Winfile
Results 1 to 9 of 9

Thread: Winfile

  1. #1
    Member
    Join Date
    Sep 2004
    Posts
    52

    Winfile

    Hi guys,

    I need some help in removing a virus named "WINFILE". This is in a form of a file which keeps on reappearing in my local disk drives. I tried deleting it both normally and "shift + delete", but it keeps on appearing again and again.

    Strangely, I also noticed files(with icons like globe and windows logo) named wuauclt, wuauclt1, wuaucpl, wuaueng1.dll, wuaueng.dll, wuauserv.dll, wucltui.dll and wupdmgr in the system32 folder of c:/windows. I suspect them as the culprits and even tried to delete them but they too reappeared like the WINFILE case.

    I'm not a comp. geek and am not aware of what thing i'm becoming victim of.

    The properties of the WINFILE are as:

    Name: WINFILE
    Type of file: Application
    Size: 52.5KB
    Size on disk: 56.0KB

    Created: Wednesday, January 18, 2006, 7:15:19 PM
    Modified: Sunday, November 24, 2013, 1:24:54 PM
    Accessed: Today, April 06, 2006, 8:40:00 PM

    File version: 1.0.0.0

    Other version information:
    Company: gy
    File Version: 1.00
    Internal Name: wukill
    Language: Chinese (PRC)
    Original file name: wukill.exe
    Product Name: Xgtray
    Product Version: 1.00

    The configuration of my pc is as follows:

    Operating System: Windows XP Professional (5.1, Build 2600) Service Pack 2 (2600.xpsp_sp2_rtm.040803-2158)
    Language: English (Regional Setting: English)
    System Manufacturer: MICRO-STAR INTERNATIONAL CO., LTD
    System Model: MS-7142
    BIOS: Phoenix - AwardBIOS v6.00PG
    Processor: AMD Sempron(tm) Processor 2500+, MMX, 3DNow, ~1.4GHz
    Memory: 192MB RAM
    Page File: 80MB used, 384MB available
    Windows Dir: C:\WINDOWS
    DirectX Version: DirectX 9.0c (4.09.0000.0904)

    Please tell me what to do.

    Thanks.

  2. #2
    Banned
    Join Date
    Apr 2006
    Posts
    5
    Boot into safemode by pressing F8 while windows is booting.
    Make sure your AV is updated and run a full system scan.
    Once its removed WINFILE, reboot do not boot into safemode this time.
    Run another full systemscan with your AV to make sure its removed all traces of WINFILE.

  3. #3
    Did someone said Pizza :) FanacooL's Avatar
    Join Date
    Oct 2004
    Location
    Karachi , Pakistan
    Posts
    466
    There is a possibility that there are spy-ware and other things running in the background so
    try scanning your system for any spyware and other malicious programs. You can use (Ad-ware) for this purpose..... Before scaning better update it first....
    One machine can do the work of fifty ordinary men. No machine can do the work of one extraordinary man!

  4. #4
    Member
    Join Date
    Apr 2005
    Posts
    97
    Maybe off-topic but I just want to share this one bit:

    I've encountered a similar situation with a virus file with an associated file desktop.ini. It replicates itself into all of the folders of the harddisk and is not easy to control. Running Norton Anti-Virus puts you into a loop (reminds of me the DOS version of Dark Avenger virus). When the virus is scanned, it automatically latches on into the system memory such that when NAV cleans the file (apparently by deleting it), it immediately rewrites itself into the disk folder then NAV detects it and cleans it then it rewrites itself again... so on the NAV continues to work ad infinitum.

    The desktop.ini file attribute is hidden. I manually removed the files in all of the folders by first removing the hidden attribute (in DOS mode, it's ATTRIB -H DESKTOP.INI /S [lower or upper case doesn't matter]) the proceeded to delete (DEL DESKTOP.INI /S) while still in that mode. After that, I rebooted the system by pressing the RESET button (not by going back to Windows and ordering a system restart). Went into safe mode, repeated the DOS mode procedure then ran the anti-virus just to make none of the virus signature was further found.

    When I restarted the system in normal mode and ran anti-virus again, no further infection was further found. Note that even when I did set the Windows Explorer folder options into "show hidden files and folders" prior to the DOS mode activities, I couldn't see that hidden desktop.ini file in the folders (subdirectories) which made me wonder how insidious that one was.

    The infected system is not mine (the unit is an officially-issued laptop used by a friend) and I'm not really sure how often that unit gets upgraded virus definitions.

    At ay rate, I just want to share what I did with that one... and I hope I can get the experts around to tell me if I did right (or if wrong... at which point).

    Cheers!
    Si vis pacem, para bellum!

  5. #5
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    Try:

    EWIDO
    A-Squared

    Install them, update them, boot into SAFE MODE and run them. Do the same with your antivirus.

    REMEMBER TO TURN OFF YOUR SYSTEM RESTORE POINTS FIRST
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  6. #6
    Member
    Join Date
    Nov 2004
    Posts
    71
    You can find some more information on this file here. Looking at what they say about it, you might want to check your backups to make sure they haven't been infected.
    If everything looks perfect, then there is something you don\'t know

  7. #7
    The ******* Shadow dalek's Avatar
    Join Date
    Sep 2005
    Posts
    1,564
    Hi

    First, disable system restore...How to System Restore then download.... Killbox and follow the instructions, after you reboot into normal, enable your System restore and set a manual restore point...

    Some info:: wuauclt - wuauclt.exe - Process Information

    Process File: wuauclt or wuauclt.exe
    Process Name: AutoUpdate for WindowsME

    Description:
    Wuauclt.exe is a process managing automatic updates for Windows. This process continuously checks for the latest updates by going online. This process should not be removed if you want to get informed about new updates.

    Processes Library

    wuauclt1.exe
    File Name: wuauclt1.exe
    Description:
    wuauclt1.exe is the Windows Update AutoUpdate Client which runs in background to checks with Microsoft website for updates to the operating system. This file is located at "%WinDir%\System32" directory. If you find this file in directory other than System32, you should beware that it is virus or spyware.

    Most of these are related to your Windows Update process (auto), try Googling them to see what they tell you, or go to More Info
    PC Registered user # 2,336,789,457...

    "When the water reaches the upper level, follow the rats."
    Claude Swanson

  8. #8
    Member
    Join Date
    Sep 2004
    Posts
    52
    Tthanks guys killbox worked well.
    TYhank You Very Much.

  9. #9
    Senior Member Spekter1080's Avatar
    Join Date
    Oct 2005
    Location
    Iowa
    Posts
    101
    rofl, the mighty dalek reveals the truth once again....listen to him, he definitely knows his stuff...
    good job dalek!

    However, I do praise you, princesheril, for giving so much information. Keep that up, as it is very helpful in tech support situations such as this. And don't be discouraged by this encounter either, as everyone will probably have an experience like this at some point or another. Just keep seeking the knowledge, you will become better with time.

    (this is in reguard to the windows update files, I do agree with the antivirus options though)
    there's always a way in...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides