W32.SillyFDC.BAY

W32.SillyFDC.BAY Description

W32.SillyFDC.BAY is a self-replicating computer worm. W32.SillyFDC.BAY creates a file called xSafe.exe on a removable and USB drive in order to spread itself to other computers. W32.SillyFDC.BAY also creates a Windows service that allows W32.SillyFDC.BAY to run each and every time Windows starts up.

Technical Information

Registry Details

W32.SillyFDC.BAY creates the following registry entry or registry entries:
RegistryKey
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DogKiller\"ImagePath" = "%Temp%\~dwphx.tmp"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DogKiller\Security\"Security" = "[BINARY DATA]"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srskl\"ImagePath" = "%Windir%\Fonts\srskl.fon"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srskl\Security\"Security" = "[BINARY DATA]"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DogKiller\"ErrorControl" = "0"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DogKiller\"Type" = "1"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srskl\"ErrorControl" = "0"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srskl\"Type" = "1"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DogKiller\"DisplayName" = "DogKiller"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DogKiller\"Start" = "3"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srskl\"DisplayName" = "srskl"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srskl\"Start" = "3"

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.