W32.SillyFDC.BDM
W32.SillyFDC.BDM is a worm that propagates by creating a copy of itself on removable USB and mapped network drives. W32.SillyFDC.BDM executable usually masquerades as a popular computer games to attract victims into running the file.
Damage Level: Low
Systems Affected: Windows 9x, 2000, XP, Windows Vista
[expand title="Show More Details" swaptitle="Hide Details"]
Characteristics
When executed, W32.SillyFDC.BDM will drop a copy of itself on root drive as an executable game file common to many. The worm also modifies registry to add own entries that will allow self-execution at Windows start-up.
Distribution
To spread W32.SillyFDC.BDM, it will create a duplicate copy on removable USB drive as well as mapped network drives. Random file name is used to avoid duplicate copies and avoid suspicion from infected computer users. For a complete list of file names associated with this worm, please see the “Associated Files and Folder” area.
Associated Files and Folders:
[%SystemDrive%, Removable Drives, Mapped Drives]\Games Flash\Doraemon Adventure.exe [%SystemDrive%, Removable Drives, Mapped Drives]\Games Flash\Game Kartu.exe [%SystemDrive%, Removable Drives, Mapped Drives]\Games Flash\Guitar Hero 4.exe [%SystemDrive%, Removable Drives, Mapped Drives]\Games Flash\Keyboard Hangman.exe [%SystemDrive%, Removable Drives, Mapped Drives]\Games Flash\Mario Bross.exe [%SystemDrive%, Removable Drives, Mapped Drives]\Games Flash\Misteri Raja Pocong.exe [%SystemDrive%, Removable Drives, Mapped Drives]\Games Flash\Naruto Classic.exe [%SystemDrive%, Removable Drives, Mapped Drives]\Games Flash\PacMan Millenium.exe [%SystemDrive%, Removable Drives, Mapped Drives]\Games Flash\Permainan Acak.exe [%SystemDrive%, Removable Drives, Mapped Drives]\Games Flash\Playboy Mansion.exe [%SystemDrive%, Removable Drives, Mapped Drives]\Games Flash\Spyderman.exe [%SystemDrive%, Removable Drives, Mapped Drives]\RECYCLER\Buruh.exe [%SystemDrive%, Removable Drives, Mapped Drives]\RECYCLER\Kuli.exe [%SystemDrive%, Removable Drives, Mapped Drives]\RECYCLER\Pembantu.exe [%SystemDrive%, Removable Drives, Mapped Drives]\RECYCLER\Tukang.exe [%SystemDrive%, Removable Drives, Mapped Drives]\RECYCLER\services.exe
How to Remove W32.SillyFDC.BDM
1. Temporarily Disable System Restore (Windows Me/XP). [how to]
2. To be able to identify even the most recent variant of W32.SillyFDC.BDM, open your antivirus application and update the virus definition file.
3. Start Windows in Safe Mode with Networking.
- From a power-off state, turn on the computer and press F8 on your keyboard repeatedly.
- Your computer will display Windows Advanced Boot Options menu. Please select Safe Mode with Networking.
- The system will now boot Windows and loads only necessary drivers and files.
4. Open your antivirus program and run a full system scan. After the scan, delete all infected items. If unable to delete, better place them in quarantine. Once the scan is complete, please proceed with the next step.
Scan with Norton Power Eraser:
Free tool from Symantec called Norton Power Eraser provides deep scanning technology to detect and remote threats like W32.SillyFDC.BDM. NPE targets and eliminate threats that regular virus scan fails to identify. Download NPE here.
Important! Because of Norton Power Eraser’s aggressive method, it can select even legitimate files as suspicious. Please use this tool very carefully.