Author Topic: [RESOLVE]Winece.exe New found Virus in Philippines..  (Read 10806 times)

0 Members and 1 Guest are viewing this topic.

creamzero

  • Guest
[RESOLVE]Winece.exe New found Virus in Philippines..
« on: August 11, 2010, 04:25:11 AM »
marks all .doc and docx files hidden and system file...

replaces the doc with the same name but with the extension .exe..

infection in my documents and all removable disk (flash drives, external drives etc.)

size of worm, 14.7 MB!  >:(

changes the wallpaper and registers winece.exe as startup with label microsoft office tools..

It is still not confirmed if the worm can spread in the network since I disabled all modification of shared folders...

Once it spread the system, the windows will be corrupted but can still be fixed in the windows recovery console...

Avast can't seem to detect it... :(

C:\WINDOWS\winece.exe



« Last Edit: August 30, 2010, 03:17:56 PM by creamzero »

Offline Yanto.Chiang

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1371
  • Soli Deo Gloria
    • PT Garuda Sinatriya Globalindo
Hi Creamzero,

It was looked like that your machine infected some kind like virut families as reference link information :

http://miekiemoes.blogspot.com/2009/02/virut-and-other-file-infectors-throwing.html

If you do have the source file for winece.exe, you may try to submit to virustotal.com and see what is the result displayed?

And then please submit your infected source file and compress with name virus.zip and given password "virus" to : virus@avast.com

cheers,
Yanto Chiang | IT Security Consultants | AVAST Premium Security | GarudaSinatriya

Offline scythe944

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2913
    • My Tech Blog
Might want to watch what you download with that uTorrent client there cream.

Not saying that's where it came from, but there's a good chance.
For generic computer (not avast) problems, you can also visit my forum for help: http://www.jacobytech.net/forum

creamzero

  • Guest
@Yanto Chiang :

thanks for the info, i tried submitting it, it has no match..
hope it'll be included in the avast virus database in the next update..

@scythe944 :

thanks, but im not downloading anything, it spreads if mistakenly double-clicked... still cant find the source in the internet.. i have a feeling it was only developed here in my country...

Offline Coolmario88

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1556
  • Bronies make the web go round
i don't know if this will help or not but super anti spyware or something may dectect it
OS: Windows 11 64-bit
Webbrowser: Mozilla Firefox
PC Specs: Intel i5-12400f, Nvidia RTX 3050, 16gb ram, 1.5TB SSD(s).

creamzero

  • Guest
@Coolmario88cp :

Haha.. is avast not yet considered super anti spyware? :D

13thSlayer

  • Guest
@Coolmario88cp :

Haha.. is avast not yet considered super anti spyware? :D

Nah... SAS is some other product.

Offline scythe944

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2913
    • My Tech Blog
Or try MBAM (Malwarebytes' Anti-Malware).  http://www.malwarebytes.org
For generic computer (not avast) problems, you can also visit my forum for help: http://www.jacobytech.net/forum

creamzero

  • Guest
13thSlayer : Oh I see.. Sorry My bad.. I'll try.. I'll have too many application since I also have Malwarebytes..

scythe944 : I have one.. same result.. no infections detected... >:(

oxygenate

  • Guest
Thanks for your post, creamzero!

My PC got infected in the very same way after someone plugged in a flash drive. I've been 4 days without any solution.

But because of information from your post, I was finally able to confirm identity of the pest (yes, it's the winece.exe worm). I have just located and deleted it, deactivated it at startup, and ended its process thru Task Manager.

My desktop background has been restored, and Word files I place in the folder affected no longer hide and change into .exe files. To make sure, I deleted all the changed Word files, which I had transferred to a new "safety" folder when I first noticed the problem. I can do without these files anyway.

Thanks again, creamzero!

creamzero

  • Guest
 ;D ;D ;D ;D ;D ;D ;D ;D ;D ;D

This thread is closed! Hahahaha

THANK YOU SO MUCH AVAST FOR THE EARLY UPDATE!!!

This post should have been done last week, sorry been busy managing business... $_$

@oxygenate : walang anuman brad.. hahahaha badtrip yang virus na yan... panira ng ng server... :) If you have a new virus just send it to virus@avast.com

@Yanto.Chiang! : thank you man!

SafeSurf

  • Guest
[RESOLVED] Re: Winece.exe New found Virus in Philippines..
« Reply #11 on: August 30, 2010, 10:17:39 AM »
creamzero,

This thread is closed!
THANK YOU SO MUCH AVAST FOR THE EARLY UPDATE!!!

Now that your issue is now resolved/fixed, please go back to the first open post in this topic, click the modify button in that Post and change the title/subject, add [Resolved] to the beginning of the title so this thread can be closed. 

Feel free to come back any time you need help, to learn something new, or just to ask questions.  We are here 24/7 for your convenience.  Thank you.

creamzero

  • Guest
Re: [RESOLVE]Winece.exe New found Virus in Philippines..
« Reply #12 on: August 30, 2010, 03:18:52 PM »
yez sir! :]

irex

  • Guest
Re: [RESOLVE]Winece.exe New found Virus in Philippines..
« Reply #13 on: September 18, 2010, 04:09:36 PM »
san mu nalocate ung winece.exe? tsaka panu burahin?
patulong naman po. :'(

creamzero

  • Guest
Re: [RESOLVE]Winece.exe New found Virus in Philippines..
« Reply #14 on: September 19, 2010, 02:53:22 PM »
@Irex : pare/mare, wag ka na umiyak dyan.. naka avast ka ba? magupdate ka na po... nilagay ko na sa una kong post kung san nakalocate, pero para sayo sge uulitin ko..

c:\windows\winece.exe

para makita mo sya,

folder options,show hidden files, tapos uncheck mo ung do not show file extensions for known files tska hide protected vied para makita mo yung virus...

ang attribute kasi ng virus read only, hidden tska system file.. ok?

kung tumatakbo sya sa process, kill mo na.. para mabura mo.. hindi mo kasi sya mabubura kung tumatakbo sya sa process.. kung hindi mo alam, task manager, ctrl + alt + del or ctrl +shift + esc.. punta ka sa tab na process, tapos hanapin mo n sya.. kung wala, punta ka na sa windows folder.. wokie?