How To Remove W32.sillyFDC Virus|W32.sillyFDC Virus removal

Effect on the system:When W32.SillyFDC is executed, it may copy itself to the following folder locations:

• %System%
• %Windir%
• %Temp%
• %UserProfile%
• %ProgramFiles%
• %SystemDrive%
• %CommonProgramFiles%
• %CurrentFolder%

Using any of the following file names with a .com or .exe extension:

• CALC
• calc
• mscalc.exe
• startupfolder
• config_
• startupfolder.com
• config_.com
  

It then scans the compromised computer to create copies of itself in various folders. It will use the existing folder name as its new file name. For example, ABC folder will have a copy of the virus inside the folder as ABC.exe.

The worm may copy itself in drives A: through Z:.

Next, it may add a value to the following registry subkeys so that it runs every time Windows starts.:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerShell Folders
HKEY_CURRENT_USERSoftwareMicrosoftWindows NTCurrentVersionWindows”load”

The worm may attempt to copy itself to removable drives and mapped drives, as well as creating the following file so that the worm runs every time the removable drive is attached to a computer:
[REMOVABLE DRIVE]:Autorun.inf

How to remove??:

1.First disable the system restore temporarily.

To disable the system restore Right click on My computer and select properties. On the System Restore tab, check Turn off System Restore on all drives.And then click apply and ok.

2.Restart the system in safe mode.

To start your pc in safe mode restart your pc and pree F8 while boot up. You will see something like this on your screen.

Select safe mode from the list.

3.Kill the malicious tasks using task manager.

Press Ctlr+Alt+Del and select Process tab. Kill the following tasks if there.

• password_viewer.exe

•  CALC

•  calc

• mscalc.exe

• startupfolder

•  config_startupfolder.com

•  config_.com.

4.Delete the autorun files:

I will recommend you to scan your system using any good antivirus. But if you don’t have any antivirus installed then follow the steps given below.

Open cmd. Type c:

This will take you to the root of c drive. Now type attrib -s -h -r autorun.inf

and then run edit autorun.inf. This will open the autorun.inf file in dos mode.It will look like

***********************************

[autorun]

open=file.exe

shellOpenCommand=file.exe

shellopenDefault=1

shellExploreCommand=file.exe

shellAutoplaycommand=file.exe

************************************

Now see  the path of the file which is executed using this file.  Now navigate to the desired file using dos.

Now type attrib -s -h -r filename.exe

Delete filename.exe

Note: Chnage the filename.exe with the file name which was there in autorun.inf file.

5.Delete temporary files, temporary internet files and clear recycle bin.:

To do this go to Start > All Programs > Accessories >System Tools, click Disc Cleanup.
Check the following: Downloaded Program Files, Temporary Internet Files, Offline Webpage, Recycle Bin and Temporary Files.

6.View hidden system files and folders:

To do this go to Tools->Folder Options->View

Select Show hidden files and Folders and uncheck “Hide Protectted System Files”

Click apply and ok.

7.Now search for the remaining virus files:

e.g

• CALC
• calc (DO NOT DELETE THE ONE WHICH IS IN WINDOWS/SYSTEM32)
• mscalc.exe
• startupfolder
• config_
• startupfolder.com
• config_.com
• password_viewer.exe

and delete them.

8.Repair registry:

Go to Registry Editor and navigate to following keys.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerShell Folders
HKEY_CURRENT_USERSoftwareMicrosoftWindows NTCurrentVersionWindows”load”

and in the right side pan select and delete the values associated with the virus.

Install or update your antivirus as soon as possible.

BAS

ENJOY

Source of information:

http://www.symantec.com/security_response/writeup.jsp?docid=2006-071111-0646-99&tabid=3

http://www.symantec.com/security_response/writeup.jsp?docid=2006-071111-0646-99&tabid=2

Incoming search terms for the article:

W32 SILLYFDC,W32 SillyFDC removal tool,w32 sillyfdc removal,how to remove w32 sillyFDC virus,how to remove w32 sillyfdc,safe mode screen,remove w32 sillyfdc,Safe Mode,w32 sillyfdc windows 7,how to get rid of W32 SillyFDC,w32 sillyfdc virus removal,olmark trojan,w32 sillyfdc virus,w32 sillyfdc remove,w32 sillyfdc remover,win32 sillyfdc removal tool,how to remove virus w32 Sillyfdc,w32 sillyfdc how to remove,sillyfdc,removing w32 sillyfdc,W32 SillyDC Removal tool,win32 sillyFDC,computer virus screen,HOW TO REMOVE WIN32 FROM NOKIA MOBIL,W32 SillyFDC - Removal,windows safe mode windows 7,sillyfdc virus removal,W32 SillyFDC windows7,how to remove win32 sillyfdc,F8 Windows Xp list,windows safe mode post screen,windows server 2003 sate mode,safe mode pc,safe mode screen windows 7,%windir%system32cmd exe /c start ?%RECYCLED6c257b9d exe,how to do safe mode in laptop,safe mode win 7,how to remove sillyfdc,save mode,????? ?????? ?? w32 stlly,how to remove w32 silly,vistalizator windows xp,winsilly pendrive,W32 Silly showed up,sillyfdc-d removal process,w32 silly fix tool,W32 silly FDC,virus entfernen w32sillyfdc,w32 silly all folders are hidden,virus removal for w32 silly

Related posts:

1. [HOW TO]Remove NTDETEC1.exe
2. How to remove new folder.exe virus from pendrive
3. [HOW TO]Remove virus Hacked by GodZilla
4. [HOW TO]Remove AntiVirGear/AntiVir Gear virus/adware
5. How to remove recycler.exe virus from Pen Drive
6. Detect and remove autorun.inf from Pen Drive
7. [HOW TO]Remove AMVO.EXE virus
8. [HOW TO] Remove win32.zafi.b Virus/Adware
9. [How to]Remove Drivemonitor.exe flashguard.exe driveguard.exe
10. [HOW TO] Remove Total Security 2009 virus/adware