W32.SillyFDC.BBX


What are the Symptoms of W32.SillyFDC.BBX Infection?

It will modify Windows Registry and add the following entries:

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run\”Msn Messsenger” = “%System%\regsvr.exe”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\”svchost Agent” = “%System%\28463\svchost.exe”
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule\”AtTaskMaxHours” = “0”
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess \Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\”%CurrentFolder%\[ORIGINAL THREAT FILE NAME].exe” = “%CurrentFolder%\[ORIGINAL THREAT FILE NAME].exe:*:Enabled:ipsec”

The threat will drop the following malicious files:

  • %DriveLetter%\New Folder .exe
  • %DriveLetter%\jxcw.exe
  • %DriveLetter%\regsvr.exe
  • %DriveLetter%\autorun.inf
  • %System%\28463\svchost.001
  • %System%\28463\svchost.exe
  • %System%\setting.ini
  • %System%\setup.ini
  • %Windir%\Tasks\At1.job
  • %System%\regsvr.exe
  • %System%\svchost .exe
  • %Windir%\regsvr.exe

Leave a Comment