Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

sisytj32.exe in Startup


  • This topic is locked This topic is locked
5 replies to this topic

#1 NMajor

NMajor

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:08 PM

Posted 06 June 2010 - 06:09 AM

Ola,

So I'm not a complete noob at Malware etc, but lately I have two or three things that have infected my PC that I cannot get rid of, and the sisytj32.exe is recent and I've chosen to disable the internet on the PC due to it looking like it's sending and recieving something.

So in Startup (folder and Programs) I have a sisytj32.exe - It's 30kb and Google brings up nothing. The icon is a Radar also.

I have run HiJackThis and it brings this up and when I state info it states the NewDotNet infections - Yet the infected files do not exist, and MBAM, Avira, S&D and HiJackThis cannot remove it (the first 3 dont even find it). Also it's impossible to remove it from msconfig.

When you turn on the internet, a command prompt will flicker all the time and it makes the PC impossible to use, funnily enough in Task Manager it states a Sysfader.exe.

Anyone help on this matter at all?

I have 2 other infections, but the names I cannot remember yet, Ill update asap.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:08 PM

Posted 06 June 2010 - 01:53 PM

First, Download LSPFix.exe to a convenient location. Do NOT run this program yet.
This is only to be used if you lose Internet Access after removing NewDotNet.

To Get rid of NewDotNet, go to:
Start > Control Panel > Add or Remove Programs and remove the following:
New.Net Applications or New.Net Domains (anything that says New.Net)

If nothing is found, let me know and we will search for it in another manner.

In the event that you lose Internet access after removing New.Net, please double-click LSPFix.exe that you downloaded earlier. Check the "I know what I'm doing" button. You will see 2 panels. If there is any file listed in the "Remove" panel on the right-side, leave it as is and just click "Finish>>" then reboot your computer and you should now have access to the Internet. If nothing is listed under the "Remove Panel", do NOT do anything - just close the program. You will need to use another computer to come back here for further instructions on what to do.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Durand007

Durand007

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:08 PM

Posted 06 June 2010 - 04:14 PM

I just started having the same problem the user who posted this message had. I opened Internet Explorer and these command prompt windows started flashing. I found the file "sisytj32.exe" in the startup window when I ran msconfig.

I followed your reply to go to the Control Panel and "Add/Remove Programs" but I did NOT find anything unusual in there such as New.Net Applications or New.Net Domains (or anything with New.Net for that matter).

I tried unchecking sisytj32.exe in the startup panel but it just loads itself anyway upon reboot.

What should I try next?

#4 NMajor

NMajor
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:08 PM

Posted 06 June 2010 - 04:23 PM

I just started having the same problem the user who posted this message had. I opened Internet Explorer and these command prompt windows started flashing. I found the file "sisytj32.exe" in the startup window when I ran msconfig.

I followed your reply to go to the Control Panel and "Add/Remove Programs" but I did NOT find anything unusual in there such as New.Net Applications or New.Net Domains (or anything with New.Net for that matter).

I tried unchecking sisytj32.exe in the startup panel but it just loads itself anyway upon reboot.

What should I try next?


Hey Boop, same as this guy here - There is nothing I can find except the .exe in the Startup location.

Is the only way to possibly use a delete on boot program to delete the .exe?

Thanks

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:08 PM

Posted 06 June 2010 - 04:57 PM

hello, This is not a tidserv rquest that is being blocked is it?

If not it's very new, possible just the firewall doing it's job. Let's get a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.

You each need to create a separate topic there.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,112 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:08 AM

Posted 08 June 2010 - 07:38 AM

Hello,

Now for the hard and frustrating part: waiting.

Now that you have posted a log, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Response Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days, up to two weeks perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users