Posted on June 30th, 2008
What is w32.sillyFDC virus?
W32.SillyFDC is a common detection process for files that are infected with W32.Silly. This virus copies and renames itself on removable devices and root of local and remote drives.
Removal Procedure For W32.SillyFDC Virus:
Disable System Restore temporarily (Windows Me/XP).
Restart the system in safe mode.
End malicious Process
Click Process tab.
End the process if present: password_viewer.exe, CALC, calc, mscalc.exe, startupfolder, config_startupfolder.com, config_.com.
2. Delete the auto run files.
- Go to Start > Run, type “cmd.”
- At the command prompt, type “cd\”, this will bring you to C:\
- Type “attrib” (C:\>attrib), it will display files with attributes. Take note on attribute of autorun.inf. Usually, it has SHR.
- Type “attrib -s -h -r C:\autorun.inf”, it will remove System, Hidden and Read-Only attribute.
- Type “edit autorun.inf” it will open DOS Editor and display contents as follows,
Take note of the file/path.
Ex: Open=file.exe where file.exe is the filename of the file that autoruns.
Exit DOS Editor.
Back at the command prompt, type “attrib -s -h -r file.exe”, where file.exe is the file that was called on DOS editor to autorun. Ex: C:\>attrib -s -h -r file.exe. If it is located on different directory include the path. Ex: C:\>attrib -s -h -r c:\Windows\file.exe.
Type “del file.exe”. If it is located on different directory include the path.
Ex: C:\>del c:\Windows\file.exe.
Type “del autorun.inf”
Type “del c:\Windows\autorun.inf.
Type “del c:\Windows\password_viewer.exe.
Type “del c:\Douments and Settings\(Your User Name)\Local Settings\Application Data\Microsoft\CD Burning\autorun.inf.
Exit command prompt by typing “exit.”
3. Perform Disc Cleanup.
- Go to Start > All Programs > Accessories >System Tools, click Disc Cleanup.
- Check the following: Downloaded Program Files, Temporary Internet Files, Offline Webpage, Recycle Bin and Temporary Files.
4. View hidden files and folders.
Open Windows Explorer.
Go to Tools > Folder Options.
Go to View Tab.
Mark “Show hidden files and folders.”
Click Apply, then OK.
Update and scan with antivirus installed in your system. Then, quarantine or delete all the infected files immediately.
5. Search for other files and delete them.
Go to Start > Search.
Find and delete files: password_viewer.exe, calc.exe (not the one located on \system32\calc.exe), mscalc.exe, startupfolder.exe, config_.exe, startupfolder.com and config_.com.
6. To make sure that the virus is completely removed from your computer, perform a full scan of your computer using antivirus and antispyware software in your PC.