W32/SillyFDC-BR

Category: Viruses and Spyware Protection available since:03 Jan 2008 05:36:17 (GMT)
Type: Win32 worm Last Updated:03 Jan 2008 05:36:17 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/SillyFDC-BR is a worm for the Windows platform.

When run W32/SillyFDC-BR copies itself to <System>\amvo.exe and sets the following registry entry to run itself on startup:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
amva
<System>\amvo.exe

W32/SillyFDC-BR also registers itself as a service with the name "asdcvb", a description of "asdcvb" and a startup type of automatic. Registry entries are created under:

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASDCVB\

W32/SillyFDC-BR creates the following files:

<System>\amvo0.dll - detected as Troj/Lineag-Gen
<System>\gnsmo.dll - detected as W32/SillyFDC-BR

W32/SillyFDC-BR spreads via removable shared drives by copying itself to <Root>\dosocom.com and creates the file <Root>\autorun.inf (also detected as W32/SillyFDC-BR) which is designed to run the worm when the drive is connected to an uninfected computer.

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy