Please help a novice with siszyd32.exe

Viruses and worms
1

Hi all,

Not sure how long this has been on my computer, as I don’t use it as much as my other half. While using the PC this morning I found it to run very slowly, I checked the CPU usage and it’s at 100%. I looked at my startup items using msconfig and there are two files that appear in the list that I do not recognise, ~TM5D and siszyd32. I unchecked the boxes to stop them starting up, TM5D remains unchecked but siszyd re-checks itself!

As said in the title, I am a novice when it comes to viruses and spyware, I have Zone Alarm, Avast, and Adaware running on the computer and have never had any problems before. I was hoping for some help in removing this, as after looking around the forums it seems hard to get rid of. I tried to follow another thread with the same problems but got ever so slightly confused! :wink:

So far I have downloaded OTS as was suggested in another thread, followed the instructions and have my log file. I cannot upload to Mediafire as it appears to be down, so does anyone know somewhere else safe that I can upload it to?

Many thanks in advance for your help!

2

Try scanning with

MBAM http://filehippo.com/download_malwarebytes_anti_malware/
update and run quick scan, click the button “remove selected” to quarantine anything found

SAS http://filehippo.com/download_superantispyware/

Are cookies really spyware and are they dangerous?
http://www.superantispyware.com/supportfaqdisplay.html?faq=26

come back and post scan logs here

3

Thanks for the fast reply Pondus.

I Ran MBAM, it found three infections, the two I mentioned in the first post, and another. It gave me an error message after trying to remove them which said:

[b]Certain items could not be removed. The first few are listed below. All items that could not be removed have been added to the delete on reboot list. Please restart your computer now. A logfile was saved to the Logs folder.

C:\Documents and Settings\Joanne\Start Menu\Programs\Startup\siszyd32.exe

Your computer needs to be restarted to complete the removal process. Would you like to continue?[/b]

I restarted as it prompted, but have not run another scan yet. Here is the log from my first scan:

[b]Malwarebytes’ Anti-Malware 1.42
Database version: 3423
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

24/12/2009 13:07:50
mbam-log-2009-12-24 (13-07-50).txt

Scan type: Quick Scan
Objects scanned: 101877
Time elapsed: 17 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Temp~TM5D.tmp (Trojan.Downloader) → Quarantined and deleted successfully.
C:\Documents and Settings\Joanne\Start Menu\Programs\Startup\siszyd32.exe (Trojan.Agent) → Delete on reboot.
C:\Documents and Settings\Joanne\Application Data\avdrn.dat (Malware.Trace) → Quarantined and deleted successfully.[/b]

Should I run another scan to make sure it has removed the siszyd32?

Thanks again!

4
Should I run another scan to make sure it has removed the siszyd32?
Jepp, and then try SUPERAntiSpyware (no need to post log if nothing or only cookies is found)