Win32.AutoRun.ftc

Win32.AutoRun.ftc is a worm that can automatically infect new computers by exploiting shared networks and portable hard drive devices. SpywareRemove.com malware researchers have found that, in addition to worm-based behavior, many Win32.AutoRun.ftc variants can show symptoms of being similar to a Sality virus that can infect normal system files and blockade security-related programs and processes. Due to the potentially serious damage that Win32.AutoRun.ftc can cause to any Windows PC, you should be prepared to react quickly and delete Win32.AutoRun.ftc by using the best anti-malware product that you have available for the job.

Observations on Win32.AutoRun.ftc's Worm Characteristics

Win32.AutoRun.ftc is a member of the widespread Autorun worm family, a group of worms that exploit Autorun.inf files to spread to new computers. Worm:Win32/Autorun.ABQ, Worm:Win32/Autorun.MBS, Worm:Win32/Autorun.GY, VirTool:INF/Autorun.gen!J, Worm:Win32/Autorun.ACH and Worm:VBS/Autorun.F are examples of similar worms and related infection components that propagate in the same way as Win32.AutoRun.ftc.

SpywareRemove.com malware research experts have confirmed that Win32.AutoRun.ftc can reproduce by copying itself to removable drives (such as USB devices) or to network-shared folders. Contamination occurs whenever the device is plugged into a new PC, or when the network-shared location is accessed, and all versions of Windows from at least Windows 98 up to and including Windows 7 are vulnerable to this Win32.AutoRun.ftc attack. These files are often hidden with System or Hidden attribute flags. Some sources also report that Win32.AutoRun.ftc variants can spread through email links and file attachments that may appear to have been sent by familiar social contacts.

Variants of Win32.AutoRun.ftc have been reported to cause frequent system crashes, poor performance and the appearance of adult website shortcuts and advertisements. However, these traits may not apply to all versions of Win32.AutoRun.ftc.

The Worst You Can Expect from a Sality Variant of Win32.AutoRun.ftc

As bad as the standard Win32.AutoRun.ftc worm is, a Sality-based variant, such as Virus:Win32/Sality.T, is even worse for your PC. This variant of Win32.AutoRun.ftc, besides being a worm, is also a virus, and as such, can infect .exe and .scr files at will. Once the Sality version of Win32.AutoRun.ftc has infected your computer, it will engage in a direct rampage against your PC security:

• Win32.AutoRun.ftc will attempt to delete all files that are related to providing threat definitions for anti-malware products. It does this by identifying commonly-used database extensions, including .avc, .key and .vdb.
• Secondly, SpywareRemove.com malware researchers have found that this version of Win32.AutoRun.ftc will also attack and shut down various services and processes that are related to popular PC security brands, based on the text strings that are used in their names. The following is just a short sample of the dozens of processes that Win32.AutoRun.ftc can shut down: aswUpdSv, AVGNTMGR, DRWEB32W, GIANTANTISPYWAREUPDATER, LavasoftFirewall, PCCNTMON, TEATIMER, UmxAgent and VSSERV.
• After all that, Win32.AutoRun.ftc may take advantage of your PC crippled security, by installing other types of malicious software. SpywareRemove.com malware analysts have discovered that these files are hidden in the Temp folder while Win32.AutoRun.ftc launches them automatically. Possible payloads from Win32.AutoRun.ftc can range from rogue security and defragmentation programs like Dr.Web Enhanced Protection Mode, Bogema Security and Windows Vista System Repair to Trojans like Backdoor.Tidserv or Backdoor.Win32.Surila.

Detecting all components of a Win32.AutoRun.ftc infection is nearly impossible to do by manual methods, so it's suggested that you use a proper anti-malware application to remove Win32.AutoRun.ftc from your PC.

Technical Details