Know Your Malware: Sygyp Removal

Sygyp, also known as Gypsy, is an Internet worm that spreads by e-mail via messages with infected executable attachments and through network shares. The user can accidentally infect a computer by opening malicious e-mail attachment or running infected, but purportedly useful file.

Once executed, Sygyp silently installs itself to the system and runs a spreading routine. The worm uses Microsoft Outlook Express to send malicious letters to all the addresses it harvests from files found on the compromised computer. Sygyp searches through text and spreadsheet documents, programming files and local web pages. It also creates files purportedly related to Windows Update and shares them with other network or Internet users.

The parasite's payload is quite large and dangerous. Sygyp terminates running antiviruses, firewalls and other security-related programs. It disables the Windows Firewall and the Windows Security Center, lowers essential system security and file sharing settings, blocks access to numerous web sites including popular security-related resources. Sygyp also deletes all scheduled tasks, disables the Registry Editor and the Task Manager. The worm may also display certain messages and shutdown the compromised computer without user knowledge and consent.

Sygyp automatically runs on every Windows startup. Remove Sygyp, removal instructions

Linked by shanmuga Tuesday, 24th January 2006 11:32PM