My system is infected with Worm.Silly.g and I clean the system also. BUt the behavior of this malware is very different.
Description of the Malware
After Execution of the Malware it creates a directory by the name RecyclerDSK on C Drive and drop HDAV.EXE file in DSK directory. This HDAV.EXE opens the Handle in Explorer.exe so that nobody can delete or copy this file. Whenever I plugin USB this file comes in the process and drops the same folder structure along with autorun.inf in the root of the USB and terminates it’s process itself.
Nobody can find it’s running process or any other dll.
I would like to know how this HDAV.EXE can load it’s code in explorer.exe and open it’s handle?