W32.SillyFDC.BCG is a worm infection that spreads by copying itself to removable drives.
| Type | Worm |
| Sub-Type | Autorun |
| Aliases | |
| OS Affected | Windows |
| Detected By | Symantec |
What W32.SillyFDC.BCG Does?
It will create Windows Registry entries:
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}\”StubPath” = “%SystemDrive%\RECYCLER\[SID]\player32.exe”
The threat will drop the following malicious files:
- %SystemDrive%\RECYCLER\[SID]\player32.exe
- %SystemDrive%\RECYCLER\[SID]\Desktop.ini
- %DriveLetter%\autorun.inf
How to Remove W32.SillyFDC.BCG Manually
1. Restart your computer in SafeMode
- After Power-On the computer, just before Windows start, press F8
- From the selections, Select SafeMode
2. Remove Registry entries that the threat added. You MUST BACKUP YOUR REGISTRY FIRST.
- Click Start > Run
- Type in the field, regedit
- Navigate and look for the registry entries mentioned above and delete if necessary
3. Delete malicious files that the threat added:
- Base on the given location above, browse and delete the file
- If no location is given, click Start>Search> and search for the file.
- If cannot be deleted, press Ctrl+Alt+Del to access Task Manager, see if the file is running in the process. If it is, select the file and click End Process. Perform file delete again.