Aliases: FTrap, Win32.HLLW.Archex
Variants: N/A

Classification: Malware
Category: Computer Virus

Status: Inactive
Spreading: Slow
Geographical info: Some parts of Asia, Europe, North and South America, Africa and Australia
Removal: Easy
Platform: W32
Discovered: 07 Jan 2003
Damage: Low

Characteristics: A virus that self-replicates itself was discovered on January 7, 2003. This virus is called W32.Ftrap. This virus mostly affects Windows systems by copying itself to the hard drive and floppy disk drive.

More details about W32.Ftrap

Using a standard Windows folder icon, the virus replicates itself to the hard drive and floppy disk drive. If it is double-clicked, the virus runs. It opens a window containing the string "www.jumavi.go.to". Once this URL is clicked, the virus launches a file to browse to this particular web site. If the file does not exist, a message appears that says, “Run-time error ‘53’, File not found”. When you click on the message, the virus copies itself as C:\Windows\System\Archi.exe and begins to add value to the system registry key. Then, the virus remains in memory and examines the floppy disk drive to be able to copy itself as A:\Archi.exe. Therefore, the disk drive and floppy disk drive is successfully infected by this virus.

The W32.Ftrap application has functionalities that include the installation of files that have not been solicited by the user. Unlike legitimate applications that seek the permission of the user and provide an End-User License Agreement or EULA, this malware has no sufficient consent and privacy disclosure. Furthermore, this program does not provide an adequate uninstall procedure making it difficult, if not, impossible to remove. Remote access is also allowed by the W32.Ftrap program by means of RATs or remote administrator tools.