high
Summary
Summary
Action- More Information
| How it spreads |
|
|---|---|
| Affected operating systems | Windows |
| Characteristics |
|
| Included in our products from | June 2008 (4.30) |
| Protection available since | 15 April 2008 05:44:49 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please follow the instructions for removing worms.
More Information
W32/SillyFDC-CG is a worm for the Windows platform that spreads via removable drives.
When run W32/SillyFDC-CG copies itself to:
<Windows>\Aas3lovu.exe
<Windows>\netwin.exe
<System>\scvhost.exe
W32/SillyFDC-CG sets the following registry entries to run itself on startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Intelprc
<Windows>\Aas3lovu.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Network
<Windows>\netwin.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SystemWindows
<System>\scvhost.exe
W32/SillyFDC-CG spreads via removable drives by copying itself to <Root>\aastree.exe and aastree\Astre.exe.
W32/SillyFDC-CG also sets the following registry entries:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\AUTO
Text
Bakalan susah
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ThicketsBitmap
<System>\SHELL32.DLL,29
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\NOHIDE
Text
Biasa aza
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\NONE
Text
Bakalan senang
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ThicketsText
Hidup bersama lo :
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Tips
50
Iloveu astry and never forget you
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder
Bitmap
<System>\SHELL32.DLL,11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ClassicViewState
Text
Adik lo banyak
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ControlPanelInMyComputer
Text
Pacar lo Banyak
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DesktopProcess
Text
Kurang taat ibadah
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DisableThumbCache
Text
Sok tau
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\FolderSizeTip
Text
Babe lo galak
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\FriendlyTree
CheckedValue
0
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\FriendlyTree
Text
Gue kangen berat
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden
Bitmap
<System>\SHELL32.DLL,22
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN
HKeyRoot
1010
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN
Text
Akan gue lupakan semua
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
CheckedValue
1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
DefaultValue
1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
HKeyRoot
1018
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
Text
Akan gue ingat semua
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden
Text
Semua tentang lo :
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt
CheckedValue
1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt
DefaultValue
1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt
Text
Lo dugem terus
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt
Type
(null)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\NetCrawler
Text
Terlalu banyak nuntut
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\PersistBrowsers
Text
Lo gak romantis
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowCompColor
Text
Otak lo mesum
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowFullPathAddress
Text
Gue pandang2x lo jelek
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowFullPath
Text
Lo bego
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowInfoTip
Text
Jarang jajan
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SimpleSharing
Text
Gak punya mobil
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden
Text
gue ada pacar baru
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder
Text
Gue pikir2x lo itu:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\WebViewBarricade
Text
Gue masih cinta lo
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Tips
[0-50]
Iloveu astry and never forget you
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
legalnoticecaption
BIOS Memory
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
legalnoticetext
"BIOS CHECK (6300-NGSRP-TMR521A-SMG-542PH-3180) .Check BIOS setting or upgrade system.If shutdown use logoff.Don't use swicth.System still safe. Click OK button for resume. CODE : AS3-CTRKEA-SR"
|
