SiSBase.dll
20 posts
• Page 1 of 2 • 1, 2
SiSBase.dll
For some reason unknown to me, a file has gone missing in sistray.exe
I get two notices (nicely boxed with lovely little Red X):
The first says:
sistray.exe
entry point not found
?ReadKeyString@CSISReg@@SAHPAD0H0PAUHKEY-@@K@Z could not
be located in dynamic link library SiSBase.dll.
The second says:
keyhook.exe
procedure entry point
(and then repeats the information given above)
Making the *huge* assumption that I can d/l and install
this as a stand-alone file...can anyone point me in the
direction of a source for it??
If my assumption does what assumptions usually do
hope you can ... HELP!!!
Thanks in advance,
K
Both of these problems can be cause by trojans. If you use an antivirus product, make sure it's up to date. You should also try scanning with an online program such as Symantecs. There's a link to it on this page.
http://securityresponse.symantec.com/
http://securityresponse.symantec.com/
ktjo wrote:Thanks, but I've run both Adaware and Norton - nada.
In the meantime, I've still got the problem of the missing files.
Any suggestions on where I might find them would be appreciated.
Thanks again..
Do a search of your computer without the extention. They may have been renamed. Search for systray.* and keyhook.*
Keyhook.exe records your keystrokes. See:
Method: Keystroke Recorders
Description: Keystroke recorders (aka. keyboard loggers, keyloggers, keystroke hookers, etc) are programs with the ability to record keys pressed on the keyboard. Usually, programs only need to monitor the keys being pressed in their own application, but sometimes programs need to be able to record all keys pressed in all programs. For example, a trojan might want to record all your keystrokes so as to see which usernames and passwords you type in, as well as any websites you visit, as well as any chat sessions you might have. To achieve this, the program must create a global keyboard hook. It achieves this by making a call to the SetWindowsHookEx function in user32.dll
Source
Method: Keystroke Recorders
Description: Keystroke recorders (aka. keyboard loggers, keyloggers, keystroke hookers, etc) are programs with the ability to record keys pressed on the keyboard. Usually, programs only need to monitor the keys being pressed in their own application, but sometimes programs need to be able to record all keys pressed in all programs. For example, a trojan might want to record all your keystrokes so as to see which usernames and passwords you type in, as well as any websites you visit, as well as any chat sessions you might have. To achieve this, the program must create a global keyboard hook. It achieves this by making a call to the SetWindowsHookEx function in user32.dll
Source
- phileysmiley
- Media Director
- Posts: 13745
- Joined: Mon Jun 21, 2004 4:20 pm
- Location: Delray Beach FL USA
- Real Name: Larry Richman
Sistray.exe is also a trojan. See:
Trojan Characteristics:
This is a trojan which displays Italian messages, modifies the registry and shuts down the system after each reboot.
When executed it does the following:
Drops the files Sistray.exe and Sistrai.exe into folder C:\Windows\Command\
The file Sistrai.exe is a utility which shuts down the system and we detect it as 'Reboot-Q trojan'
Drops the file Explorer.exe into folder C:\Windows\System\
Replaces Autoexec.bat - The original is renamed to Autoexec.bac
Renames the MSconfig.exe in C:\Windows\System\ to system12.sys
The following registry keys are modified so that the system is shut down after every reboot.
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsCurrentVersion\Run
"Sistray" C:\Windows\Command\sistrai.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsCurrentVersion\RunOnce
"Sistray" C:\Windows\Command\sistray.exe
It disables the Windows REGEDIT utility so that the user cannot edit the registry by setting the the following key value to 1:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools
It also removes the Run option from the Start menu as well as 'Favourites, 'Documents' and 'logoff' by setting the their key values to 1 from the following registry location.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Source
Trojan Characteristics:
This is a trojan which displays Italian messages, modifies the registry and shuts down the system after each reboot.
When executed it does the following:
Drops the files Sistray.exe and Sistrai.exe into folder C:\Windows\Command\
The file Sistrai.exe is a utility which shuts down the system and we detect it as 'Reboot-Q trojan'
Drops the file Explorer.exe into folder C:\Windows\System\
Replaces Autoexec.bat - The original is renamed to Autoexec.bac
Renames the MSconfig.exe in C:\Windows\System\ to system12.sys
The following registry keys are modified so that the system is shut down after every reboot.
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsCurrentVersion\Run
"Sistray" C:\Windows\Command\sistrai.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsCurrentVersion\RunOnce
"Sistray" C:\Windows\Command\sistray.exe
It disables the Windows REGEDIT utility so that the user cannot edit the registry by setting the the following key value to 1:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools
It also removes the Run option from the Start menu as well as 'Favourites, 'Documents' and 'logoff' by setting the their key values to 1 from the following registry location.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Source
- phileysmiley
- Media Director
- Posts: 13745
- Joined: Mon Jun 21, 2004 4:20 pm
- Location: Delray Beach FL USA
- Real Name: Larry Richman
20 posts
• Page 1 of 2 • 1, 2
Return to General Windows Support
Who is online
Users browsing this forum: Bing [Bot] and 9 guests