Home > Worm > W32.SillyFDC.BCG

W32.SillyFDC.BCG

What is W32.SillyFDC.BCG?

W32.SillyFDC.BCG is a worm infection that spreads by copying itself to removable drives.

Type Worm
Sub-Type Autorun
Aliases  
OS Affected Windows
Detected By Symantec

What W32.SillyFDC.BCG Does?

It will create Windows Registry entries:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}\”StubPath” = “%SystemDrive%\RECYCLER\[SID]\player32.exe”

The threat will drop the following malicious files:

  • %SystemDrive%\RECYCLER\[SID]\player32.exe
  • %SystemDrive%\RECYCLER\[SID]\Desktop.ini
  • %DriveLetter%\autorun.inf

How to Remove W32.SillyFDC.BCG Manually

1. Restart your computer in SafeMode
- After Power-On the computer, just before Windows start, press F8
- From the selections, Select SafeMode

2. Remove Registry entries that the threat added. You MUST BACKUP YOUR REGISTRY FIRST.
- Click Start > Run
- Type in the field, regedit
- Navigate and look for the registry entries mentioned above and delete if necessary

3. Delete malicious files that the threat added:
- Base on the given location above, browse and delete the file
- If no location is given, click Start>Search> and search for the file.
- If cannot be deleted, press Ctrl+Alt+Del to access Task Manager, see if the file is running in the process. If it is, select the file and click End Process. Perform file delete again.

Categories: Worm Tags:
  1. No comments yet.
  1. No trackbacks yet.