W32.SillyFDC.BCH creates a copy of the infected file on the removable drives to run and spread the threat.
| Type | Worm |
| Sub-Type | Autorun |
| Aliases | |
| OS Affected | Windows |
| Detected By | Symantec |
What W32.SillyFDC.BCH Does?
It will create Windows Registry entries:
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Advanced\Folder\Hidden\SHOWALL\”CheckedValue” = “1″
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Advanced\Folder\Hidden\NOHIDDEN\”CheckedValue” = “2″
- HKEY_CLASSES_ROOT\Interface\{A4C466B8-499F-101B-BB78-00AA00383CBB}\TypeLib\”Version” = “6.0″
- HKEY_CLASSES_ROOT\Interface\{A4C46780-499F-101B-BB78-00AA00383CBB}\TypeLib\”Version” = “6.0″
The threat will drop the following malicious files:
- %SystemDrive%\Admin.exe
- %Temp%\~DF[FIRST SET OF FOUR RANDOM CHARACTERS].tmp
- %Temp%\~DF[SECOND SET OF FOUR RANDOM CHARACTERS].tmp
- %DriveLetter%\AutoRun.inf
- %SystemDrive%\AutoRun.inf
How to Remove W32.SillyFDC.BCH Manually
1. Restart your computer in SafeMode
- After Power-On the computer, just before Windows start, press F8- From the selections, Select SafeMode
2. Remove Registry entries that the threat added. You MUST BACKUP YOUR REGISTRY FIRST.
- Click Start > Run
- Type in the field, regedit
- Navigate and look for the registry entries mentioned above and delete if necessary
3. Delete malicious files that the threat added:
- Base on the given location above, browse and delete the file
- If no location is given, click Start>Search> and search for the file.
- If cannot be deleted, press Ctrl+Alt+Del to access Task Manager, see if the file is running in the process. If it is, select the file and click End Process. Perform file delete again.
Tried the above removal procedure but the virus is still there. Am I missing something? Thanks.