I am wondering why this infection is prevalent now ???
Is avast! not protecting our systems from it?
Where is it coming from?
The only way to find the commeon denominator is to ask those infected where they got it from. Last week it was the tdss infection of atapi.sys files - next week who knows
So there is no common method of entry then ?
Presumably this isn’t being picked up by other AVs as well.
Hi DavidR and essexboy,
There are some precautions one could take: http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
more specific in nature: http://www.bleepingcomputer.com/forums/topic211690.html
It is researched:
http://www.offensivecomputing.net/?q=node/945
A common denominator of infections with siszyd32 is surfing with an unprotected Firefox browser (without the protection of NoScript) where the av-solution does not block the malcode for that particular browser -
there are reports that it is an unprotected browser problem - NoScript alas has not arrived as a full proof solution to the general masses (people are greatly unaware of the prevailing risk, they do not know that in-browser protection exists and how efficient it is, some do not want it because it is a nag/pain in the neck/it is a problem for other - they will steer clear and other lame excuses to get infected and then think differently).
Folks we arrived in a malware ridden Internet world where browser users cannot go without a decent malcode blocker like NoScript, and I would go for the combination of NS and RP (=Request Policy) as essential Mozilla browser add-ons, absolutely essential for the security aware, it was never circumvented not in the past, not in the present and not in the future it won’t period,
polonus
polonus, thankfully I have not caught siszyd32 and I don’t use Firefox.
Thank You for this excellent tip Polonus I now have added Request-Policy to Firefox. I already was using NoScript.
You guys were impressive in helping people who got infected by that malware 
I use Firefox and I haven’t caught siszyd32. Sometimes wish I could have a go at the beastie, but I do nearly all my licentious roaming (virus baiting) with my Chrome browser and only catch small fry, certainly nothing of siszyd32 grade. I run Noscript with Firefox and browser performs well and very safely, mind I do have solid security layers in place (thanks 2 avast webforum), and am more likely to add Request Policy rather than reduce my Firefox defences, so doubt that I will see the beastie through that channel.
Here’s Microsofts write-up on it.
Thanks Marc57. Is good page. Well done Microsoft.
Your Welcome.
I use Windows Defender on XP Pro and Windows 7 and I make sure they are up to date:
http://www.microsoft.com/security/portal/Definitions/ADL.aspx
Yep, Everyones doing a great job especially essexboy, I vote that he get a raise for all his hard work. ;D
Has there been any word from Alwil about this problem?
Well,
Everybody specially for avast evangelist and others full member should be available and ready to support user which infected by virus or malware with full support.
Just keep contribute and support infected user to rid the malware or virus attacks. ;D
Hi Yanto.Chiang,
A nice write-up on this malcode here: http://www.hardwareanalysis.com/content/topic/75487/
also with a reference to this thread here.
Then SAS info here: http://www.superantispyware.com/malwarefiles/SISZYD32.EXE.html
Sophos has this: Troj/Agent-MAT contacts the following server via HTTP: forhomessale . ru
Troj/Agent-MAT copies itself to:
\Programs\Startup\siszyd32.exe
Extended analysis of the malicious software here:
http://anubis.iseclab.org/?action=result&task_id=1596ebc77b0f8b50455c2be30bccc5450&format=html
polonus