Since Monday my system is running very slowly. A scan with Hijackthis showed the presence of siszyd32.exe on the startup folder.
After manually remove all occurencies of the file as well as all registry entries, i did a reboot of the system.
A rescan with Hijackthis stated that the Trojan is still in the startup folder but i can not find it on disk. Also some registry entries are there again.
How can i deleted it correctly and be sure or to check if it is deleted permanently?
Thaks for the hints. But unfortunately, although Malwarebytes found something, after the removal and reboot the anti virus scanner find it again in atapi.sys… >:(
This is not a complete fix but at least i managed to stop the process from running on my system -so far
First you should run something like trojan remover that kills suspicous registry entries in the usual
HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
To stop the syszyd32.exe from running proceed as follows:
boot in safe mode
remove the siszyd32.exe in the “…\Startmenü\Programme\Autostart” folder
copy a text or bitmap into the same folder and rename it to siszyd32.exe (-set to read only)
reboot
this worked for me, only thing remaining is a cmd window opening for a couple of seconds on my desktop trying to run the siszyd32.exe
still have to figure out from where that comes, does anybody know about that?
This is part of a spawner virus. Deleting the file does not fix the problem, only if you have the simple form, else you need to find the rootkit that has attached itself to an exsiting program and will pull in other virus attacks. The mother load file is hidden and you can’t find it here, there I propose the cleansing method and help of essexboy here on the forums,
To remove the simple process and siszyd32.exe file:
Two methods to cure this simple form:
How to remove siszyd32.exe with Freefixer:
Start FreeFixer and click “Scan”. The will scan finish in approximately 5 minutes.
In the Scan result, scroll down to “Autostart shortcuts”. Locate the siszyd32.exe item and check its “Delete” checkbox. DO NOT check anything else for removal, unless you 100% it’s malware.
Click “Fix”.
Restart your machine.
Start FreeFixer and scan your computer again.
Verify that siszyd32.exe no longer appear anywhere in the scan result.
Done.
Did that completely remove siszyd32.exe from your machine?
A simple one:
. start computer in safe mode
2. remove siszyd32 procces from msconfig
3. remove the file siszyd32 from this location C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
4. restart computer.
5. gone,
someone’s confusing Windows Explorer and Internet Explorer here ;D …where Internet Explorer has been and will still be…for a while…the worse piece of software…integrated…into Windows
ps: screenshots are from Secunia
4. Never run Microsoft Internet Explorer again :DD
