As title above this virus is W32/SillyFDC-D, Worm.Win32.VB.dh - BrO_AcT.exe, My SeXy.exe a worm for the Windows platform. spread via network shares.
go to this link for more info about this
virus :http://www.sophos.com/security/analyses/w32sillyfdcd.html
fuh... my Avast AV detected it when my friend plug in his USB external HD...
Technical Detail
As usual, the infected Operating System is Microsoft Windows. Method of spreading is by Autorunning from from portable USB drive.
This worm will create:
C:\Windows\System\BrO_AcT.exe
C:\Windows\System\Your Computer Name\svchost.exe
Registry:
BrO_AcT
/ />HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
svchost
name
Symptoms
1. Popup box with the title BrO_AcT.exe, mambling something about how he's trying to make your OS better
2. Automatic close of Taskmanager (taskman.exe), Command Prompt (cmd.exe), and Microsoft System Configuration Utility (msconfig.exe).
Threats
Will copy itself to portable USB drives connected to the system. Creating
- Autorun.inf
- BrO_AcT.exe
-My SeXy.exe
On the portable USB drive which will autorun everytime the infected Portable USB drives connect to other system
The file Autorun.inf can be safely deleted. The file Autorun.inf is designed to start the worm once the removeable drive is connected to a uninfected computer.
go to this link for more info about this
virus :http://www.sophos.com/security/analyses/w32sillyfdcd.html
fuh... my Avast AV detected it when my friend plug in his USB external HD...
Technical Detail
As usual, the infected Operating System is Microsoft Windows. Method of spreading is by Autorunning from from portable USB drive.
This worm will create:
C:\Windows\System\BrO_AcT.exe
C:\Windows\System\Your Computer Name\svchost.exe
Registry:
Entry to run the file BrO_AcT.exe and svchost.exe when windows start.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
BrO_AcT
/ />HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
svchost
name
Symptoms
1. Popup box with the title BrO_AcT.exe, mambling something about how he's trying to make your OS better
2. Automatic close of Taskmanager (taskman.exe), Command Prompt (cmd.exe), and Microsoft System Configuration Utility (msconfig.exe).
Threats
Will copy itself to portable USB drives connected to the system. Creating
- Autorun.inf
- BrO_AcT.exe
-My SeXy.exe
On the portable USB drive which will autorun everytime the infected Portable USB drives connect to other system
The file Autorun.inf can be safely deleted. The file Autorun.inf is designed to start the worm once the removeable drive is connected to a uninfected computer.
powered by performancing firefox
No comments:
Post a Comment