1. Symantec/
  2. Security Response/
  3. W32.SillyDC


Risk Level 1: Very Low

October 4, 2006
February 20, 2007 2:30:23 AM
Also Known As:
Virus.Win32.Autorun.cu [Kaspersky], W32/Generic!Floppy [McAfee], Trj/TaskKill.A [Panda Software], Mal/VB-F [Sophos], Worm/VB.BNI [AVG], TR/Agent.VB.AOA [Avira Antivir], Trojan.Agent.VB.AOA [BitDefender], Win32/Autorun.C [NOD32]
Systems Affected:
W32.SillyDC is a generic detection for worms that spread by copying themselves to removable and shared drives. These worms then download and execute other threats on the compromised computer.

AutoRun is a feature of Windows that allows a drive to be configured so that a particular executable may be run whenever the drive is accessed or connected to another computer. Worms detected as W32.SillyFDC typically use the AutoRun feature to spread.

The term AutoPlay is used to refer to functionality present in Windows XP and later that includes the AutoRun feature. On insertion of media, AutoPlay may prompt the user to select an action that should be taken. Depending on system configuration, these actions may include AutoRun tasks.

Users should note that AutoRun is disabled by default for non-optical removable drives in recent versions of Windows and on systems with certain updates applied.

Symantec strongly recommends that users take steps to control the use of the AutoRun feature and prevent the execution of programs referenced in autorun.inf files. For more information, please see the following document:

How to prevent a virus from spreading using the 'AutoRun' feature.

Most samples of this worm that are encountered will attempt to download content from the Internet rather than the local network. In order to successfully achieve its primary function it must run on a computer that is inadequately protected and connected to a network. An adequately protected computer will either prevent the worm from running in the first place or prevent unauthorized access to network resources and thereby prevent the attack from being carried out to its conclusion.

If a Symantec antivirus product displays a detection alert for this threat, it means the computer is already protected and the Symantec product will effectively remove this threat from the computer.

Antivirus Protection Dates

  • Initial Rapid Release version October 4, 2006
  • Latest Rapid Release version February 13, 2018 revision 022
  • Initial Daily Certified version October 4, 2006
  • Latest Daily Certified version February 14, 2018 revision 001
  • Initial Weekly Certified release date October 4, 2006
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube