Clean and Removing Worm W32.SillyFDC ( Pendekar Blank )Virus

Clean and Removing Worm W32.SillyFDC ( Pendekar Blank )Virus

Here is manual tutorial for cleaning and removing " Pendekar Blank Virus " :
1. You must have PROCEXP and run, can be downloaded http://www.sysinternals.com/
2. Right click and choose suspend@blank.doc, empty.jpg, hole.zip, unoccupied.reg, zero.txt
3. Next go to control --> Folder Options, View tab election and advanced settings : option Show hidden files and folders, Uncheck Hide extensions for known file types, Uncheck Hide protected operating system files (Recommended)


W32.SillyFDC [Symantec] is also known as Threat Alias :


W32/Zaflen.a [McAfee]
Worm.VB.FKF [PC Tools]
Worm.Win32.VB.gr [Kaspersky Lab]
Worm.Win32.VB.ck [Kaspersky Lab]
W32/YahLover.worm [McAfee]
WORM_SOHANAD.FI [Trend Micro]
W32/Autorun.worm.h [McAfee]
Generic!atr [McAfee]
VBS_AUTORUN.DMS [Trend Micro]
PE_FLUENZA.ART-O [Trend Micro]
Virus.Win32.AutoRun.as [Kaspersky Lab]
Generic Packed [McAfee]
WORM_SILLY.DQ [Trend Micro]
PE_ABI.A [Trend Micro]
Worm.Win32.VB.fi [Kaspersky Lab]
Worm.VB.GUE [PC Tools]
Generic.dx [McAfee]
Generic VB.b [McAfee]
WORM_ABI.B [Trend Micro]
W32.SillyDC [Symantec]
Worm.VB.FMU [PC Tools]
IM-Worm.Win32.VB.gd [Kaspersky Lab]
Trojan.Hider.G [PC Tools]
Trojan.Win32.VB.atg [Kaspersky Lab]
Worm.Delf!sd5 [PC Tools]
TROJ_AGENT.SAO [Trend Micro]
Worm.VB.FWG [PC Tools]
Worm.Win32.Delf.aj [Kaspersky Lab]
WORM_VB.EIQ [Trend Micro]
Win32.Drowor.Gen [PC Tools]
New Malware.n [McAfee]
WORM_IMAUT.AA [Trend Micro]
Worm.Win32.Agent.ay [Kaspersky Lab]
W32/Dorcrag.worm [McAfee]
W32/Virut.gen [McAfee]
Worm.AutoIt.DQ [PC Tools]
W32/Autorun.worm.cs [McAfee]
Trojan.Win32.Hider.i [Kaspersky Lab]
Trojan-Downloader.Win32.VB.bbl [Kaspersky Lab]
Worm.VB.GIO [PC Tools]
W32/Autorun.worm.f [McAfee]
WORM_VB.CIU [Trend Micro]
WORM_SILLYDC.AL [Trend Micro]
Trojan.VB.ZBW [PC Tools]
Downloader.gen.a [McAfee]
Virus.Win32.VB.bg [Kaspersky Lab]
Hider [McAfee]
W32/Autorun.worm.n [McAfee]
WORM_VB.FKO [Trend Micro]
Worm.Win32.VB.el [Kaspersky Lab]
W32/Autorun.worm.i.gen [McAfee]
Mal_Otorun5 [Trend Micro]
Worm.AutoIt.S [PC Tools]
Worm.AutoRun.PX [PC Tools]
W32/Autorun.worm.u [McAfee]
WORM_VB.CII [Trend Micro]
Worm.Win32.Delf.ca [Kaspersky Lab]
Trojan.VB.EPP [PC Tools]
Worm.AutoRun.AO [PC Tools]
Trojan.DL.Agent.VRX [PC Tools]
W32/Autorun.worm.ch [McAfee]
W32/Generic!worm [McAfee]
Worm.Win32.AutoIt.i [Kaspersky Lab]
WORM_SILLY.EP [Trend Micro]
Virus.Win32.VB.eg [Kaspersky Lab]
W32/Autorun.worm.b [McAfee]
W32/Hooon.worm [McAfee]
Worm.AutoRun.AIP [PC Tools]
Worm.Win32.AutoRun.cwe [Kaspersky Lab]
TROJ_HIDER.I [Trend Micro]
Worm.AutoIT.V [PC Tools]
PE_VIRUT.XL [Trend Micro]
W32/Autorun.worm.g [McAfee]
W32/USBAgent [McAfee]
Trojan.QQPass.Gen [PC Tools]
W32/Cekar [McAfee]
PE_VIRUT.GEN-2 [Trend Micro]
WORM_AUTORUN.BUK [Trend Micro]
Virus.Win32.Virut.q [Kaspersky Lab]
PE_DROWOR.A [Trend Micro]
Virus.Win32.AutoRun.cb [Kaspersky Lab]
Worm.VB!sd5 [PC Tools]
W32/Autorun.worm.j [McAfee]
Worm.VB.EDCS [PC Tools]
WORM_AGENT.ACCD [Trend Micro]
WORM_VB.ERF [Trend Micro]
Backdoor.VB.ESE [PC Tools]
Trojan.Win32.VB.ayo [Kaspersky Lab]
Virus.Win32.AutoRun.aik [Kaspersky Lab]
W32/Autorun.worm.bl [McAfee]
Virus.Win32.AutoRun.abt [Kaspersky Lab]
Worm.Hamweg.Gen [PC Tools]
WORM_BRONTOK.BW [Trend Micro]
WORM_VB.GAY [Trend Micro]
JS.Chir.B [PC Tools]
TROJ_AGENT.ANAR [Trend Micro]
Trojan.QQPass.Gen.4 [PC Tools]
Trojan.QQPass.Gen.7 [PC Tools]
Trojan-Downloader.Win32.AutoIt.x [Kaspersky Lab]
Virus.Win32.AutoRun.gp [Kaspersky Lab]




W32.SillyFDC [Symantec] is known to be created as :


%AllUsersProfile%\desktop.exe
%AllUsersProfile%\documents.exe
%AllUsersProfile%\drm.exe
%AllUsersProfile%\favorites.exe
%AllUsersProfile%\fotitoella.exe
%AllUsersProfile%\templates.exe
%AppData%\cftmon.exe
%AppData%\flexiblesoft\spirit.exe
%AppData%\microsoft\cd burning\auto.exe
%AppData%\microsoft\cd burning\coolworld.exe
%AppData%\microsoft\cd burning\protector.exe
%AppData%\rocket.exe
%AppData%\spool.exe
%AppData%\spooll.exe
%AppData%\waultc.exe
%AppData%\waults.exe
%CommonAppData%\microsoft.exe
%CommonAppData%\microsoft\crypto.exe
%CommonAppData%\microsoft\crypto\dss.exe
%CommonAppData%\microsoft\crypto\dss\fondo1024x768.exe
%CommonAppData%\microsoft\crypto\dss\machinekeys.exe
%CommonAppData%\microsoft\crypto\dss\machinekeys\img00002.exe
%CommonAppData%\microsoft\crypto\fotocote.exe
%CommonAppData%\microsoft\crypto\rsa.exe
%CommonAppData%\microsoft\crypto\rsa\machinekeys.exe
%CommonAppData%\microsoft\crypto\rsa\mariajose.exe
%CommonAppData%\microsoft\crypto\rsa\s-1-5-18.exe
%CommonAppData%\microsoft\ctfmon.exe
%CommonAppData%\microsoft\fotocote.exe
%CommonAppData%\microsoft\media index\fotomj.exe
%CommonAppData%\microsoft\media player\fondo1024x768.exe
%CommonAppData%\microsoft\network.exe
%CommonAppData%\microsoft\network\connections.exe
%CommonAppData%\microsoft\network\connections\cm.exe
%CommonAppData%\microsoft\network\connections\cm\fotomj.exe
%CommonAppData%\microsoft\network\connections\img000152.exe
%CommonAppData%\microsoft\network\connections\pbk.exe
%CommonAppData%\microsoft\network\scs000132.exe
%CommonAppData%\microsoft\spirit.exe
%CommonAppData%\microsoft\user account pictures\bro_act.exe
%CommonAppData%\microsoft\user account pictures\yoppp_playa.exe
%CommonAppData%\vb.net.exe
%CommonAppData%\vmware.exe
%CommonAppData%\vmware\fotitoella.exe
%CommonAppData%\vmware\vmware tools\fondo1024x768.exe
%CommonDesktopDir%\desktop.exe
%CommonDesktopDir%\files.exe
%CommonDesktopDir%\foto_ella_bikini.exe
%CommonDesktopDir%\newfolder.exe
%CommonDesktopDir%\notepad.exe
%CommonDocuments%\bro_act.exe
%CommonDocuments%\my music\accounting.exe
%CommonDocuments%\my music\bro_act.exe
%CommonDocuments%\my music\fotowena.exe
%CommonDocuments%\my music\my playlists\fotocote.exe
%CommonDocuments%\my music\sample music\bro_act.exe
%CommonDocuments%\my music\sample music\lastscan.exe
%CommonDocuments%\my music\sample playlists\00090beb.exe
%CommonDocuments%\my music\sample playlists\lastscan.exe
%CommonDocuments%\my pictures\bro_act.exe
%CommonDocuments%\my pictures\sample pictures\bro_act.exe
%CommonDocuments%\my pictures\sample pictures\fotitoella_10.exe
%CommonDocuments%\my videos\bro_act.exe
%CommonDocuments%\my videos\fotitoella_10.exe
%CommonFavorites%\img000152.exe
%CommonPrograms%\accessories.exe
%CommonPrograms%\accessories\accessibility.exe
%CommonPrograms%\accessories\accessibility\img000152.exe
%CommonPrograms%\accessories\communications.exe
%CommonPrograms%\accessories\entertainment.exe
%CommonPrograms%\accessories\entertainment\fotitoella.exe
%CommonPrograms%\accessories\system tools\foto_respaldo1.exe
%CommonPrograms%\administrative tools\img000152.exe
%CommonPrograms%\fotobikini.exe
%CommonPrograms%\programs.exe
%CommonPrograms%\startup.exe
%CommonPrograms%\startup\avp.exe
%CommonPrograms%\startup\bro_act.exe
%CommonPrograms%\startup\folderwiz.com
%CommonPrograms%\startup\lsass.exe
%CommonPrograms%\startup\msconfig.exe
%CommonPrograms%\startup\osa.exe
%CommonPrograms%\startup\plus.exe
%CommonPrograms%\startup\setup.exe
%CommonPrograms%\startup\startup.exe
%CommonPrograms%\startup\svchots.exe
%CommonPrograms%\startup\systemil2.exe
%CommonPrograms%\startup\tati.exe
%CommonPrograms%\startup\winlogon.exe
%CommonPrograms%\startup\winsys2.exe
%CommonStartMenu%\programs.exe
%CommonStartMenu%\yoppp_playa.exe
%CommonTemplates%\img00002.exe
%CommonTemplates%\spss.exe
%DesktopDir%\desktop.exe
%DownloadedProgramFiles%\svchost.exe
%Favorites%\links.exe
%FontsDir%\fonts.exe
%FontsDir%\nwlnkfwd.exe
%FontsDir%\nwlnkipx.exe





4. Search and delete file contain of the virus :



c:\aut0exec.bat
c:\windows\system32\dllcache\Regedit32.com
c:\windows\system32\dllcache\Shell32.com
c:\windows\system32\dllcache\rund1132.exe
c:\windows\system32\dllchache.exe
c:\windows\system32\M5VBVM60.exe
c:\(Read Me)Pendekar Blank.txt
c:\windows\system32\dllchache\blank.doc
c:\windows\system32\dllchache\empty.jpg
c:\windows\system32\dllchache\hole.zip
c:\windows\system32\dllchache\msvbvm60.dll
c:\windows\system32\dllchache\unoccupied.reg
c:\windows\system32\dllchache\zero.txt
c:\windows\system32.exe







5. Clean and Repair registry



Delete HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, Secure32
Delete HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, Secure64
Delete HKEY_LOCALMACHINE, Software\Microsoft\Windows\CurrentVersion\Run, Blank Antiviri
CHANGE & MODIFY @ HKCR, comfile\shell\open\command,,,”””%1″” %*”
CHANGE & MODIFY @ HKLM, SYSTEM\ControlSet001\Control\SafeBoot, AlternateShell,0, “cmd.exe”
CHANGE & MODIFY @ HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot, AlternateShell,0, “cmd.exe”
CHANGE & MODIFY @ HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Userinit,0, “C:\Windows\system32\userinit.exe,”
CHANGE & MODIFY @ HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, ShowSuperHidden,0×00010001,1
CHANGE & MODIFY @ HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Userinit.,0, “userinit.exe”


6. Than Restart yout computer


Source : http://dhuwuh.blogspot.com/2008/08/clean-and-removing-worm-w32sillyfdc.html



Related Posts by Categories :


21 comments:

vishal prajapati said... on January 24, 2009 at 9:15 PM  

great man!!!!thanks a lot...u earn 10/10 credit for this...
it's help me to clean that virus,which west lot of memory...
thanks 1s again...

Anonymous said... on April 14, 2009 at 12:40 PM  

It successfully removed the virus yesterday, i checked in the task manager but today again when I switched on my computer after few minutes, these all files ((Read Me)Pendekar Blank.txt,blank.doc,empty.jpg,hole.zip) are visible on my task manager.

Please advice if any of you faced the same issue.

Thanks
Manish

Anonymous said... on April 14, 2009 at 12:44 PM  

It successfully removed the virus yesterday, i checked in the task manager but today again when I switched on my computer after few minutes, these all files ((Read Me)Pendekar Blank.txt,blank.doc,empty.jpg,hole.zip) are visible on my task manager.

Please advice if any of you faced the same issue.

Thanks
Manish
manishwc@gmail.com

Anonymous said... on April 19, 2009 at 4:11 PM  

Solution from Search-and-destroy.
If you own a computer, you must have antispyware to keep it running at its best. The problem is choosing a scan that works. I have tried many different types of scans in the past and then I ran across Search-and-destroy Antispyware. I have to say that the antispyware solution from Search-and-destroy is the best that I have used to date. It gets the job done and keeps my computer working like new. If you are interested in seeing for yourself just how good this antispyware works you can click on http://www.Search-and-destroy.com to learn more. I’m sure it would be worth your time to check it out.

Trojan.Vundo Removal said... on September 25, 2009 at 1:12 AM  

Great site...I too help people remove nasty win32 trojan viruses. Visit my site to get rid of vundo!

Win32 Zlob Removal said... on September 25, 2009 at 1:14 AM  

Excellent post, I have had the win32.silly virus before and it is a nasty one to remove. Thanks!

khasiat sarang semut said... on June 23, 2011 at 12:17 PM  

Tips dan Tulisan postingannya bermanfaat, saya dalam ide baru dari postingan ini. Terima kasih banyak

ac portable said... on December 26, 2012 at 3:11 PM  

after I tried this software, worm virus on my computer disappear with a flash

Julia Robert said... on June 2, 2013 at 10:57 PM  

Thanks for sharing this nice post. Through best antivirus you can remove this kind of virus.

Win32 autoit Virus Removal

Post a Comment

"Using DOFOLLOW System. Pease don`t SPAM!!!"

Thanks To Comment My Articles. God Bless You People.

Add to Technorati Favorites

Technorati Ping To Your Blog
Including Yours E-Mail Address To Subscribe New Tricks