Author Topic: siszyd32.exe help please (Read 14712 times)

robertmo · « **on:** March 04, 2010, 04:17:12 AM »

Hi essexboy,

I was hoping you could help me removing siszyd32.exe, etc.

You see, I noticed it a month ago and found this forum. I thought I had removed it with antivir, but after a while I kept on getting all sorts of virus and trojan warnings. I kept on deleting them with antivir, but that was just temporary. Now my pc also keeps on restarting 1-3 times a day.

It's not slow, but it's definitely not ok.

When I press ctrl-alt-delete I see that I still only use less then 15% on average, so nothing suspicious there, but I do see svchost.exe at least 9-10 times which I think was an indication that my pc is infected by this siszyd32.exe bugger.

Other then that, I have no idea how to be sure it's still there or how infected my pc is. All I know is that it's infected

I also used freefixer to remove some nasty stuff. (Before removing them I did a google search first of course

)

One more thing. It also seems that some of my wordpress blogs have been hacked at the moment (removing nasty script codes as we speak). Is that just a case of bad luck or has it got anything to do with my infected pc?

Please help.

Thanks in advance!
Robert

Pondus · « **Reply #1 on:** March 04, 2010, 08:31:43 AM »

Follow this guide from Essexboy and post MBAM and OTL logs HERE
http://forum.avast.com/index.php?topic=53253.0

if the log is to big, go to " Additional Options... " down in left corner and Attach:

essexboy · « **Reply #2 on:** March 04, 2010, 01:06:13 PM »

If you could post the logs please

robertmo · « **Reply #3 on:** March 06, 2010, 08:46:49 AM »

Thanks guys.

Here is the info you requested.

Hope it looks ok

emantoyaks · « **Reply #4 on:** March 06, 2010, 09:10:52 AM »

try to setup a boot scanned of avast... 100% it will be removed...^^

Then scanned ur pc using: http://superantispyware.com

Good luck and God Bless...

essexboy · « **Reply #5 on:** March 06, 2010, 01:30:54 PM »

OK try this I am not sure if OTL is strong enough to move it but we will try that first

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code: [Select]

:OTL
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [_ex-68] C:\WINDOWS\Temp\_ex-68.exe File not found
[2010-03-06 08:24:28 | 000,792,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\txrggao.sys
[2010-03-01 05:40:03 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\rbuwzv.dat
[2010-03-06 08:29:26 | 000,792,064 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\txrggao.sys

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

robertmo · « **Reply #6 on:** March 07, 2010, 03:40:49 AM »

Hmmm, ok.

Here is the requested info again.

Is it bad btw?

Also, I keep getting antivir warnings. Here's the last one:

Quote

C:\WINDOWS\Temp\sig1E.tmp

Is the TR/Rootkit.Gen Trojan

Action: Delete

================================

C:\WINDOWS\Temp\sig12.tmp

Is the TR/Rootkit.Gen Trojan

Action: Delete

Thanks for the help so far! Really appreciate it very much!

PS. I noticed that the txrggao file is still there, or is this an original file?

PPS. I installed the free avast and I have the registration code, but I can't register it. Is this because of the infection?

essexboy · « **Reply #7 on:** March 07, 2010, 12:49:49 PM »

There is a rootkit so I will get the big boy on the job

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

robertmo · « **Reply #8 on:** March 07, 2010, 08:16:23 PM »

Well, that sounds bad enough to me...

Anyways, here's the log you requested.

Once again, thanks!

robertmo · « **Reply #9 on:** March 12, 2010, 02:55:37 AM »

Hi essexboy,

Could you please help me some more and/or give me an update?

My pc still keeps restarting 1-3 times a day and I also keep getting virus and trojan warnings.

Don't know what to do next $:-\$

Thanks!
Robert

robertmo · « **Reply #10 on:** March 15, 2010, 04:51:07 PM »

Hi guys,

Is there something I said or did wrong here?

spg SCOTT · « **Reply #11 on:** March 15, 2010, 05:01:13 PM »

Quote from: robertmo on March 15, 2010, 04:51:07 PM

Hi guys,

Is there something I said or did wrong here?

I don't think so, normally (I think) essexboy suscribes to a topic so he can see replies, maybe he has missed it...

I will PM him so he is aware of this topic when he is back online

-Scott-

robertmo · « **Reply #12 on:** March 15, 2010, 05:07:09 PM »

Hi Scott,

Thanks for your reply and for letting essexboy know

Robert

essexboy · « **Reply #13 on:** March 15, 2010, 09:26:27 PM »

Hi my apologies - for some reason I did not receive my notifications

1. Please open Notepad

Click Start , then Run
Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: [Select]

File::
c:\windows\system32\drivers\txrggao.sys
c:\windows\system32\config\systemprofile\Application Data\rbuwzv.dat
c:\documents and settings\Eigenaar\g2mdlhlpx.exe
Renv::

3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt .

robertmo · « **Reply #14 on:** March 15, 2010, 10:16:07 PM »

Hi, no problem

Ok, here's the Combofix.txt

Author Topic: siszyd32.exe help please (Read 14712 times)

robertmo

siszyd32.exe help please

Pondus

Re: siszyd32.exe help please

essexboy

Re: siszyd32.exe help please

robertmo

Re: siszyd32.exe help please

emantoyaks

Re: siszyd32.exe help please

essexboy

Re: siszyd32.exe help please

robertmo

Re: siszyd32.exe help please

essexboy

Re: siszyd32.exe help please

robertmo

Re: siszyd32.exe help please

robertmo

Re: siszyd32.exe help please

robertmo

Re: siszyd32.exe help please

spg SCOTT

Re: siszyd32.exe help please

robertmo

Re: siszyd32.exe help please

essexboy

Re: siszyd32.exe help please

robertmo

Re: siszyd32.exe help please