05 AM »
What was TM doing when you got hacked?
Avast7 Free, MBAM (on demand), MVPS Hosts

Intel DG41TY, Windows 7 Ultimate, IE9, Google Chrome, 4 GB ram, Secunia PSI, ccleaner, Foxit Reader, Faststone Image viewer, MWSnap.

gitarslinger

  • Guest
Re: Need Help removing siszyd32.exe and sr882388.exe et al
« Reply #33 on: January 07, 2010, 05:39:00 PM »
What was TM doing when you got hacked?

Ostensibly, its job.  It detected the initial trojan and claimed to have quarantined it, but I found it running as a process immediately thereafter along with sr882388.exe.  It asked me if I wanted to allow sr882388.exe to access the internet, and I of course blocked it, but that didn't stop it running.  Nor, apparently, was it able to stop it or something else from accessing the internet, considering my email account was successfully stolen.   

It was also updating daily and scanning twice weekly.  It found nothing on a scan immediately after the incident, of course. I found siszyd32.exe myself in msconfig when I was trying to figure out what all had gone wrong.  I'm assuming it hit a few months ago when TM "quarantined" another trojan.  In that case, I failed to look further.  I'm not sure what siszyd32 accomplished, but it's apparent both left TM scratching its *** in midfield.

Jim

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Need Help removing siszyd32.exe and sr882388.exe et al
« Reply #34 on: January 07, 2010, 08:26:01 PM »
Mediafire is down for maintainence at the moment it should be up in about an hour when I will download your logs

gitarslinger

  • Guest
Re: Need Help removing siszyd32.exe and sr882388.exe et al
« Reply #35 on: January 07, 2010, 09:17:19 PM »
Let's bypass mediafire in case its updates take longer than advertised.  I've changed the file extensions to .log so they can be attached here.  Please change them back to .zip when you download them.

Jim

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Need Help removing siszyd32.exe and sr882388.exe et al
« Reply #36 on: January 07, 2010, 09:38:55 PM »
Ta, ok that shows that the file is no longer present  so mayhap OTS was the older version

What problems are you experiencing now - are you still getting alerts ?

gitarslinger

  • Guest
Re: Need Help removing siszyd32.exe and sr882388.exe et al
« Reply #37 on: January 07, 2010, 09:47:03 PM »
Not receiving any alerts, just flipping fearful bad things are going to happen if I start using the computer online again.  Which file were we looking for?  I'm guessing AVZ doesn't find it now, but did it do so in the first place?  Should we run something else to be certain it's gone?

I have another question relating to the start menu for when this mess is finally behind me: is it ok or advisable to use CCleaner to delete start menu entries that are not checked and/or are unchecked second iterations of items that are checked?

Jim

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Need Help removing siszyd32.exe and sr882388.exe et al
« Reply #38 on: January 07, 2010, 10:03:23 PM »
Lets do a final check with MBAM and do this using the current computer - I.e. go online with it. 
Quote
I have another question relating to the start menu for when this mess is finally behind me: is it ok or advisable to use CCleaner to delete start menu entries that are not checked and/or are unchecked second iterations of items that are checked?
Should be no problem with that

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

gitarslinger

  • Guest
Re: Need Help removing siszyd32.exe and sr882388.exe et al
« Reply #39 on: January 07, 2010, 10:27:11 PM »
The MBAM quick-scan was clean.  I should point out, though, that a MBAM full system scan was also clean just prior to your entering this particular fray.  Which particular utility found the item you're after?  Should we run that again?

I very much appreciate your help with these issues.  I don't mean to be a pest.  Especially after having an email account hijacked, I'm thrice shy about all of this.

Jim

Malwarebytes' Anti-Malware 1.43
Database version: 3510
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

1/7/2010 3:15:16 PM
mbam-log-2010-01-07 (15-15-16).txt

Scan type: Quick Scan
Objects scanned: 122704
Time elapsed: 7 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Need Help removing siszyd32.exe and sr882388.exe et al
« Reply #40 on: January 07, 2010, 10:44:00 PM »
OTS found the initial files for me and CF then killed what was left

You can re-run OTS again with no problem if you wish - and I will then check it out

gitarslinger

  • Guest
Re: Need Help removing siszyd32.exe and sr882388.exe et al
« Reply #41 on: January 07, 2010, 10:45:00 PM »
will do.

gitarslinger

  • Guest
Re: Need Help removing siszyd32.exe and sr882388.exe et al
« Reply #42 on: January 07, 2010, 10:58:56 PM »
And here it is.  And here's hoping it's clean.

Where do I send the single malt?

Jim

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Need Help removing siszyd32.exe and sr882388.exe et al
« Reply #43 on: January 07, 2010, 11:01:04 PM »
Wierd that is corrupted when I open it could you repost it please

gitarslinger

  • Guest
Re: Need Help removing siszyd32.exe and sr882388.exe et al
« Reply #44 on: January 07, 2010, 11:04:59 PM »
Here it is again.  Odd that it corrupted.  I was just browsing through it myself.

Jim