Problems with SiS Tray

[Guest]

Any help/advice please!

I am puzzled by the following finding of WD and would appreciate some
guidance as to what to do. In the meantime I have “blocked†the item.

Description:
This program has potentially unwanted behavior.

Advice:
Allow this detected item only if you trust the program or the software
publisher.

Resources:
regkey:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SiS Tray

runkey:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SiS Tray

file:
C:\WINDOWS\system32\sistray.EXE

Category:
Not Yet Classified

Windows Registry Repair Pro has reported 13 invalid paths in respect of SiS
– one example given below – but has explained that “the errors seem to have
something to do with your video driver. The program will not delete the
errors because your computer is using them. So the errors will continue to
reappear, unless you specify the program to exclude those files from being
scanned.â€

**** Invalid Paths **** Total: 13

No 1. Key:
"SYSTEM\ControlSet002\Control\Video\{6A491ECF-FB4A-43DF-86E6-463A53D32FFE}\0000"
File not found (C:\Program Files\SiS Compatible VGA V2.05\utility\83d.avi)
ï‚· Correction : C:\Drivers\Video\Utilres\bmp\83D.AVI
ï‚· Correction : [1] Default (No changes made)
ï‚· Correction : [2] Delete Entry
ï‚· Correction : [3] Remove invalid substring "C:\Program Files\SiS
Compatible VGA V2.05\utility\83d.avi"
ï‚· Correction : [4] C:\Drivers\Video\Utilres\bmp\83D.AVI

Any help would be most appreciated.

 

[Bill Sanderson]

At first glance, I would say there's a good chance this is a false positive.

Sistray.exe may be either a legitimate utility associated with an SIS video
card and driver, or, it can be bad:

http://www.symantec.com/avcenter/venc/data/trojan.prova.html

The fact that the executable is in \windows, rather than a folder associated
with the video drivers is worriesome, but may be normal.

Here are some things to try:

1) Submit C:\WINDOWS\system32\sistray.EXE

to some multi-vendor antivirus sites:

http://www.virustotal.com
http://virusscan.jotti.org

2) Also submit it to Microsoft's automated malware submission process:

http://www.microsoft.com/athome/security/spyware/software/support/reportspyware.mspx


If this file comes through clean at all the antivirus sites, I would submit
it as a False Positive--and describe your video driver manufacturer and
version number, ideally.

I don't have an opinion on the registry app's findings. One thing that
might be good to do would be to go to the video card manufacturers web site
and see whether there's a newer driver for your hardware. Sometimes this is
easy to do, and sometimes it is quite difficult--depending on the vendor and
the age of the hardware involved.

--

Any help/advice please!

I am puzzled by the following finding of WD and would appreciate some
guidance as to what to do. In the meantime I have "blocked" the item.

Description:
This program has potentially unwanted behavior.

Advice:
Allow this detected item only if you trust the program or the software
publisher.

Resources:
regkey:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SiS Tray

runkey:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SiS Tray

file:
C:\WINDOWS\system32\sistray.EXE

Category:
Not Yet Classified

Windows Registry Repair Pro has reported 13 invalid paths in respect of
SiS
- one example given below - but has explained that "the errors seem to
have
something to do with your video driver. The program will not delete the
errors because your computer is using them. So the errors will continue
to
reappear, unless you specify the program to exclude those files from being
scanned."

**** Invalid Paths **** Total: 13

No 1. Key:
"SYSTEM\ControlSet002\Control\Video\{6A491ECF-FB4A-43DF-86E6-463A53D32FFE}\0000"
File not found (C:\Program Files\SiS Compatible VGA V2.05\utility\83d.avi)
? Correction : C:\Drivers\Video\Utilres\bmp\83D.AVI
? Correction : [1] Default (No changes made)
? Correction : [2] Delete Entry
? Correction : [3] Remove invalid substring "C:\Program Files\SiS
Compatible VGA V2.05\utility\83d.avi"
? Correction : [4] C:\Drivers\Video\Utilres\bmp\83D.AVI

Any help would be most appreciated.

 

[Guest]

Sorry Bill for the late acknowledgement of your helpful reply - I was not
advised of the response.

Since writing, we have had to put our computer through the recovery process
(with technical help) and everything seems to be fine now.

Many thanks
Alvis

At first glance, I would say there's a good chance this is a false positive.

Sistray.exe may be either a legitimate utility associated with an SIS video
card and driver, or, it can be bad:

http://www.symantec.com/avcenter/venc/data/trojan.prova.html

The fact that the executable is in \windows, rather than a folder associated
with the video drivers is worriesome, but may be normal.

Here are some things to try:

1) Submit C:\WINDOWS\system32\sistray.EXE

to some multi-vendor antivirus sites:

http://www.virustotal.com
http://virusscan.jotti.org

2) Also submit it to Microsoft's automated malware submission process:

http://www.microsoft.com/athome/security/spyware/software/support/reportspyware.mspx


If this file comes through clean at all the antivirus sites, I would submit
it as a False Positive--and describe your video driver manufacturer and
version number, ideally.

I don't have an opinion on the registry app's findings. One thing that
might be good to do would be to go to the video card manufacturers web site
and see whether there's a newer driver for your hardware. Sometimes this is
easy to do, and sometimes it is quite difficult--depending on the vendor and
the age of the hardware involved.

--

Any help/advice please!

I am puzzled by the following finding of WD and would appreciate some
guidance as to what to do. In the meantime I have "blocked" the item.

Description:
This program has potentially unwanted behavior.

Advice:
Allow this detected item only if you trust the program or the software
publisher.

Resources:
regkey:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SiS Tray

runkey:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SiS Tray

file:
C:\WINDOWS\system32\sistray.EXE

Category:
Not Yet Classified

Windows Registry Repair Pro has reported 13 invalid paths in respect of
SiS
- one example given below - but has explained that "the errors seem to
have
something to do with your video driver. The program will not delete the
errors because your computer is using them. So the errors will continue
to
reappear, unless you specify the program to exclude those files from being
scanned."

**** Invalid Paths **** Total: 13

No 1. Key:
"SYSTEM\ControlSet002\Control\Video\{6A491ECF-FB4A-43DF-86E6-463A53D32FFE}\0000"
File not found (C:\Program Files\SiS Compatible VGA V2.05\utility\83d.avi)
? Correction : C:\Drivers\Video\Utilres\bmp\83D.AVI
? Correction : [1] Default (No changes made)
? Correction : [2] Delete Entry
? Correction : [3] Remove invalid substring "C:\Program Files\SiS
Compatible VGA V2.05\utility\83d.avi"
? Correction : [4] C:\Drivers\Video\Utilres\bmp\83D.AVI

Any help would be most appreciated.