W32/SillyFDC-BQ

Category:	Viruses and Spyware	Protection available since:	19 Dec 2007 06:25:43 (GMT)
Type:	Win32 worm	Last Updated:	19 Dec 2007 06:25:43 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/SillyFDC-BQ is a worm for the Windows platform.

When first run W32/SillyFDC-BQ copies itself to:

<Root>\sample1.exe
<System>\cssrs.exe

The following registry entry is created to run cssrs.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
cssrs
<System>\cssrs.exe

The following registry entry is changed to run cssrs.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
System
<System>\cssrs.exe

Registry entries are set as follows:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Hidden
0

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HideFileExt
1

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ShowSuperHidden
0

Try Sophos products for free
Download now

W32/SillyFDC-BQ

Free Mac Anti-Virus

Popular topics