I got infected with sysgif32

My system is very slow and it taskmanager is showing 100% CPU Utilization for SVCHOST.exe which belong to microsoft as confirmed with sysinternals procexp.exe .

Sysinternals has got wonderful set of tools to get into nuke and corner of windows, so that we can know what exactly is going on.

Then checked with sysinternals autoruns.exe

Whoa..found this sysgif32 in autorun with source file ~TMP42.tmp in windows temp folder. Immediately removed (i logged in safemode) that and stored in my quarentine folder for analysis.

Now i am looking for some guide for malware analysis and found this Presentation by Mandiant software. I am going through this Malware  Analysis presentation now.


About wikihead

A Seeker. Information Security Professional, Pursuing Life with Ayurveda.
This entry was posted in Articles, security and tagged . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s