I was surfing the web earlier today, when mozilla firefox suddenly “crashed” (basicaly it froze but i could still minimize it), but as soon as I minimized it, I saw a new shortcut on my desktop. It was called “SecurityTools” which I believe is a spyware program. Since I am using vista it needed my permission in order to install, ofc I denied it, started in safemode and removed it completly. Just to be sure I had not overlooked any files, I started msconfig and checked startup. There I saw a file called “siszyd32.exe” said to be located in my startup folder, which it is not. Basicaly it makes my “svchost” go nuts and use up most my CPU, and I got no idea of how to remove it, can anyone help me?

Ive been looking all over for a solution but I cannot seem to find anything that I can use without screwing my system completly.

HijackThis Log: http://www.mediafire.com/?oydizq3zhgx

Please let me know if you have a solution to my problem.

Regards Roza

Run HijackThis! again, tick the following entry, close all windows including this browser, then click ‘fix’ and reboot.

O4 - Startup: siszyd32.exe

Try one or more of the the usual free adware/spyware scanners.

SUPERAntiSpyware Free
Malwarebytes’ Anti-Malware

Download, install and update the programs.
Always select the option to quarantine any malware found rather than delete it, then you will be able to restore files or registry entries wrongly identified as malware- a rare but not unknown event for any malware scanner.

Check your Hosts file for suspicious entries:

http://en.wikipedia.org/wiki/Hosts_file

If it contains more than the following (after the introductory comments (# Copyright (c) 1998 Microsoft Corp.

This is a sample blah blah blah) post the contents here and we’ll check them for you of you want.

127.0.0.1 localhost 

The fact that you got infected just by visiting a web site means you have out of date and insecure software on your computer that malware could exploit to install itself without your consent- a drive by download.

When you have cleaned your computer, check for insecure software and update using one of the following:

Secunia Online Software Inspector (OSI)
Secunia Personal Software Inspector (PSI)

Roza is running AVG! :o
C:\Program Files\AVG\AVG8\avgtray.exe

Java is down level:
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

OK, so basically ive got “2” hosts files: Hosts and Hosts.ics

Here is the download link, I zipped all of them, including a new hijackthis logfile. For some reason the “siszyd32.exe” is gone (It didnt show up in the “fix checked” and I have not removed it earlier)

http://www.mediafire.com/?nt22lvjwzz2

I will download the programs you recomended and try them, but AVG discovered nothing, could it be that i should get a new scanner?

Roza is running AVG! C:\Program Files\AVG\AVG8\avgtray.exe

First you need to remove AVG:
http://www.avg.com/us-en/download-tools <== choose 32bit

Download avast!
http://www.avast.com/eng/download-avast-home.html <== choose avast! Home Edition - English (40.75 MB)

Well, consider it done

http://www.avast.com/eng/download-avast-home.html <== choose avast! Home Edition - English (40.75 MB)

It automatically installs that version ^^

But it appears I am not the only one infected with that file, is it something “huge”, as in widely spread, or is it just me being the “lucky” guy again?

If you call siszyd32.exe lucky then I have to say that a root canal operation is about as funny.

It may take the expert advice of essexboy or oldman to extract that infection.

I will leave my PC scanning over the night, I shall post and update when I return from school.
For those who contributed in this little thread, you got my tanks. I really appreciate that people care and/or helps out.
So thanks again and good night