W32.SillyFDC.BDG


When W32.SillyFDC.BDG is present on the computer, it will perform the following tasks:

It will modify Windows Registry and add the following entries:

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run\”Windows Media Player” = “%ProgramFiles%\Windows Media Player\wmplayerc.exe”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\”FirewallDisableNotify” = “1”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\”FirewallOverride” = “1”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\”UpdatesDisableNotify” = “1”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\”AntiVirusDisableNotify” = “1”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\”AntiVirusOverride” = “1”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\”EnableLUA” = “0”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cscript.exe\”Debugger” = “rundll32.exe”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscript.exe\”Debugger” = “rundll32.exe”

The threat will drop the following malicious files:

  • %ProgramFiles%\Windows Media Player\svchost.exe
  • %ProgramFiles%\Windows Media Player\wmplayerc.exe
  • %CurrentFolder%\[SUBFOLDER NAME].lnk
  • %SystemDrive%\Autorun.inf
  • %DriveLetter%\RECYCLER\desktop.ini
  • %DriveLetter%\RECYCLER\[TWO SPACES].com

Leave a Comment