Need help? Ask the community or hire an expert.
Go to Avira Answers
Date discovered:29/08/2010
In the wild:Yes
Reported Infections:Low
Distribution Potential:Low to medium
Damage Potential:Low to medium
Static file:Yes
File size:110.592 Bytes
MD5 checksum:8d6f4319f1c631e4fb3e78f376df89aa
VDF version:
IVDF version:

 General Methods of propagation:
   • Autorun feature
   • Mapped network drives

   •  Symantec: W32.SillyFDC
   •  Mcafee: W32/Autorun.worm.bx
   •  Kaspersky: Worm.Win32.AutoRun.bnpt
   •  TrendMicro: WORM_AUTORUN.FER
   •  Sophos: Mal/SillyFDC-A

Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows 7

Side effects:
   • Drops files
   • Registry modification

 Files It copies itself to the following location:
   • %SYSDIR%\%executed file's name without extension%.exe

It copies the following files:
    •  %drive%\*.okf into %sysdir%\debug\

It deletes the initially executed copy of itself.

The following file is created:

– C:\command.bat
%malware execution directory%\fpco.bat

 Registry The following registry key is added:

– [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows]
   • "run"="%SYSDIR%\sample.exe"

Description inserted by Andrei Ilie on Wednesday, February 9, 2011
Description updated by Andrei Ilie on Wednesday, February 16, 2011

Back . . . .