Troj/Sisie-D

Aliases	Trojan-Spy.Win32.Sisie.d TROJ_SISIE.D
Category	Viruses and Spyware
Type	Trojan
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary


Affected operating systems	Windows
Characteristics	Installs itself in the registry
Included in our products from	August 2005 (3.96)
Protection available since	23 June 2005 06:05:15 (GMT)
Detected by	All Sophos products

Change any data that may have become compromised.

Troj/Sisie-D is a keylogger Trojan.

Troj/Sisie-D includes functionality to stealth its processes and inject its code into IEXPLORE.EXE.

When first run Troj/Sisie-D copies itself to <System>\systemie.exe and creates the following files:

<System>\sysie.dll - detected by Sophos as Troj/Sisie-D
<System>\systemie.dll - detected by Sophos as Troj/Sisie-D

Troj/Sisie-D may also create the following files:

<System>\syfs.dat
<System>\systemie.dat
<System>\sief.dat

These files may be deleted.

The file <System>\systemie.dll is registered as a Shell Service Object so as to run itself on userlogon, creating registry entries under:

HKCR\CLSID\(random ClassID)\InProcServer32\
(default)
systemie.dll

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
systemie
(random ClassID)

Troj/Sisie-D wil then send information to a remote website in the form of a self-constructed HTML web page.

Get reports about the latest virus and spyware threats delivered to your computer