1. /
  2. Security Response/
  3. W32.SillyDC

W32.SillyDC

Risk Level 1: Very Low

Discovered:
October 4, 2006
Updated:
February 20, 2007 2:30:23 AM
Also Known As:
Virus.Win32.Autorun.cu [Kaspersky], W32/Generic!Floppy [McAfee], Trj/TaskKill.A [Panda Software], Mal/VB-F [Sophos], Worm/VB.BNI [AVG], TR/Agent.VB.AOA [Avira Antivir], Trojan.Agent.VB.AOA [BitDefender], Win32/Autorun.C [NOD32]
Type:
Worm
Systems Affected:
Windows 98, Windows 95, Windows XP, Windows Me, Windows NT, Windows 2000
W32.SillyDC is a generic detection for worms that spread by copying themselves to removable and shared drives. These worms then download and execute other threats on the compromised computer.

AutoRun is a feature of Windows that allows a drive to be configured so that a particular executable may be run whenever the drive is accessed or connected to another computer. Worms detected as W32.SillyFDC typically use the AutoRun feature to spread.

The term AutoPlay is used to refer to functionality present in Windows XP and later that includes the AutoRun feature. On insertion of media, AutoPlay may prompt the user to select an action that should be taken. Depending on system configuration, these actions may include AutoRun tasks.

Users should note that AutoRun is disabled by default for non-optical removable drives in recent versions of Windows and on systems with certain updates applied.

Symantec strongly recommends that users take steps to control the use of the AutoRun feature and prevent the execution of programs referenced in autorun.inf files. For more information, please see the following document:

How to prevent a virus from spreading using the 'AutoRun' feature.

Most samples of this worm that are encountered will attempt to download content from the Internet rather than the local network. In order to successfully achieve its primary function it must run on a computer that is inadequately protected and connected to a network. An adequately protected computer will either prevent the worm from running in the first place or prevent unauthorized access to network resources and thereby prevent the attack from being carried out to its conclusion.

If a Symantec antivirus product displays a detection alert for this threat, it means the computer is already protected and the Symantec product will effectively remove this threat from the computer.

Antivirus Protection Dates

  • Initial Rapid Release version October 4, 2006
  • Latest Rapid Release version December 13, 2014 revision 009
  • Initial Daily Certified version October 4, 2006
  • Latest Daily Certified version December 14, 2014 revision 002
  • Initial Weekly Certified release date October 4, 2006
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Easy

Damage

  • Damage Level: Medium
  • Payload: These worms download other threats on to the computer.

Distribution

  • Distribution Level: Low
  • Shared Drives: These worms spread through removable and shared drives.

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver