Win32/SillyAutorun.FTW
Posted: June 13, 2013
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Ranking: | 3,953 |
---|---|
Threat Level: | 1/10 |
Infected PCs: | 6,036 |
First Seen: | June 13, 2013 |
---|---|
Last Seen: | October 16, 2023 |
OS(es) Affected: | Windows |
Win32/SillyAutorun.FTW is a worm that distributes itself through both peripheral devices and IRC spam. Unusually, Win32/SillyAutorun.FTW doesn't compromise the entirety of a removable device's files at once – instead, Win32/SillyAutorun.FTW replaces files one at a time in staggered intervals, which presumably is part of an effort to avoid being detected. The usual means that SpywareRemove.com malware researchers encourage for protecting against worms also work against Win32/SillyAutorun.FTW, which only was detected recently, but still should be removable by any kind of worthwhile anti-malware software. However, you should be careful to scan any potentially-infected removable devices along with your hard drive, and avoid sharing such devices until you're certain that you've deleted all copies of Win32/SillyAutorun.FTW.
Win32/SillyAutorun.FTW: a Less Than Subtle Self-Proliferator
Win32/SillyAutorun.FTW is classified as a worm due to its ability to create copies of itself and distribute those copies to various locations, wherein they may thereafter infect other vulnerable computers. Win32/SillyAutorun.FTW uses one of the most documented distribution methods open to malware in general and worms in particular: removable devices, such as USB thumb drives, that can be written with new files. Like most worms, Win32/SillyAutorun.FTW doesn't overwrite the files in question (since that would be a rather large clue to its attack), but, instead, conceals them with the Windows 'Hidden' attribute and replaces them with visible copies of itself. These copies are named with the names of the original files and folders, with the notable exception of appending 's' to the end of each name (such as 'mydocs' instead of 'mydoc').
Additional measures Win32/SillyAutorun.FTW uses to hide its copies also include disabling your ability to change file-viewing settings that would let you see Hidden files, an attack that SpywareRemove.com malware experts also often find in worms that use similar distribution strategies. It should be noted that opening a copy of Win32/SillyAutorun.FTW will install Win32/SillyAutorun.FTW silently while also opening the original document or folder, thus minimizing any symptoms of the infection.
Shutting Down the Spread of Win32/SillyAutorun.FTW
Worms like Win32/SillyAutorun.FTW are capable of spreading throughout networks of removable device-sharing computers very rapidly, and, whenever dealing with a Win32/SillyAutorun.FTW infection, stopping Win32/SillyAutorun.FTW from doing just that should be your main priority. You also should be aware that Win32/SillyAutorun.FTW is capable of spreading through other sources, most prominently links in IRC, even in an absence of removable devices to be exploited.
As long as you scan your removable devices along with your hard drives, your anti-malware software should be able to remove Win32/SillyAutorun.FTW – which has been found to lack any sophisticated defenses features – without much difficulty. SpywareRemove.com malware experts haven't finished analyzing Win32/SillyAutorun.FTW's payload, but do warn that worms like Win32/SillyAutorun.FTW often have been known to distribute backdoor Trojans, rootkits and other high-level threats to your PC's safety.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:C:\Documents and Settings\<username>\Application Data\E-73473-3674-74335\msnrsmsn.exe
File name: C:\Documents and Settings\<username>\Application Data\E-73473-3674-74335\msnrsmsn.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
Registry Modifications
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft3264OSUpdate
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.