Posted on 12/14/2009 12:05:45 PM PST by Lady Jag
SISZYD32.exe has possibly killed my FR computer.
Yesterday it hit suddenly despite the anti-virus and other utilities I run to protect against such stuff.
The victim computer is one I only use for FR and the sites it cites. That is the only clue I have to offer as to where it came from. I run several computers off a network and my FR computer is the only victim.
This is the worst I have ever encountered and a search for it shows that it is very dangerous and it showed up only about a week ago (AFAICT).
From years of experience I knew what to do yet the virus blocked every action, not even allowing startup in safe mode.
MalwarBytes, Spyware Doctor, SpyHunter and another one or two I tried to run were able to find it yet were blocked and defeated by siszyd32.exe.
This is day 2 and the computer boots with a black screen.
WARNING! Update all your protection software including registry cleaner, et al.
HELP! Can anybody help me get my FR black screen computer back?
Ping
That's what you get for buying a French computer........I'm surprised it didn't surrender first.
BTW, for me to be able to find the disk and the directions after 3 years means it has a 5 star rating. I can never find anything around here. :-)
Now that I’m learning something from this thread, I too concur with Darksheare.
Darksheare, my strange brother, thank you.
This is also nice to hvae which I do...
ClickFree 320GB Backup Hard Drive w/ Dock & InternalUSBCord
Virtual PC sounds interesting. Never heard of it.
If I get out of this alive I’ll definitely look into it.
Thanks.
That's a good first step.
wake up
I’m sorry to have brother you Mr. Gates. /SARCASM
I may try this tonight. Did you have to have a helper analyze your Combofix logs, as suggested?
That sounds like a good program too...sure beats reinstalling everything then having to get all of the updates too.
This is generally what I do:
As soon as the machine boots up, go to “Start/Run” and type “msconfig”.
On the “General” tab, select “Selective Startup” then unselect “Load Startup Items”, or just to be thorough, go to the “Startup” tab and deselect everything. But do note any startup items that have random letters in their names, that is usually a clue that is a rogue program.
Reboot in safe mode.
Usually if I know the virus was download that day, I will do a search of all files modified during the day, usually you will see a bunch of files with the same timestamp.
Make a note of any files that have the same timestamp. But unless you know what you’re doing, do not delete them, unless you are absolutely sure that none of those files are critical Windows System files. But just knowing where the files are could be important in solving where the virus came from.
Now even that won’t get rid of registry entries, so that’s especially where I would rely on Malwarebytes or Combo-Fix.
What is an “A drive”? Seriously. Most new PCs don’t have one, and even if they do, you would not be able to read the file names. (if the drive is NTFS)
i suggested VMware fusion for those who think they can’t do without windows.
Mac hardware is superior, albiet a bit pricey, but you get what you pay for.
i suggested VMware fusion for those who think they can’t do without windows.
Mac hardware is superior, albiet a bit pricey, but you get what you pay for.
I have gotten into the habit of making sure my files, software keys, etc are stored and backed up on portable drives. (Of course I scan them as well) On drive for backup, One drive for archives, One drive for music & video, one drive for pictures and another drive for my “stuff.”
I try to keep the laptop as uncluttered as possible so when something happens I do not have to worry about what I might lose. Then I do a clean install. A new broom sweeps cleaner and a reformatted drive runs faster.
The best and practically only way to keep these things out of a Windows computer is to establish a “limited permission” login id separate from the rest of your logins, which by default have administrative permission. In effect, on windows systems, it’s all or none with permissions.
With a limited (or standard) login id, most programs work just fine, but your system files and the system portion of the registry can not be altered. As long as you surf the web from a limited/standard login, you’re mostly safe, and whatever might creep in is very easy to remove and can’t do any serious system damage.
The main exception to this technique is that it’s of limited use on older HP XP computers (and maybe compaq and newer HP computers too, for all I know), because HP screwed up the inheritance of permissions in the Windows and Program Files folder, giving all users the right to manipulate all files and folders in these two critical system folders.
Had forgotten about pchell.com. It’s a good site. Can’t use it on a black screen, though.
On my desktop there’s a slot for a floppy disk and it’s called the A drive ... if you don’t have one you’d have to boot from a USB flash drive (stuff people told me) ...
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.