MAC-NETHow toNetwork SecurityVirus ProtectionSpyware ProtectionDownloadReferenceContact
 

Do more with FirefoxNEW

5 Top security flaw found in corporate networks

Alert: Apple Security Bulletin

Alert: MS Security Bulletins

Alert: MS Security Tips

Browser crash test

Critical Alert

Firewall

Firewall on fire!

Hoaxes: E-mail

Internet Protocol Network Camera Surveillance

Mail relay test

Network Setup Checklist

Network Worms

On-line Privacy

Process - OK

Process - Bad & Ugly

Rootkits

Rotten Cookies

TCP Holed

TCP Port

TCP Port ~ 1024

TCP Port ~ 1352

TCP Port ~ 2500

TCP Port ~ 65301

TCP Port Scan

Web Security
Home » Network Security » Process - Bad & Ugly » 

SysAI.exe

FilePath : C:\Program Files\SysAI\
BasePriority : Normal
FileSize : 516 KB
FileVersion : 1, 0, 0, 1
CompanyName : Apropos Media
FileDescription : Internet Explorer
InternalName : Ads.
OriginalFilename : SysAI.exe
ProductName : Ads
Type : Process
Data : sysai.exe
Object : C:\Program Files\SysAI\

Associated files: C:\Program Files\SysAI\AproposPluginz.dll

SysAI.exe is a process associated with the Apropos Media Trojan. This process changes your default homepage and redirects you to other sites.  Terminate this process task and delete the file.

commentPost your comment

spyware developers should not be killed there
hands should be removed. if we cannot locate them then there childens hands should be cut off.
bill jay
3/20/2006 4:51:50 AM - US  | commentreply

on the family laptop sysai is causing trouble please help us.

Sincerly, Xavier
XAVIER
3/26/2005 11:59:48 PM - US  | commentreply

My problem is firstly that I can´t find sysai anywhere on my computer. I have searched and browsed through many possible places where it could be but to no awail. Is there a possability that it has changed its name so that I can´t see it?
Sysai starts running when I use Outlook Express, if it could be to any help.
Please help, it´s ruining everything!

In reply to ChowPost:
Sysai.exe is at least one part of an elaborate internet Pop-Up nightmare. The net result of SysAI.EXE and the complementary set of executables is to create a SVCHost on the machine that will produce randomly named *.EXE files and make links to a java website to generate the next advertising pop-up. Using CTL-ALT-DEL will show you that SysAI.EXE is running and removing it will not solve the problem. Killing the process helps, but because it has spawned any number (I´ve found three and seven) of randomly numbered *.EXE programs, they will eventually, depending upon the speed of the machine, replicate yet another set. SysAI can be found as a hidden file located in C:\Windows\System or C:\Windows\System32 (WinXP). Since it is hidden it is more difficult to removed. Under Win98, launching Command propmpt only will let you use DOS command levels to change to ATTRIB and delete the files. This is only the beginning. Using CTL-ALT-DEL in Windows, you will notice SysAI and other strange named EXE files running. Making notes of those names (Hnny*.*, Udnp*.*, Ldz*.*, USWB*.*, L7qp*.* etc) should lead you to find these also hidden files under the root and/or System folders. Under WinXP, you will also discover them hatching a Prefetch file using the filename as well. Under DOS-prompt, preferably armed with the first four or five characters of the filename, try this command DIR [file] /ah /s from the root the above command will return a list of all files by that name on the entire disk having the hidden attribute. I recommend using only the first four or five characters of the file name as usually as random sets as the file names can be rather long and you might notice that they start and stop so quickly on the machine that you may not have time to get them all. (This was one of my experiences on a machine that had seven programs in self-regeneration.) For Example; DIR hnny*.* /ah /s returned both the prefetch and the hidden file in the System32 folder. Change the attributes of the hidden file using the following command ATTRIB -h -s C:\windows\system32\hnny*.* and then delete them all using DEL hnny*.* /s You should do this for all the files you ´notice´ that do not belong. You are not finished yet as there are registry entries from the source programs that will regenerate others when you next boot normally into windows. Thus, you should proceed only when you have purged them all from the registry using the regedit proceedure. This can be problematic for those not familiar with Regedit. However, not impossible. Some of the Web sites I found include but not limited to; KAZAA, GATOR, BargainBuddy, WhenUWatch, MySearchBar and Totempole. The files associated with TotemPole were most interesting as the company name under profile was ´We Rule´. Oh, there is another hidden file for which to look called 1984*.* That in itself is a bit ominous. Since they do nothing destructive (Thus far) they are ´legal´ and therefore virus checking software will not root them out. Since they are gotten by surfing the web and are not destructive, using Microsoft´s own programs, they can set themselves up as hidden and system files. Proceed with caution and diligence. Many of my customers try Pop-Up ad blasting software which does no good whatsoever. The result is yet another program, or several programs, running looking for the pop-up programs and killing them. However, since the files re-generate randomly named executables, you can easily see that the pop-up guard program will become ineffective.

Djinex
12/26/2004 5:19:20 PM - SE  | commentreply

what was your solution
Carole
9/9/2004 5:44:25 AM - US  | commentreply

Dunno, you could try responding to my solution and telling me if and why it didn´t work..
flyingfox
9/8/2004 4:07:04 AM - UK  | commentreply

I don´t like companies that install their software on my computer...
Anonymous
8/3/2004 4:19:58 PM - US  | commentreply

Did you ever find a cure -

This is the same thing that is happening to me and I am ready to throw the PC out the window -
Sean
6/19/2004 12:51:42 AM - US  | commentreply

Excuse me, but I can´t delete SysaI and all my programs are runing slow because of it. Everytime I hold alt+ctrl+delete it shows SysaI[not responding] and when I close it, my computer freezes. What should i do?

-Kevin
kevin
6/6/2004 11:54:31 PM - US  | commentreply

Hey everyone. I seemed to have gotten rid of this problem much more easily. Apparently it comes with an uninstaller.

Click start, click search and "files and folders". Search for sysai, and you´ll find one in C:\PRogram Files\SysAI. Open it, and there should be an uninstaller there. Run it, give it a moment, and most of the content in that folder (including the actual program) should be gone. No need to modify registry keys and do MS DOS commands. Also, to access your registry you simply click the Windows start button, go to run & type in regedit.
Flyingfox
5/20/2004 7:46:51 AM - UK  | commentreply

ARRRRRRRRGH! SYSAI.EXE IS RUINING MY LIFE! ARRRRRRRRGH! SOMEONE KILL IT! KILL IT!!!! AAAAAARRRRRRGGGGHHHHH! PLEASE KILL IT NOOOOW!
AAAARRRRRGH!
5/19/2004 10:29:01 PM - CA  | commentreply

I do wish to add a bit of caution when rooting out problematic programs using DOS or Command entries. Be very careful not to delete necessary files as was my experience in a rush. One random program was using Microsoft´s NUL.SYS under XP and you can see that if you only use the first three character, you may well dump this file in error or haste. The offender in this case was NULFD.exe and had I just used NUL*.* it would have killed the NUL.SYS as well.

Just be warned and careful.


ChowDown
5/10/2004 1:31:45 AM - US  | commentreply

Sysai.exe is at least one part of an elaborate internet Pop-Up nightmare. The net result of SysAI.EXE and the complementary set of executables is to create a SVCHost on the machine that will produce randomly named *.EXE files and make links to a java website to generate the next advertising pop-up.

Using CTL-ALT-DEL will show you that SysAI.EXE is running and removing it will not solve the problem. Killing the process helps, but because it has spawned any number (I´ve found three and seven) of randomly numbered *.EXE programs, they will eventually, depending upon the speed of the machine, replicate yet another set.

SysAI can be found as a hidden file located in C:\Windows\System or C:\Windows\System32 (WinXP). Since it is hidden it is more difficult to removed. Under Win98, launching Command propmpt only will let you use DOS command levels to change to ATTRIB and delete the files. This is only the beginning.

Using CTL-ALT-DEL in Windows, you will notice SysAI and other strange named EXE files running. Making notes of those names (Hnny*.*, Udnp*.*, Ldz*.*, USWB*.*, L7qp*.* etc) should lead you to find these also hidden files under the root and/or System folders. Under WinXP, you will also discover them hatching a Prefetch file using the filename as well.

Under DOS-prompt, preferably armed with the first four or five characters of the filename, try this command

DIR [file] /ah /s

from the root the above command will return a list of all files by that name on the entire disk having the hidden attribute. I recommend using only the first four or five characters of the file name as usually as random sets as the file names can be rather long and you might notice that they start and stop so quickly on the machine that you may not have time to get them all. (This was one of my experiences on a machine that had seven programs in self-regeneration.) For Example;

DIR hnny*.* /ah /s

returned both the prefetch and the hidden file in the System32 folder. Change the attributes of the hidden file using the following command

ATTRIB -h -s C:\windows\system32\hnny*.*

and then delete them all using

DEL hnny*.* /s

You should do this for all the files you ´notice´ that do not belong.

You are not finished yet as there are registry entries from the source programs that will regenerate others when you next boot normally into windows. Thus, you should proceed only when you have purged them all from the registry using the regedit proceedure. This can be problematic for those not familiar with Regedit. However, not impossible.

Some of the Web sites I found include but not limited to; KAZAA, GATOR, BargainBuddy, WhenUWatch, MySearchBar and Totempole. The files associated with TotemPole were most interesting as the company name under profile was ´We Rule´.

Oh, there is another hidden file for which to look called 1984*.* That in itself is a bit ominous.

Since they do nothing destructive (Thus far) they are ´legal´ and therefore virus checking software will not root them out. Since they are gotten by surfing the web and are not destructive, using Microsoft´s own programs, they can set themselves up as hidden and system files. Proceed with caution and diligence.

Many of my customers try Pop-Up ad blasting software which does no good whatsoever. The result is yet another program, or several programs, running looking for the pop-up programs and killing them. However, since the files re-generate randomly named executables, you can easily see that the pop-up guard program will become ineffective.
ChowPost
5/9/2004 5:06:10 PM - US  | commentreply

my computer is constantly hanging. when I use ctrl, alt, and delete , sysai is what shows not responding most of the time . Please help!
Joyce Conner
5/4/2004 8:18:39 AM - US  | commentreply

Mail this pageMail this page

MAC-NET Secures IT | internet toolkit

© 2004-2008. All Rights Reserved.