Special Sponsor

Monday, January 15, 2007

W32/SillyFDC-D, Worm.Win32.VB.dh - BrO_AcT.exe, My SeXy.exe

As title above this virus is W32/SillyFDC-D, Worm.Win32.VB.dh - BrO_AcT.exe, My SeXy.exe a worm for the Windows platform. spread via network shares.

go to this link for more info about this

virus :http://www.sophos.com/security/analyses/w32sillyfdcd.html

fuh... my Avast AV detected it when my friend plug in his USB external HD...

Image Hosted by ImageShack.us

Technical Detail

As usual, the infected Operating System is Microsoft Windows. Method of spreading is by Autorunning from from portable USB drive.

This worm will create:


C:\Windows\System\Your Computer Name\svchost.exe


Entry to run the file BrO_AcT.exe and svchost.exe when windows start.


/ />HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run




1. Popup box with the title BrO_AcT.exe, mambling something about how he's trying to make your OS better

2. Automatic close of Taskmanager (taskman.exe), Command Prompt (cmd.exe), and Microsoft System Configuration Utility (msconfig.exe).


Will copy itself to portable USB drives connected to the system. Creating

- Autorun.inf

- BrO_AcT.exe

-My SeXy.exe

On the portable USB drive which will autorun everytime the infected Portable USB drives connect to other system

The file Autorun.inf can be safely deleted. The file Autorun.inf is designed to start the worm once the removeable drive is connected to a uninfected computer.

powered by performancing firefox

No comments: