Threat Database Worms W32.SillyFDC.BAY

W32.SillyFDC.BAY

By GoldSparrow in Worms

W32.SillyFDC.BAY is a self-replicating computer worm. W32.SillyFDC.BAY creates a file called xSafe.exe on a removable and USB drive in order to spread itself to other computers. W32.SillyFDC.BAY also creates a Windows service that allows W32.SillyFDC.BAY to run each and every time Windows starts up.

File System Details

W32.SillyFDC.BAY may create the following file(s):
# File Name Detections
1. %SystemDrive%\xSafe.exe
2. %ProgramFiles%\Common Files\xSafe.exe

Registry Details

W32.SillyFDC.BAY may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DogKiller\"ImagePath" = "%Temp%\~dwphx.tmp"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DogKiller\Security\"Security" = "[BINARY DATA]"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srskl\"ImagePath" = "%Windir%\Fonts\srskl.fon"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srskl\Security\"Security" = "[BINARY DATA]"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DogKiller\"ErrorControl" = "0"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DogKiller\"Type" = "1"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srskl\"ErrorControl" = "0"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srskl\"Type" = "1"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DogKiller\"DisplayName" = "DogKiller"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DogKiller\"Start" = "3"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srskl\"DisplayName" = "srskl"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srskl\"Start" = "3"

Trending

Most Viewed

Loading...