We know the infection Houdini – Dinihou everyone call “USB shortcut Virus.”
A new variant begins to appear, it is slightly different because it uses a different extension:
.wsf (Windows Script File).

This programming language allows mixing JScript and VBScript scripting languages into a single file, or other scripting languages.
These types of scripts can also be used to connect many other external scripts together with a tag system as HTML.
This leaves a good margin of evolution to this infection ..

Like the previous version, the malicious script is encoded multiple times :

Microsoft Excel.WsF

UsbFix detect and remove this variant, for now only the one below is known but UsbFix is set to detect this variant in all form as possible.

UsbFix Detection: Microsoft Excel.WsF

Deleted! C:\Users\%Username%\AppData\Roaming\Microsoft Office\Microsoft Excel.WsF
Deleted! J:\Microsoft Excel.WsF
Deleted! HKU\S-1-5-21-1222349982-3771650499-2065109334-1000\Software\Microsoft\Windows\CurrentVersion\Run|Microsoft Excel
Deleted! J:\CO.lnk
Deleted! J:\.lnk
Deleted! J:\RECYCLER.lnk
Deleted! J:\TO CHECK.lnk
Deleted! J:\USB Show.lnk
Deleted! J:\DropboxInstaller.lnk
Deleted! J:\Eliminar-Virus-y-Accesos-Directos.lnk
Deleted! J:\REVISTA 174.lnk
Deleted! J:\Mensajes 1 de abril.lnk
Deleted! J:\Logo para la Fiesta de la Francofonía.lnk
Deleted! J:\Files.lnk
Deleted! J:\Abril 2.lnk
Deleted! J:\Autorun.inf.lnk
Deleted! J:\Abril 3.lnk
Deleted! J:\Abril 4.lnk
Deleted! J:\Abril 5.lnk
Deleted! J:\.Trashes.lnk
Deleted! J:\.Spotlight-V100.lnk
Deleted! J:\.fseventsd.lnk
Deleted! J:\Regiones de Colombia.lnk
Deleted! J:\Abril 7.lnk