Author Topic: got siszyd32, have no idea what to do, please help  (Read 8119 times)

0 Members and 1 Guest are viewing this topic.

shawnywind

  • Guest
got siszyd32, have no idea what to do, please help
« on: January 08, 2010, 05:07:48 AM »
I'm totally new to having a virus, and while I'm not terrible with computers I'm not good with them either. I have Avast Anti-virus, and today it told me that it found a virus and recommended I move it to the chest. I attempted to do so, but my computer tried to start running something that I hadn't clicked, and it persisted, so I kind of freaked out and turned the computer off.

After I turned it on I noticed that My Documents kept opening periodically for no reason. Even if it was already open, after a period of time another would open up.

I did some research, found some info, looked into my computer's files, and turns out I've got this siszyd32 thing, which is apparently darn near impossible to get rid of.

I hope my computer doesn't have any other viruses on it. I did a scan and Avast said I was cool, but then again it didn't pick up siszyd32.

But yeah, I have a laptop, using Windows Vista.

I really have no idea what to do, any help would be much appreciated.

Offline Yanto.Chiang

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1372
  • Soli Deo Gloria
    • PT Garuda Sinatriya Globalindo
Re: got siszyd32, have no idea what to do, please help
« Reply #1 on: January 08, 2010, 05:22:55 AM »
Hi Shawn,

Welcome to the avast forum,

Anyway, don't to be panic. Your notebook based to your information that infected with Trojan : siszyd32

This is source information that you need : http://htlogs.com/what-is-siszyd32-exe-how-to-remove-siszyd32-exe/

And please follow these steps : http://forum.avast.com/index.php?topic=52134.0

Hope you can reveal from this attacks
Yanto Chiang | IT Security Consultants | AVAST Premium Security | GarudaSinatriya

shawnywind

  • Guest
Re: got siszyd32, have no idea what to do, please help
« Reply #2 on: January 08, 2010, 05:39:49 AM »
thanks for pointing me in the right direction. I'm still not really sure what to do though.

I seem to have found the siszyd32 file in the startup folder after a lot of navigation. Thought from what I've read it seems deleting this is not the end? Should I delete it? eh.

update: okay, so I deleted the siszyd32 file from the startup folder. Everything SEEMS to be going okay. My Documents has stopped opening at random times. But I'm still uneasy. I don't want this thing on my computer.

correction: The My Documents issue has returned.
« Last Edit: January 08, 2010, 06:08:53 AM by shawnywind »

Offline Yanto.Chiang

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1372
  • Soli Deo Gloria
    • PT Garuda Sinatriya Globalindo
Re: got siszyd32, have no idea what to do, please help
« Reply #3 on: January 08, 2010, 08:03:45 AM »
Hi Shawn,

At my referenced link, there is some steps from essexboy to follows.
Have you tried it?
Yanto Chiang | IT Security Consultants | AVAST Premium Security | GarudaSinatriya

shawnywind

  • Guest
Re: got siszyd32, have no idea what to do, please help
« Reply #4 on: January 08, 2010, 01:55:36 PM »
Well, it seems like each of his steps are specifically catered to one person or another. I've requested that he check out my case in particular, like some other people have done.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: got siszyd32, have no idea what to do, please help
« Reply #5 on: January 08, 2010, 08:08:36 PM »
Hi the initial analysis step is the same - the fixing will vary

To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.

Download OTS  to your Desktop
  • Close ALL OTHER PROGRAMS.
  • Double-click on OTS.exe to start the program.
  • Check the box that says Scan All Users
  • Under Additional Scans check the following:
    • Reg - Shell Spawning
    • File - Lop Check
    • File - Purity Scan
    • Evnt - EvtViewer (last 10)
    • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles


    • Now click the Run Scan button on the toolbar.
    • Let it run unhindered until it finishes.
    • When the scan is complete Notepad will open with the report file loaded in it.
    • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
    Please attach the log in your next post.

    To attach a file, do the following:
    • Click Add Reply
    • Under the reply panel is the Attachments Panel
    • Browse for the attachment file you want to upload, then click the green Upload button
    • Once it has uploaded, click the Manage Current Attachments drop down box
    • Click on to insert the attachment into your post

    shawnywind

    • Guest
    Re: got siszyd32, have no idea what to do, please help
    « Reply #6 on: January 08, 2010, 08:49:43 PM »
    Thanks for responding. Here's hoping I did all that stuff right.

    Offline essexboy

    • Malware removal instructor
    • Avast Überevangelist
    • Probably Bot
    • *****
    • Posts: 40589
    • Dragons by Sasha
      • Malware fixes
    Re: got siszyd32, have no idea what to do, please help
    « Reply #7 on: January 08, 2010, 09:06:48 PM »
    A 64bit system I am surprised that the malware worked.  I have few tools that work on 64 bit but this is one of them  ;D

    Start OTS. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

    Code: [Select]
    [Unregister Dlls]
    [Registry - Safe List]
    < Run [HKEY_USERS\S-1-5-21-3947582213-1791406327-2745404233-1000\] > -> HKEY_USERS\S-1-5-21-3947582213-1791406327-2745404233-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    YN -> "Csugedapesa" -> [rundll32.exe "C:\Users\Johnny Dorel Bud\AppData\Local\ihomaqud.dll",Startup]
    YN -> "Ncowi" -> [rundll32.exe "C:\Users\Johnny Dorel Bud\AppData\Local\crkbods.dll",Startup]
    [Files/Folders - Modified Within 30 Days]
    NY ->  fvgqad.dat -> C:\Users\Johnny Dorel Bud\AppData\Roaming\fvgqad.dat
    NY ->  avdrn.dat -> C:\Users\Johnny Dorel Bud\AppData\Roaming\avdrn.dat
    NY ->  4 C:\Users\Johnny Dorel Bud\AppData\Local\Temp\Low\Google Toolbar\*.tmp files -> C:\Users\Johnny Dorel Bud\AppData\Local\Temp\Low\Google Toolbar\*.tmp
    NY ->  223 C:\Users\Johnny Dorel Bud\AppData\Local\Temp\*.tmp files -> C:\Users\Johnny Dorel Bud\AppData\Local\Temp\*.tmp
    NY ->  223 C:\Users\Johnny Dorel Bud\AppData\Local\Temp\*.tmp files -> C:\Users\Johnny Dorel Bud\AppData\Local\Temp\*.tmp
    NY ->  223 C:\Users\Johnny Dorel Bud\AppData\Local\Temp\*.tmp files -> C:\Users\Johnny Dorel Bud\AppData\Local\Temp\*.tmp
    [Empty Temp Folders]


    The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new OTS log.

    I will review the information when it comes back in.

    THEN

    Malwarebytes' Anti-Malware
    Please download Malwarebytes' Anti-Malware from Here or Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

    Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

    shawnywind

    • Guest
    Re: got siszyd32, have no idea what to do, please help
    « Reply #8 on: January 08, 2010, 09:49:14 PM »
    Okay, here's the OTS info following the fix.

    I'm gonna run the malwarebytes stuff now.

    Offline essexboy

    • Malware removal instructor
    • Avast Überevangelist
    • Probably Bot
    • *****
    • Posts: 40589
    • Dragons by Sasha
      • Malware fixes
    Re: got siszyd32, have no idea what to do, please help
    « Reply #9 on: January 08, 2010, 09:54:10 PM »
    Ta

    shawnywind

    • Guest
    Re: got siszyd32, have no idea what to do, please help
    « Reply #10 on: January 08, 2010, 10:00:59 PM »
    okay, here goes:


    Malwarebytes' Anti-Malware 1.44
    Database version: 3521
    Windows 6.0.6001 Service Pack 1
    Internet Explorer 7.0.6001.18000

    1/8/2010 3:54:35 PM
    mbam-log-2010-01-08 (15-54-35).txt

    Scan type: Quick Scan
    Objects scanned: 91713
    Time elapsed: 3 minute(s), 32 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 1
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)




    No problems really. OTS did freeze up the first time I ran the fix, but I turned it off and ran it again with no issues.

    Computer seems to be fine.

    Thanks a lot for the help man, you're my hero.

    Offline essexboy

    • Malware removal instructor
    • Avast Überevangelist
    • Probably Bot
    • *****
    • Posts: 40589
    • Dragons by Sasha
      • Malware fixes
    Re: got siszyd32, have no idea what to do, please help
    « Reply #11 on: January 08, 2010, 10:22:03 PM »
    No problem run it for 24 hours to see if any problems return .  To remove the tools run OTS and hit the clean up button and all should vanish  ;D - and clear your restore points

    VISTA
    To manually create a new Restore Point
    • Go to Control Panel and select System and Maintenance
    • Select System
    • On the left select Advance System Settings and accept the warning if you get one
    • Select System Protection Tab
    • Select Create at the bottom
    • Type in a name i.e. Clean
    • Select Create
    Now we can purge the infected ones
    • Go back to the System and Maintenance page
    • Select Performance Information and Tools
    • On the left select Open Disk Cleanup
    • Select Files from all users and accept the warning if you get one
    • In the drop down box select your main drive i.e. C
    • For a few moments the system will make some calculations
    • Select the More Options tab
    • In the System Restore and Shadow Backups select Clean up
    • Select Delete on the pop up
    • Select OK
    • Select Delete
    You are now done

    shawnywind

    • Guest
    Re: got siszyd32, have no idea what to do, please help
    « Reply #12 on: January 08, 2010, 10:40:26 PM »
    Alright, did all that, everything seems good to go. I'll let you know if any more problems arise.

    Thanks again.

    Offline essexboy

    • Malware removal instructor
    • Avast Überevangelist
    • Probably Bot
    • *****
    • Posts: 40589
    • Dragons by Sasha
      • Malware fixes
    Re: got siszyd32, have no idea what to do, please help
    « Reply #13 on: January 08, 2010, 10:51:28 PM »
    My pleasure