How to remove W32.SillyFDC Virus| W32.SillyFDC Virus Removal

• %System%
• %Windir%
• %Temp%
• %UserProfile%
• %ProgramFiles%
• %SystemDrive%
• %CommonProgramFiles%
• %CurrentFolder%

• CALC
• calc
• mscalc.exe
• startupfolder
• config_
• startupfolder.com
• config_.com
  

It then scans the compromised computer to create copies of itself in various folders. It will use the existing folder name as its new file name. For example, ABC folder will have a copy of the virus inside the folder as ABC.exe.

The worm may copy itself in drives A:\ through Z:\. Next, it may add a value to the following registry subkeys so that it runs every time Windows starts.:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\”load”
The worm may attempt to copy itself to removable drives and mapped drives, as well as creating the following file so that the worm runs every time the removable drive is attached to a computer:
[REMOVABLE DRIVE]:\Autorun.inf

How to remove??:

1.First disable the system restore temporarily. To disable the system restore Right click on My computer and select properties. On the System Restore tab, check Turn off System Restore on all drives.And then click apply and ok.

2.Restart the system in safe mode. To start your pc in safe mode restart your pc and pree F8 while boot up. You will see something like this on your screen.



Select safe mode from the list.

3.Kill the malicious tasks using task manager. Press Ctlr+Alt+Del and select Process tab. Kill the following tasks if there.

• password_viewer.exe
• CALC
• calc
• mscalc.exe
• startupfolder
• config_startupfolder.com
• config_.com.

• CALC
• calc (DO NOT DELETE THE ONE WHICH IS IN WINDOWS/SYSTEM32)
• mscalc.exe
• startupfolder
• config_
• startupfolder.com
• config_.com
• password_viewer.exe