W32.SillyFDC.BAY
W32.SillyFDC.BAY is a self-replicating computer worm that spreads from computer to computer by creating a file called xSafe.exe on a removable and USB drive. To assist W32.SillyFDC.BAY on its road of destruction, W32.SillyFDC.BAY also creates a Windows service that allows it to run every time Windows starts up.
File System Modifications
- The following files were created in the system:
# File Name 1 %ProgramFiles%\Common Files\xSafe.exe 2 %SystemDrive%\xSafe.exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DogKiller\"DisplayName" = "DogKiller"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DogKiller\"ErrorControl" = "0"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DogKiller\"ImagePath" = "%Temp%\~dwphx.tmp"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DogKiller\"Start" = "3"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DogKiller\"Type" = "1"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DogKiller\Security\"Security" = "[BINARY DATA]"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srskl\"DisplayName" = "srskl"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srskl\"ErrorControl" = "0"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srskl\"ImagePath" = "%Windir%\Fonts\srskl.fon"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srskl\"Start" = "3"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srskl\"Type" = "1"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srskl\Security\"Security" = "[BINARY DATA]"
i can't kill worm
why