Siszyd32.exe (Siszyd32) Trojan Virus File Removal

Danger Siszyd32.exe is a dangerous file which creates activities on a user’s computer which may be highly undesirable. This file is unsafe.

Type: Trojan Virus (Click Here To Learn More)
Location: C:\Documents and Settings\[username]\Start Menu\Programs\Startup\Siszyd32.exe (Click Here To Learn How To Locate)
Risk Level: Moderate (Learn More About Risk Levels)

Below is our recommended removal tool for Siszyd32.exe. The removal tool has been rated 5 cows out of 5 by Tucows and was previously CNET’s Editor’s Choice. Feel free to download it below.

download

Manual Removal – Siszyd32.exe may be removed through analyzing your HijackThis log. Feel free to post your hijackthis log below if you need assistance analyzing it. Hijackthis will be ideal to manually remove the virus

Click Here To Learn About HijackThis. To download HijackThis, please click HERE.

Siszyd32.exe File Details -
File Type – EXE – Siszyd32.exe is a executable file
First Identified – December 9 2018

Common Questions -
1. What is a computer virus? (Click Here To View)
2. How did I get this computer virus? (Click Here To View)
3. What common symptoms show that my computer may be infected? (Click Here To View)
4. How can I check if Siszyd32.exe is a computer virus? (Click Here To View)
5. What are some antivirus and antispyware programs which I can use to remove viruses and spyware? (Click Here To View)

We recommend that you follow our safety tips so that you can keep your computer clean. Please click here to view our safety tips

Please post comments below. Your comments are both useful to visitors and to us.

This entry was posted on Wednesday, December 9th, 2018 at 1:02 am and is filed under Malware Removal. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

7 Responses to “Siszyd32.exe (Siszyd32) Trojan Virus File Removal”

Levi December 14th, 2018 at 12:53 am

I went through an online microsoft site to have a so called expert go through and fix all the registry errors on my computer and eliminate viruses…. I did the security tool removal myself last week and now I have the siszyd32 virus and maybe either it or something else is hijacking my computer to send out spam or something, probably trying to send itself to other people. I’ve deleted all of my contacts and everything so it can’t spread itself anymore and I’ve installed hijack this, but I can’t find the siszyd virus anywhere in the log it gave me. Any help would be appreciated. Here’s the logfile I saved:

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 7:35:43 PM, on 12/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.yahoo.com
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = https://search.bearshare.com/sidebar.html?src=ssb
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*https://www.yahoo.com/ext/search/search.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://www.yahoo.com
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.yahoo.com/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://www.yahoo.com
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = https://www.crawler.com/search/ie.aspx?tb_id=60252
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = https://dnl.crawler.com/support/sa_customize.aspx?TbId=60252
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*https://www.yahoo.com/ext/search/search.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://www.yahoo.com
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.crawler.com/search/ie.aspx?tb_id=60252
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = https://dnl.crawler.com/support/sa_customize.aspx?TbId=60252
R1 – HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://www.yahoo.com
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
F2 – REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 – BHO: (no name) – {02478D38-C3F9-4EFB-9B51-7695ECA05670} – (no file)
O2 – BHO: AcroIEHelperStub – {18DF081C-E8AD-4283-A596-FA578C2EBDC3} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 – BHO: SSVHelper Class – {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} – C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 – HKLM\..\Run: [avgnt] “C:\Program Files\Avira\AntiVir Desktop\avgnt.exe” /min
O9 – Extra button: (no name) – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 – Extra ‘Tools’ menuitem: Sun Java Console – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O16 – DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) – https://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 – DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) – https://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 – DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) – https://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 – DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) – https://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 – DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} – https://download.divx.com/player/DivXBrowserPlugin.cab
O16 – DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} – https://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 – Winlogon Notify: !SASWinLogon – C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 – SharedTaskScheduler: Browseui preloader – {438755C2-A8BA-11D1-B96B-00A0C90312E1} – C:\WINDOWS\system32\browseui.dll
O22 – SharedTaskScheduler: Component Categories cache daemon – {8C7461EF-2B13-11d2-BE35-3078302C2030} – C:\WINDOWS\system32\browseui.dll
O23 – Service: Avira AntiVir Scheduler (AntiVirSchedulerService) – Avira GmbH – C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 – Service: Avira AntiVir Guard (AntiVirService) – Avira GmbH – C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 – Service: ConfigFree Service (CFSvcs) – TOSHIBA CORPORATION – C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe


End of file – 5778 bytes

Virenentferner December 21st, 2018 at 7:25 am

Hallo, hier mal eine Anleitung: Ihr ladet auch “FreeFixer” herunter das Programm kostet nichts. Dann startet ihr Windows im Abgesicherten Modus. Danach müsst ihr FreeFixer durchlaufen lassen. Nach dem Scan steht dort dann ein Scan der auf siszyd32 verweist. Dort auf “Delete”. Dann nach unten Scrollen und “Fix” klicken.

Danach im /dokumente und einstellungen//programme/autorun (oder so ähnlich, den richtigen Pfad findet ihr bei Freefixer) die Datri siszyd32 löschen und entfernen aus dem Papierkorb.

Dann läuft das System einwandfrei.

Eventuell noch mit AVG durchchecken lassen.

Fertig :D

Sparks December 23rd, 2018 at 9:32 am

You won’t find “siszyd.exe” on your computer… there is a second Startup item that loads a DLL… and that DLL dynamically write the file in you STARTUP folder, loads it as a service show it shows up as a SRVCHOST (DCOM) using 99% of the CPU.

anarchiste December 28th, 2018 at 5:14 pm

OK, I have no idea what the thing does but it does seem to commandeer processor time and bizarrely enough asked for permission to connect to the internet via zonealarm. I was alerted to this bizarre behaviour because it was a ~tm169.tmp that seemed to want to execute as an exe.

I said no – but stupid me ignored that even though it didn’t connect to the internet it did however drop a file siszyd32.exe into the start up folder – but you take a look there and no it is not there! I noticed that Skype literally crawled across the internet every website was slooooooowwwwww and that using Task Manager revealed that this little svchost file (why don’t they identify “this svchost instance is xyz” etc in Task Manager – surely that little programming gem didn’t require rocket science) that was helping itself to 99% processor 1. Don’t know if it can spawn off other processes that will then take over processor 2.

So, I did my usual antivirus using AVG (free – I was happy so far) and that revealed nothing. Googled the mysterious siszyd32 and bingo, and it is someone’s little New Year’s goodie to us.

Right – you want to know how I got rid of it?

1. Choose the simplest route – not like me creative brain surgery on the registry coupled with msconfig – too slow and it doesn’t kick the process out of memory although the fun of removing the registry entry for Poker themes (well that is apparently what it described siszyd on my machine) was quite rewarding. And if does make you feel better then go to your Windows temp folder and delete any files such as ~TM167.tmp (I had three files all created at the same time and noted the time which is immensely useful if you want to extrapolate when and how you got this gift that keeps on giving – if you have firefox look at your history for that time).

2. Having concluded that you now want to use the simplest route – download Malwarebytes Anti-Malware (google it) – install, update, and run it on a simple scan.

More than likely once it has finished it will either give an all clear or you will be advised of what problems are on your machine – you then choose what you want to remove (basically just follow instructions) and then reboot at which point it will kick the process out and restart clean.

3. Rerun the anti-malware and check it has gone.

4. For a final flourish you might want to create a restore point and call it CLEAN after VIRUS or something like that.

Hope this helps :)

tejakar pawar December 31st, 2018 at 7:40 pm

yesterday, my PC was also slow because of this SRVCHOST (DCOM) using 99% of the CPU.You will get siszyd.exe in startup.
Download HiJackThis and MBAM from filehippo.com.
HiJackThis log will show siszyd.exe in startup.
Use can use MBAM to remove siszyd.exe.

Bappen January 4th, 2019 at 1:38 pm

Hittar ingen syszyd.exe som sparks sa. har kört freefix utan resultat. i msconfig kommer syszyd alltid tillbaka och lägger sig som autostart. hur många gånger jag än bockar ur rutan.
hittar inte heller någon srvchost varken i aktivitetshanteraren eller i systemfoldern.
så störande! har aldrig misslyckats med att fixa ett virus förr. men svårt att fixa när jag inte får tag i en enda fil av viruset.
formatering som gäller eller?

Craven January 11th, 2019 at 6:31 am

K, well I tried everything I’ve seen so far. MalwareBytes doesn’t even recognize the siszyd32.exe file as a virus and picks up no threats from it, I located the file, scanned directly and nothing. The only files on malware that conclude as a virus is a rootkit.agent file called furumcnp.sys which is in my drivers file.

Found something called ‘freefix’ and tried it. Same as malwarebytes, nothing poped up. Then came across hijackthis, and -still- got nothing at all. Yet, when I restart my computer it still says the siszyd32.exe file is there. Both me and my gf got it in the same day on our computers, and haven’t been able to get rid of it. As for the hijackthis log file, it goes as followed.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:53:15 PM, on 1/10/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\TeamViewer\Version5\TeamViewer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe

R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 – URLSearchHook: AIM Toolbar Search Class – {03402f96-3dc7-4285-bc50-9e81fefafe43} – C:\Program Files\AIM Toolbar\aimtb.dll
O1 – Hosts: ::1 localhost
O2 – BHO: AcroIEHelperStub – {18DF081C-E8AD-4283-A596-FA578C2EBDC3} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 – BHO: (no name) – {5C255C8A-E604-49b4-9D64-90988571CECB} – (no file)
O2 – BHO: SSVHelper Class – {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} – C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 – BHO: Windows Live Sign-in Helper – {9030D464-4C02-4ABF-8ECC-5164760863C6} – C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 – BHO: AIM Toolbar Loader – {b0cda128-b425-4eef-a174-61a11ac5dbf8} – C:\Program Files\AIM Toolbar\aimtb.dll
O2 – BHO: SMTTB2009 – {FCBCCB87-9224-4B8D-B117-F56D924BEB18} – C:\Program Files\HyperCam Toolbar\tbcore3.dll
O3 – Toolbar: AIM Toolbar – {61539ecd-cc67-4437-a03c-9aaccbd14326} – C:\Program Files\AIM Toolbar\aimtb.dll
O3 – Toolbar: HyperCam Toolbar – {338B4DFE-2E2C-4338-9E41-E176D497299E} – C:\Program Files\HyperCam Toolbar\tbcore3.dll
O4 – HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] “C:\Program Files\Malwarebytes’ Anti-Malware\mbam.exe” /runcleanupscript
O4 – HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘LOCAL SERVICE’)
O4 – HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)
O4 – HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘NETWORK SERVICE’)
O9 – Extra button: (no name) – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 – Extra ‘Tools’ menuitem: Sun Java Console – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 – Extra button: Blog This – {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} – C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 – Extra ‘Tools’ menuitem: &Blog This in Windows Live Writer – {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} – C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O13 – Gopher Prefix:
O18 – Protocol: bwfile-8876480 – {9462A756-7B47-47BC-8C80-C34B9B80B32B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 – Protocol: skype4com – {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} – C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL


End of file – 3814 bytes

Any help at all would be useful, because as of now I’m not sure what to do.

Also, my girlfriend scanned with AVG which also did not pick it up.

Leave a Reply