Win32/SillyDl is a family of trojans that act as downloaders. They may be installed via Internet Explorer exploits when users visit malicious web pages; other trojan downloaders or components; or they may be packaged with software that the user has chosen to install.

----------

A downloader is a program that automatically downloads and runs and/or installs other software without the user's knowledge or permission.

In addition to downloading and installing other software, it may download updated versions of itself.

A downloader may install itself in a manner that allows it to constantly check for updated files. For example, it may add an entry to the following registry key:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

A Win32/SillyDl variant may download other trojans, or non-malicious programs such as adware. At any given moment in time, the program(s) it attempts to download may be changed or updated, or may be unavailable altogether. They usually download using HTTP.

Win32/SillyDl variants are usually quite small, due to their limited functionality. They may be compressed with any of a variety of executable packers, such as UPX, ASPack or FSG.

Note:  Many SillyDl variants are installed on an affected machine by another component. In this scenario, a c omponent downloads SillyDl, which then in turn downloads other files and installs them on an affected machine. In the vast majority of cases, these files are adware.  

While CA Antivirus solutions detect and remove many variants of SillyDl, an issue may occur where the file that is installing the SillyDl variant is not detected. In these cases, CA Antivirus will detect and remove the SillyDl variant, however, detections will continue to be reported, as SillyDl is continuously being installed by the other component that we do not detect as yet.

If you are having problems with recurring detections of Win32/SillyDl variants being reported, please contact our Support group for additional information on submitting the files that may be installing SillyDl. If you are having issues with SillyDl variants not being cleaned, please submit a sample of the detected file.  

For eTrust EZ Antivirus customers:
Please visit my-eTrust.com ( http://www.my-etrust.com/services/virusSample.cfm ) and use the 'Submit Virus Sample' form.

For Vet customers:
Please use an archiving utility to create a ZIP containing the suspicious file; password-protect it with the password 'virus' and send attached to an e-mail to virus@vet.com.au .

For eTrust Anvitirus customerse (InoculateIT and Vet engine):
Please use an archiving utility (see detailed instructions below) to create a ZIP containing the suspicious file; password-protect it with the password 'virus' and send attached to an e-mail to virus@ca.com .

For further information on how to submit virus samples, please v isit: Submitting Virus Samples or Support .

In order to avoid SillyDl infections it is important to follow safe computing practices, such as keeping your Operating System and third party applications up to date and patched with the latest updates, and use an Anti-Spyware and Adware solution such as eTrust Pest Patrol . CA also provides a free  online Pest Scanner here .