Found Sisytj32.exe Malware

Hi Everyone,

This morning booting up my PC Avast popped-up a virus-found message with sisytj32.exe malware in windows startup folder.
Put it to Avast trash than reboot and remove.

After that run a scan with updated Malware bites and found some files that could be related to that:

[i]Voci infette nei dati di registro: (infected reg. data)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) → Bad: (1) Good: (0)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) → Bad: (1) Good: (0)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) → Bad: (1) Good: (0)

File infetti: (infected files)
C:\WINDOWS\Temp~TM289D.tmp (Trojan.Agent)
C:\Documents and Settings-MY USER NAME-\Dati applicazioni\avdrn.dat (Malware.Trace)
C:\WINDOWS\system32\config\systemprofile\Menu Avvio\Programmi\Esecuzione automatica\ntuser_mssec.exe (Trojan.VirTool)[/i]

Malware bites remove every voice without any problem.

Also run a scan with spybot and found nothing else than usually cookie related issues.

Now running a full sys scan with new avast freshly upgraded (before I was still with blue-icon avast, yes with defs always updated)

Now… Need I to do more scans? Am I safe now?

Thanks and have a good day :wink:

Hi eatrese,

Could be fully cleansed, could be there could be some hidden root kit element left…so you could run Gmer, for instructions see essexboys’ here:http://forum.avast.com/index.php?topic=60953.msg514389#msg514389

This is the description of the malware at hand: http://www.prevx.com/filenames/220433028752597794-X1/SISYTJ32.EXE.html
An additional cleansing routine was performed here: http://www.bleepingcomputer.com/forums/topic324155.html

polonus

Thank you so much

done both scans, here the logs:
http://bit.ly/bd6VJS ← gmer (no malware alert, i suppose)
http://bit.ly/bnRI2s ← combofix alert (deleted something…)

What do you think about?

Thanks you a lot for help :wink:

Also made a scan with Microsoft tool mrt and seems to be clean.

There are other kind of tools that could be used or be advised?

Hi eatrese,

Think you are good to go,
you will also enjoy the insight into these issues gained,
welcome to the forums here and glad we could help,

polonus

Thank you so much polonus, for everything :wink: