2. Fórumok
  3. OS, alkalmazások
  4. Windows XP
  5. (kiemelt téma)
Keresés
  • Téma összefoglaló
    Utoljára frissítve: 2023-12-13 05:19

    IT café

    Windows XP kérdések és válaszok

Új hozzászólás Aktív témák

  • #30374 Solar_Wind senior tag Poo #30363
    Új Válasz #30374
    Új hozzászólás
    Összes hozzászólása itt Válaszok az összes hozzászólására itt Válaszok erre a hozzászólásra
    Privát üzenet küldése

    Solar_Wind

    senior tag

    válasz Poo #30363 üzenetére

    Sajnos megtaláltam, mi okozza a dolgot, de nagyon nem egyszerű. Az AVAST fórum tele van vele, de én nem vagyok nagy gép-guru, és úgy tűnik, hogy ezt rohadt nehéz leszedni, mert elbújós, rootkit-es (siszyd32.exe), szal nem tudom, mi legyen:

    This Trojan started in Eastern Europe about a year ago, but it's now appearing in US systems, and others around the world.
    This Trojan, when executed does a call home to a .RU, .PL, or .DE website (there are probably others), and installs a rootkit on your system that re-applies it even IF your ANTI-Malware scanner catches it. The crazy thing is that Symantec, CA, McAfee, etc are not catching this Trojan.
    AVAST and ESET, and the new Microsoft Security Essentials are, but if the Trojan calls home to Russia successfully, it will install a rootkit that is more difficult to remove.
    Based upon my research, this was first seen in the Western Hemisphere on or about 09 December 2009, but it may have roots in Poland going back at least to June 2008.

    You can check to see if you are infected easily. Go to your Documents and Settings/%user% (this is the infected user on your system, check them all)/Start Menu/Programs/Startup/ Make sure that you have show all files on, and if siszyd32.exe is there, you have been infected, and just removing it may not help at all.

    Go out to AVAST Forums: http://forum.avast.com/index.php
    And search on siszyd32 or siszyd32.exe for removal instructions.

    A worst case is that you can run msconfig and disable the startup of siszyd32.exe, but if the rootkit is already installed it will be calling for malware all over Eastern Europe anyway, and you'll have to go through the removal process...of which no-one seems to have a consolidated cleaner for.

    Just an FYI for all of you. if you have a svchost.exe process thats just recently gone out of whack, it is probably this Trojan/Rootkit.

Új hozzászólás Aktív témák