First, use the following tools to get it working, then look at the next manual disinfection method: http: //www.spant.net/ following is taken from a distant community: Author:
Blue4u
Date of submission: 2004-06-19 18:06
Recently, many friends have this virus, hereby introduce their solutions.
[Winfile.exe]
[Virus Name]: I-Worm.wukill
[Destructive Method]: This virus uses a folder icon, which has great confusing. After the virus is running, you will copy yourself in a large number of directories.
First, the virus will show "This File Has Been Damage!";
Second, copy yourself to the Windows directory and renamed mstray.exe;
Third, modify the registry: hkey_local_machine / Software / Microsoft / Windows / CurrentVersion / Run
To achieve its own starting purpose;
Fourth, enumerate the disk directory, release the following files in each root:
Winfile.exe virus main program
Comment.htt uses IE vulnerabilities to call "Winfile.exe" in the same directory, with properties to hide.
The Desktop.ini system is hidden. When browsing the folder with a web mode, the system calls the file.
Use Comment.htt to activate the virus.
5. Virus modify the registry, hide system files, hide files protected by system, hide known extensions.
In this way, the user can't see Comment.htt and Desktop.ini, Winfile.exe is hidden, and it is a file.
The clip icon, the user is extremely easy to think that it is a folder.
At the same time, the virus generated under the current path, the name adopts the top-level directory, or the title of the current window,
Increase hiddenness.
6. The virus calls Outlook to send a letter carrying a virus.
If you want to handle: (without anti-virus software):
1. First: Find mstray.exe (note this is a system and hidden file, so everyone should know how to find it, under the system folder), remove it.
2, modify the registry, remove the corresponding startup item. Next: Use the Windows search function, search all: winfile.exe, comment.htt, desktop.ini (Note -> Remove system protection, remove hidden) Delete ! Pay attention to it clearly not to delete the wrong! (Some deSktop.ini is the original file of Windows)
3, Final: Find the [* .exe] file in the hard disk, (Note) You will find a lot of folder icon in the form of the .exe file, delete all of these files. Everything is OK! If your system is 2000 / XP Search all Winfile.exe and completely delete these files. Search for Mstray.exe, you will completely delete the programs found. If your system is 98 / me, don't remove it, because there is such a 98 / me Utility file.
At this time, it is not these characteristics:
This virus adopts a folder icon, which has great confusing. After the virus is running, you will copy yourself in a large number of directories.
First, the virus will show "This File Has Been Damage!";
Second, copy yourself to the Windows directory and renamed mstray.exe;
Third, modify the registry:
HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows / CurrentVersion / RUN
To achieve its own purpose;
Fourth, enumerate the disk directory, release the following files in each root:
Winfile.exe virus main program
Comnt.htt uses the IE vulnerability to call "Winfile.exe" in the same directory, the property is hidden. The Desktop.ini system is hidden. When browsing the folder with a web mode, the system calls this file, which calls coment.htt,
Thereby activating the virus.
5. Virus modify the registry, hide system files, hide files protected by system, hide known extensions.
In this way, the user can't see Comnt.htt and Desktop.ini, WinFile.exe is hidden by the compact name, and the folder icon,
The user is very easy to think that it is a folder.
At the same time, the virus is generated under the current path, the name is adopted on the previous directory, or the title of the current window, increasing concealment.
6. The virus calls Outlook to send a letter carrying a virus.
If so, just remove the files mentioned above, you can change the registry.
good luck!
