W32.SillyFDC.BCH

What is W32.SillyFDC.BCH?

W32.SillyFDC.BCH creates a copy of the infected file on the removable drives to run and spread the threat.

What W32.SillyFDC.BCH Does?

It will create Windows Registry entries:

• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Advanced\Folder\Hidden\SHOWALL\”CheckedValue” = “1″
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Advanced\Folder\Hidden\NOHIDDEN\”CheckedValue” = “2″
• HKEY_CLASSES_ROOT\Interface\{A4C466B8-499F-101B-BB78-00AA00383CBB}\TypeLib\”Version” = “6.0″
• HKEY_CLASSES_ROOT\Interface\{A4C46780-499F-101B-BB78-00AA00383CBB}\TypeLib\”Version” = “6.0″

The threat will drop the following malicious files:

• %SystemDrive%\Admin.exe
• %Temp%\~DF[FIRST SET OF FOUR RANDOM CHARACTERS].tmp
• %Temp%\~DF[SECOND SET OF FOUR RANDOM CHARACTERS].tmp
• %DriveLetter%\AutoRun.inf
• %SystemDrive%\AutoRun.inf

How to Remove W32.SillyFDC.BCH Manually

1. Restart your computer in SafeMode
- After Power-On the computer, just before Windows start, press F8- From the selections, Select SafeMode

2. Remove Registry entries that the threat added. You MUST BACKUP YOUR REGISTRY FIRST.
- Click Start > Run
- Type in the field, regedit
- Navigate and look for the registry entries mentioned above and delete if necessary

 3. Delete malicious files that the threat added:
- Base on the given location above, browse and delete the file
- If no location is given, click Start>Search> and search for the file.
- If cannot be deleted, press Ctrl+Alt+Del to access Task Manager, see if the file is running in the process. If it is, select the file and click End Process. Perform file delete again.