How To Remove W32.sillyFDC Virus|W32.sillyFDC Virus removal

Effect on the system:When W32.SillyFDC is executed, it may copy itself to the following folder locations:

• %System%
• %Windir%
• %Temp%
• %UserProfile%
• %ProgramFiles%
• %SystemDrive%
• %CommonProgramFiles%
• %CurrentFolder%

Using any of the following file names with a .com or .exe extension:

• CALC
• calc
• mscalc.exe
• startupfolder
• config_
• startupfolder.com
• config_.com
  

It then scans the compromised computer to create copies of itself in various folders. It will use the existing folder name as its new file name. For example, ABC folder will have a copy of the virus inside the folder as ABC.exe.

The worm may copy itself in drives A: through Z:.

Next, it may add a value to the following registry subkeys so that it runs every time Windows starts.:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerShell Folders
HKEY_CURRENT_USERSoftwareMicrosoftWindows NTCurrentVersionWindows”load”

The worm may attempt to copy itself to removable drives and mapped drives, as well as creating the following file so that the worm runs every time the removable drive is attached to a computer:
[REMOVABLE DRIVE]:Autorun.inf

How to remove??:

1.First disable the system restore temporarily.

To disable the system restore Right click on My computer and select properties. On the System Restore tab, check Turn off System Restore on all drives.And then click apply and ok.

2.Restart the system in safe mode.

To start your pc in safe mode restart your pc and pree F8 while boot up. You will see something like this on your screen.

Select safe mode from the list.

3.Kill the malicious tasks using task manager.

Press Ctlr+Alt+Del and select Process tab. Kill the following tasks if there.

• password_viewer.exe

•  CALC

•  calc

• mscalc.exe

• startupfolder

•  config_startupfolder.com

•  config_.com.

4.Delete the autorun files:

I will recommend you to scan your system using any good antivirus. But if you don’t have any antivirus installed then follow the steps given below.

Open cmd. Type c:

This will take you to the root of c drive. Now type attrib -s -h -r autorun.inf

and then run edit autorun.inf. This will open the autorun.inf file in dos mode.It will look like

***********************************

[autorun]

open=file.exe

shellOpenCommand=file.exe

shellopenDefault=1

shellExploreCommand=file.exe

shellAutoplaycommand=file.exe

************************************

Now see  the path of the file which is executed using this file.  Now navigate to the desired file using dos.

Now type attrib -s -h -r filename.exe

Delete filename.exe

Note: Chnage the filename.exe with the file name which was there in autorun.inf file.

5.Delete temporary files, temporary internet files and clear recycle bin.:

To do this go to Start > All Programs > Accessories >System Tools, click Disc Cleanup.
Check the following: Downloaded Program Files, Temporary Internet Files, Offline Webpage, Recycle Bin and Temporary Files.

6.View hidden system files and folders:

To do this go to Tools->Folder Options->View

Select Show hidden files and Folders and uncheck “Hide Protectted System Files”

Click apply and ok.

7.Now search for the remaining virus files:

e.g

• CALC
• calc (DO NOT DELETE THE ONE WHICH IS IN WINDOWS/SYSTEM32)
• mscalc.exe
• startupfolder
• config_
• startupfolder.com
• config_.com
• password_viewer.exe

and delete them.

8.Repair registry:

Go to Registry Editor and navigate to following keys.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerShell Folders
HKEY_CURRENT_USERSoftwareMicrosoftWindows NTCurrentVersionWindows”load”

and in the right side pan select and delete the values associated with the virus.

Install or update your antivirus as soon as possible.

BAS

ENJOY

Source of information:

http://www.symantec.com/security_response/writeup.jsp?docid=2006-071111-0646-99&tabid=3

http://www.symantec.com/security_response/writeup.jsp?docid=2006-071111-0646-99&tabid=2

Incoming search terms for the article:

how to remove w32 sillyfdc,W32 SILLYFDC,W32 SillyFDC removal tool,w32 sillyfdc removal,olmark trojan,w32 sillyfdc windows 7,w32 sillyfdc ??,w32 sillyfdc remove,win32/olmark trojan,remove w32 sillyfdc,olmark trojan removal,w32 sillydc for windows 2000 server,W32 Sillyfdc Virus Removal Tools,win32/olmark,how to remove w32 sillyFDC virus,picjoke com abc,win32 silly virus removal,how to remove w 32sillyfdc on windows server 2003,how to remove w32 sillyfdc virus,remove virus w32 sillyfdc,virus w32 sillyfdc delete folder invisible,win32:silly,w32 sillyfdc removal tool for windows 2003 server,w32 sillyfdc virus removal,w32 sillyfdc virus,Safe Mode,win 32/Olmark trojan in the operating memory,how to remove sillyfdc,W32 SillyFDC - Removal,w32 sillydc removal tool windows 2003,w32 sillyfdc removal tool on server,w32 sillyfdc en windows 2003 server,W32 SillyfDC removal tools,win32 sillyFDC write-protect,win32/olmark trojan cleaner,win?olmark,W32 SILLYFDC create folders,w32 sillyfdc removal tool for win 2003,Windows 7 remove calc,w32 sillyfdc removal seven,W32 SillyFDC / W32 SillyDC,w32 sillyfdc how to remove from windows xp system,windows server 2003 remove pendrive virus,w32 sillyfdc hidden server folders,Windows 7 W32 SillyFDC,W32 SillyFDC removable,w32 sillyfdc remove tool,win32 sillyfdc removal tool,W32 Virus-5,Win32 SillyDC removal tool pen drive

Related posts:

1. How to remove new folder.exe virus from pendrive
2. [HOW TO] Remove win32.zafi.b Virus/Adware
3. [HOW TO]Remove virus Hacked by GodZilla
4. [HOW TO]Remove AMVO.EXE virus
5. [HOW TO]Remove NTDETEC1.exe
6. How to remove recycler.exe virus from Pen Drive
7. [How to]Remove Drivemonitor.exe flashguard.exe driveguard.exe
8. Detect and remove autorun.inf from Pen Drive
9. [HOW TO]Remove AntiVirGear/AntiVir Gear virus/adware
10. [HOW TO] Remove Total Security 2009 virus/adware