Friday, 2018/12/14, 9:49 PM


Main
Registration
Login
Hackersoft Welcome Guest | RSS  
Site menu

Our poll
Rate my site
Total of answers: 11043

Statistics

Total online: 1
Guests: 1
Users: 0

How to remove W32.SillyFDC Virus| W32.SillyFDC Virus Removal


Systems Affected: Windows 98, Windows 95, Windows XP, Windows Me, Windows NT, Windows 2000
Effect on the system:When W32.SillyFDC is executed, it may copy itself to the following folder locations:
  • %System%
  • %Windir%
  • %Temp%
  • %UserProfile%
  • %ProgramFiles%
  • %SystemDrive%
  • %CommonProgramFiles%
  • %CurrentFolder%
Using any of the following file names with a .com or .exe extension:
  • CALC
  • calc
  • mscalc.exe
  • startupfolder
  • config_
  • startupfolder.com
  • config_.com
It then scans the compromised computer to create copies of itself in various folders. It will use the existing folder name as its new file name. For example, ABC folder will have a copy of the virus inside the folder as ABC.exe.

The worm may copy itself in drives A:\ through Z:\. Next, it may add a value to the following registry subkeys so that it runs every time Windows starts.:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\”load”
The worm may attempt to copy itself to removable drives and mapped drives, as well as creating the following file so that the worm runs every time the removable drive is attached to a computer:
[REMOVABLE DRIVE]:\Autorun.inf

How to remove??:

1.First disable the system restore temporarily. To disable the system restore Right click on My computer and select properties. On the System Restore tab, check Turn off System Restore on all drives.And then click apply and ok.

2.Restart the system in safe mode. To start your pc in safe mode restart your pc and pree F8 while boot up. You will see something like this on your screen.

windows-safe-mode

Select safe mode from the list.

3.Kill the malicious tasks using task manager. Press Ctlr+Alt+Del and select Process tab. Kill the following tasks if there.
  • password_viewer.exe
  • CALC
  • calc
  • mscalc.exe
  • startupfolder
  • config_startupfolder.com
  • config_.com.
4.Delete the autorun files: I will recommend you to scan your system using any good antivirus. But if you don’t have any antivirus installed then follow the steps given below. Open cmd. Type c: This will take you to the root of c drive. Now type attrib -s -h -r autorun.inf and then run edit autorun.inf. This will open the autorun.inf file in dos mode.It will look like *********************************** [autorun] open=file.exe shell\Open\Command=file.exe shell\open\Default=1 shell\Explore\Command=file.exe shell\Autoplay\command=file.exe ************************************ Now see the path of the file which is executed using this file. Now navigate to the desired file using dos. Now type attrib -s -h -r filename.exe Delete filename.exe Note: Chnage the filename.exe with the file name which was there in autorun.inf file.

5.Delete temporary files, temporary internet files and clear recycle bin.: To do this go to Start > All Programs > Accessories >System Tools, click Disc Cleanup.
Check the following: Downloaded Program Files, Temporary Internet Files, Offline Webpage, Recycle Bin and Temporary Files.

6.View hidden system files and folders: To do this go to Tools->Folder Options->View Select Show hidden files and Folders and uncheck “Hide Protectted System Files” Click apply and ok.

7.Now search for the remaining virus files: e.g
  • CALC
  • calc (DO NOT DELETE THE ONE WHICH IS IN WINDOWS/SYSTEM32)
  • mscalc.exe
  • startupfolder
  • config_
  • startupfolder.com
  • config_.com
  • password_viewer.exe
and delete them.

8.Repair registry: Go to Registry Editor and navigate to following keys. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\”load” and in the right side pan select and delete the values associated with the virus.
Install or update your antivirus as soon as possible.
ENJOY
Source of information:

http://www.symantec.com/security_response/writeup.jsp?docid=2006-071111-0646-99&tabid=3

http://www.symantec.com/security_response/writeup.jsp?docid=2006-071111-0646-99&tabid=2




Sign in

Calendar
«  December 2018  »
SuMoTuWeThFrSa
      1
2345678
9101112131415
16171819202122
23242526272829
3031

IP

Copyright Hackerssoft © 2018