Title: Sygyp
Type: Worms

Remove Sygyp. Removal instructions


 
Also known as: Gypsy
Severity scale:Sygyp severity is 67  (67 / 100)
 
Sygyp, also known as Gypsy, is an Internet worm that spreads by e-mail via messages with infected executable attachments and through network shares. The user can accidentally infect a computer by opening malicious e-mail attachment or running infected, but purportedly useful file.

Once executed, Sygyp silently installs itself to the system and runs a spreading routine. The worm uses Microsoft Outlook Express to send malicious letters to all the addresses it harvests from files found on the compromised computer. Sygyp searches through text and spreadsheet documents, programming files and local web pages. It also creates files purportedly related to Windows Update and shares them with other network or Internet users.

The parasite's payload is quite large and dangerous. Sygyp terminates running antiviruses, firewalls and other security-related programs. It disables the Windows Firewall and the Windows Security Center, lowers essential system security and file sharing settings, blocks access to numerous web sites including popular security-related resources. Sygyp also deletes all scheduled tasks, disables the Registry Editor and the Task Manager. The worm may also display certain messages and shutdown the compromised computer without user knowledge and consent.

Sygyp automatically runs on every Windows startup.

Sygyp properties:
• Hides from the user
• Stays resident in background

Automatic Sygyp removal:

SpyHunter is recommended remover to uninstall Sygyp. You should confirm using free trial that it detects current version of parasite.

Note: Manual assistance required means that one or all of removers were unable to remove parasite without some manual intervention, please read manul removal instructions below.

If you failed to remove Sygyp using SpyHunter please report this to us.

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use.
STOPzilla
We are testing STOPzilla's efficiency at removing Sygyp (2006-01-24 09:49:33)
Malwarebytes Anti Malware
We are testing Malwarebytes Anti Malware's efficiency at removing Sygyp (2006-01-24 09:49:33)
Spyware Doctor
We are testing Spyware Doctor's efficiency at removing Sygyp (2006-01-24 09:49:33)
XoftSpySE Anti Spyware

Sygyp manual removal:

Kill processes:
asistant_alert.exe, googleearthsetup.exe, netalert_v2.4.exe, netwatch_v1.0.3.exe, regverif32.exe, exploit_patcher_v1.0.0.exe
Delete registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regvfy32
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall=0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\crashonauditfail=0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\forceguest=0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\limitblankpassworduse=0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify=0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride=0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify=0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallOverride=0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify=0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskmgr=1
HKEY_CURRENT_USER\Identities\[Current User ID]\Software\Microsoft\Outlook Express\[Version]\Dont Show Dialogs\Compact Do Not Ask Again=1
HKEY_CURRENT_USER\Identities\[Current User ID]\Software\Microsoft\Outlook Express\[Version]\Dont Show Dialogs\Delete Thread Warning=6
HKEY_CURRENT_USER\Identities\[Current User ID]\Software\Microsoft\Outlook Express\[Version]\Dont Show Dialogs\Mail Empty Subject Warning=1
HKEY_CURRENT_USER\Identities\[Current User ID]\Software\Microsoft\Outlook Express\[Version]\Dont Show Dialogs\Send Mail Warning=1
HKEY_LOCAL_MACHINE\SOFTWARE\Gypsy\W32.Gypsy
Delete files:
asistant_alert.exe, googleearthsetup.exe, netalert_v2.4.exe, netwatch_v1.0.3.exe, regverif32.exe, exploit_patcher_v1.0.0.exe, fwall32.reg, ntfs32.reg, oe32.reg, reg32.reg, sec32.reg, sys32.reg, w32info.reg
Delete directories:
C:\Program Files\WindowsUpdate
Misc:
The googleearthsetup.exe file arrives attached to Sygyp e-mail messages.

Exact file location:
googleearthsetup.exe - C:\Windows or C:\Winnt
asistant_alert.exe, netalert_v2.4.exe - C:\Program Files\WindowsUpdate\System Security
exploit_patcher_v1.0.0.exe, netwatch_v1.0.3.exe - C:\Program Files\WindowsUpdate\System Security\Updates.tmp
regverif32.exe, fwall32.reg, ntfs32.reg, oe32.reg, reg32.reg, sec32.reg, sys32.reg, w32info.reg - C:\Windows\System, C:\Windows\System32 or C:\Winnt\System32
Information added: 2006-01-24 07:12:18
Information updated: 2006-01-24 07:12:18

Additional resources related to Sygyp:

Attention: If you know or you have a website or page about Sygyp removal, feel free to add a link to this list: add url

more resources

Post Comment:

Attention: Use this form only if you have additional information about Sygyp parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.
Home page Name



«


* All field required
Latest spyware news:
Subscribe to news

Similar parasites:
Compare spyware removers
Compare free products

HijackThis Log Analyzer Beta 2 HijackThis Log Analyzer Beta 2

I failed to remove Sygyp using SpyHunter.

Email


Close

Spreading the knowledge:

It is very hard to fight Computer parasites alone in internet space. If you have a website we would be more than happy if you would help us to spread the knowledge about latest threats. You can help your visitors to manage their Computer system manually without aditional expences. Knowledge is the power, we just need to spread it.
add text box
rss feed
help other