Problem with Syssecurity spyware/browser hijack

faceman

Anyone ever come across a virus/browser hijacker/spyware that defaults your browser to the website (DONT try click this link) syssecurity.com? IT also causes regular pop ups and icon in the tray saying your PC is at risk from virus etc. Ive ran AD-Aware, Spybot, Symantic Anti-virus and Ewido which removed some of problems but the browser one remains. I cant change my home page from syssecurity.

All my searches online seem to have people with similar problems. SOmeone mentioned online about removing a video codec which must have been downloaded to cause the problem through Add/Remove Programs but I cant find anything in there.

Anyone come across it?

r3nu4l

Download and install "hijack This" (http://www.snapfiles.com/Freeware/security/fwantispy.html)

Post the Hijack This log here:

http://www.castlecops.com/f67-Hijackthis_Spyware_Viruses_Worms_Trojans_Oh_My.html

The folks at CastleCops are brilliant! You have to register (for free) first then post the log, it takes a couple of days for them to get back to you but you won't go wrong and they will almost certainly solve the problem. I haven't seen anyone post a log with syssecurity in it but if anyone can solve it then CastleCops can.

Don't use the Repair (Fix) button on HiJack This unless you know exactly what you are doing as you could seriously mess up your machine for good.

Good luck

faceman

Cheers dude, just did that. Wish me luck!

r3nu4l

Hey Faceman,

I went to CastleCops and can't seem to find your log. PM me the link to the thread if you like and I'll have a very quick look to see if I can identify anything obviously strange. The 1st responders at CastleCops are always up to their eyeballs so can take a few days to get back to you and you may need to copy your thread into the sticky at the top if you haven't received a 1st responder reply within 5 days.

Anyway, PM me if you like.

Cheers.

pablo21

I've had three PC's this week with the same problem and the only thing I could do was a fresh install on each one! Its a trojan dropper that initialises each time you restart. The AV doesnt pick it up and the only Antispyware that picked it up was spyware doctor and even then it couldnt completely get rid of it! I wish you luck with it.

PS. It also mentioned winantivirus in the popups, and after a bit it wouldnt let me browse my computer or networks unless I booted in safe mode.

r3nu4l

Here's someone who managed to remove it (either directly or co-incidentally as some other function was killed). I don't recommend you follow these steps as each PC is different but have a look at the site and see whether you would like to post your logs there.

http://forums.maddoktor2.com/index.php?showtopic=8003
Edit: Another one where the problem was fixed: http://www.lavasoftsupport.com/lofiversion/index.php/t1324.html
It is possible to get rid of it but may be difficult depending on what else is on your machine. You may need to switch off system restore before you clean, then turn on system restore and make a fresh restore point, otherwise the malware could re-activate if you ever return to an old (pre-cleaning) restore point.

EDIT: Check your system for a program called SpyFalcon - is it installed? That could be your problem. Let us know what's happening.

faceman

Thanks to everyone who replied i got sorted by fluke i think! I had a mate advise me to delete anything spurious in the startup folder and then i did the same in the registry. After that i ran spybot, ad-aware etc and problem seems fixed.

Thanks again to all for you responses. Really appreciate it.