이름 : W32/SillyFDC-EJ
구분 : 바이러스/스파이웨어
종류 : 웜
전파방법 :
(1) 이동가능한 저장매체
(2) 네트워크 공유
영향받는 운영체제 : 윈도우
W32/SillyFDC-EJ는 웜이다.
아래와 같이 레지스트리가 설정되고 시스템 소프트웨어의 구동을 막는다.
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore
DisableConfig
0x00000001
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableRegistryTools
1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableTaskMgr
1
HKCU\Software\Policies\Microsoft\Windows\System
DisableCMD
1
아래와 같이 레지스트리가 세팅된다.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoClose
1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoControlPanel
1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
1
command.com
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoRun
1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
DisallowRun
1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoClose
1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoControlPanel
1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
CheckedValue
2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt
UncheckedValue
1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden
UncheckedValue
0
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Shell
explorer.exe <Windows>\db4d\lsass.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Hidden
2
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HideFileExt
1
![[레벨:6]](http://wowhacker.com/modules/point/icons/default/6.gif "포인트:3395point (13%), 레벨:6/30"){kind=icon}
K