W32/SillyFDC-CG

Category: Viruses and Spyware
Type: Win32 worm
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/SillyFDC-CG is a worm for the Windows platform that spreads via removable drives.

When run W32/SillyFDC-CG copies itself to:

<Windows>\Aas3lovu.exe
<Windows>\netwin.exe
<System>\scvhost.exe

W32/SillyFDC-CG sets the following registry entries to run itself on startup:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Intelprc
<Windows>\Aas3lovu.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Network
<Windows>\netwin.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SystemWindows
<System>\scvhost.exe

W32/SillyFDC-CG spreads via removable drives by copying itself to <Root>\aastree.exe and aastree\Astre.exe.

W32/SillyFDC-CG also sets the following registry entries:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\AUTO
Text
Bakalan susah

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ThicketsBitmap
<System>\SHELL32.DLL,29

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\NOHIDE
Text
Biasa aza

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\NONE
Text
Bakalan senang

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ThicketsText
Hidup bersama lo :

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Tips
50
Iloveu astry and never forget you

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder
Bitmap
<System>\SHELL32.DLL,11

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ClassicViewState
Text
Adik lo banyak

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ControlPanelInMyComputer
Text
Pacar lo Banyak

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DesktopProcess
Text
Kurang taat ibadah

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DisableThumbCache
Text
Sok tau

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\FolderSizeTip
Text
Babe lo galak

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\FriendlyTree
CheckedValue
0

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\FriendlyTree
Text
Gue kangen berat

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden
Bitmap
<System>\SHELL32.DLL,22

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN
HKeyRoot
1010

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN
Text
Akan gue lupakan semua

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
CheckedValue
1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
DefaultValue
1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
HKeyRoot
1018

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
Text
Akan gue ingat semua

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden
Text
Semua tentang lo :

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt
CheckedValue
1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt
DefaultValue
1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt
Text
Lo dugem terus

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt
Type
(null)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\NetCrawler
Text
Terlalu banyak nuntut

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\PersistBrowsers
Text
Lo gak romantis

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowCompColor
Text
Otak lo mesum

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowFullPathAddress
Text
Gue pandang2x lo jelek

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowFullPath
Text
Lo bego

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowInfoTip
Text
Jarang jajan

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SimpleSharing
Text
Gak punya mobil

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden
Text
gue ada pacar baru

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder
Text
Gue pikir2x lo itu:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\WebViewBarricade
Text
Gue masih cinta lo

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Tips
[0-50]
Iloveu astry and never forget you

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
legalnoticecaption
BIOS Memory

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
legalnoticetext
"BIOS CHECK (6300-NGSRP-TMR521A-SMG-542PH-3180) .Check BIOS setting or upgrade system.If shutdown use logoff.Don't use swicth.System still safe. Click OK button for resume. CODE : AS3-CTRKEA-SR"