Woniore Worm - Description and Removal - How to, Technology and PC Security Forum | SensorsTechForum.com

Woniore Worm – Description and Removal

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

shutterstock-malwareA new worm has been reported by security experts to spread across portable drives. It is named Woniore, and the worm uses conventional tactics to infect user PCs. The damage which the worm can do to users can often vary from changing settings on the user’s PC to downloading other malware on it. Users who experience the symptoms mentioned in this article should immediately use the instructions published below to permanently be rid of this worm and prevent it from compromising other systems as well.

Short DescriptionInfects the user PC after which downloads malicious files onto the affected device.
SymptomsThe user may witness other malware or adware infecting his computer, slowings, freezes and even system crashes.
Distribution MethodVia malicious URLs or infected USB drives connected to affected computers.
Detection ToolDownload Malware Removal Tool, to See If Your System Has Been Affected by Woniore
User Experience Join our forum to discuss Woniore.

Woniore Worm – How Does It Spread

There are two may possibilities by which you could have gotten Woniore worm to spread onto your PC.

Possibility #1 – You have been infected by a USB drive which has been in contact with another infected computer.

This is the main method which worms like Woniore, Koobface(https://sensorstechforum.com/remove-koobface-facebook-worm-from-your-pc/), The Moon Worm(https://sensorstechforum.com/themoon-worm-uses-dating-sites-creates-a-botnet-of-home-routers/) and others use to spread across the web. What happens is that when a computer has been infected with the worm, whenever it detects a removable drive like USB or memory card is that it creates the following file in the %root% folder:

  • autorun.inf

This file is then used to turn the removable drive into an infection source and hence make other unsuspecting computers in yours or other networks victims. This is a very effective self-replicating method which saves the devious hacker a lot of time.

Possibility #2 – Via malicious URLs or files uploaded online.

If you use email or social media, there is a good chance that you may be familiar with such method of infection. Malicious web links featured in spam messages, such as the following example:


The web links may cause redirects and affect users via Exploit kits and directly download the malicious payload onto the computer via an obfuscated process. What is worse, is that if you try to detect the web links via VirusTotal it may not always turn results because the links may cause doube and even triple redirects for obfuscation of URL scanners.

Related article: Obfuscation in Malware – The Key To Successful Infections

This specific worm has a low probability of spreading, but it has also been detected on different spots so one can never be sure whether or not it may spread globally.

Woniore Worm In Detail

This specific worm does not differ from the typical worm infection. Once its payload loader has been executer, Symantec malware researchers report that it creates the following files on the compromised PC:

In %Temp%:

  • {the worm’s original file}.hwp

In %System32%

  • wupd10mgr.dll (after which it runs the .dll)/span>

The next action for this worm is to connect to a remote location which is most likely the command and control server of the hackers. It uses onion networking, and this is how the remote hosts URLs look like:

  • http://{random alpha-numerical id}.onion.city/main{random alpha-numerical id}

After connecting to the remote location, Woniore worm may perform several unhealthy activities on the user PC. One of those activities is that it might download malicious files on your computer, that may infect it with:

  • Trojans
  • Ransomware
  • Adware
  • Rootkit

Besides this, the worm may also cause PC slowings, freezes, and even BSOD in some cases. Not only this, but it may also collect different system information which might give the ability for attackers to conduct a DoS attack on or from the compromised computer.

Remove Woniore Worm Fully

To be rid of this cyber-threat, you should take special measures. First, it is important to disconnect every removable drive and copy your data from it after which clean the drive by formatting it several times. This will prevent the worm from spreading further using this method. We recommend using a Linux OS or a virtual OS to clean the drive since it may affect the system you are trying to format it from.

After cleaning the drives, it is important to clean your computer without damaging any information in it. If this worm has infected it, chances are you may have been infected with other malware as well. This is why we strongly advise following the step-by-step instructions below to assist you in getting rid of this and other malware effectively.

1. Boot Your PC In Safe Mode to isolate and remove Woniore
2. Remove Woniore with SpyHunter Anti-Malware Tool
3. Uninstall your web browser to get it rid of Woniore from it.
Optional: Using Alternative Anti-Malware Tools
NOTE! Substantial notification about the Woniore threat: Manual removal of Woniore requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share