Microsoft Word.WsF is a malware that belongs to the Houdini-Dinihou infection family. This new variant is starting to appear and differs slightly because it uses a different extension: .wsf (Windows Script File).
Microsoft Word.WsF malware Description
This programming language allows mixing JScript and VBScript scripting languages in a single file, or other scripting languages. These types of scripts can also be used to link many other external scripts together using a tag system in a similar way to HTML. This provides ample room for evolution for this infection.
Just like the previous variant, the malicious script is encoded multiple times and creates booby-trapped shortcuts similar to the USB shortcut virus.
UsbFix detects and removes this variant. Currently, only this variant and Microsoft Excel.wsf (which can be removed by following this link: Microsoft Excel.wsf) are known, but UsbFix is configured to detect variants in all their possible forms.
UsbFix detection for Microsoft Word .WsF
Deleted! C:\Users\%Username%\AppData\Roaming\Microsoft Office\Microsoft Word.WsF
Deleted! J:\Microsoft Word.WsF
Deleted! HKU\S-1-5-21-1222349982-3771650499-2065109334-1000\Software\Microsoft\Windows\CurrentVersion\Run|Microsoft Word
Deleted! J:\CO.lnk
Deleted! J:\.lnk
Deleted! J:\RECYCLER.lnk
Deleted! J:\TO CHECK.lnk
Deleted! J:\USB Show.lnk
Deleted! J:\DropboxInstaller.lnk
Deleted! J:\Eliminar-Virus-y-Accesos-Directos.lnk
Deleted! J:\REVISTA 174.lnk
Deleted! J:\Mensajes 1 de abril.lnk
Deleted! J:\Logo para la Fiesta de la Francofonía.lnk
Deleted! J:\Files.lnk
Deleted! J:\Abril 2.lnk
Deleted! J:\Autorun.inf.lnk
Deleted! J:\Abril 3.lnk
Deleted! J:\Abril 4.lnk
Deleted! J:\Abril 5.lnk
Deleted! J:\.Trashes.lnk
Deleted! J:\.Spotlight-V100.lnk
Deleted! J:\.fseventsd.lnk
Deleted! J:\Regiones de Colombia.lnk
Deleted! J:\Abril 7.lnk
Remove Microsoft Word.WsF with UsbFix
UsbFix detects the variants of these infections: Here’s how to proceed to remove Microsoft Word .WsF and clean your Windows PC as well as your USB drives. This is the simplest and most effective way because UsbFix removes malware from both the PC and USB drives. It will also restore data that was hidden by the malware.
- Start by downloading UsbFix
- Launch the application and choose Full Scan
- UsbFix will scan your PC and suggest removing any malicious items
- Click on Quarantine
How To Remove Microsoft Word.WsF manualy with CMD
You can manually remove this malware from your USB drives. To do so, you need to use CMD command lines. This method is more suitable for advanced users, while also bearing in mind that it does not remove the malware from the computer.
- Connect your external hard drive to your PC, right-click on Start Menu, and select Search.
- Type Command Prompt in the search box and click Command Prompt to bring it up. Sign in with your administrator account and password if the system asks.
- Type %TEMP%\*.Wsf and hit Enter.
- Type REG DELETE “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run” /v “Microsoft Word” and hit Enter.
- Type the letter for your drive, type a colon, and press Enter. For example, if your USB drive or HDD drive’s letter is G, type G: and hit Enter.
- Type del *.lnk and hit Enter.
- Type del Microsoft Word.WsF and hit Enter.
- Type attrib -s – r -h *.* /s /d /l and hit Enter.
