Have You Installed The uWarrior Trojan Horse By Mistake? Here’s How To Find Out

Mark O'Neill 02-10-2015

Another day, another Microsoft Office vulnerability so big that cyber-criminals can drive a truck through it. This one is called uWarrior (the u standing for Utility), and it is a Trojan horse virus which connects your computer to a botnet of other infected computers. How does it try to get through your front door? By hiding itself in an infected Microsoft Office document.


The details of the malware are long and technical, but the short version is that Palo Alto Networks is calling the code “new and complex” and “weaponized”. That doesn’t sound good.


Despite Microsoft having issued a patch for this hole back in April, many people have not updated their version of Office, especially the Enterprise versions. So this means that the cyber-baddies are milking this weakness in peoples Microsoft Office suites for as long as it lasts. Kaspersky is reporting that uWarrior is emanating from an “unknown actor of Italian origin”. So Monica Bellucci is spamming people now? The virus seemingly has Italian language strings in it, strengthening suspicions that the virus is coming from that country.

So How Does This Trojan Present Itself?


As explained above, uWarrior is a “weaponized RTF document”. It is sent to you by email, and the hackers obviously hope that some people will blindly click on the file without thinking about it first. If you have done that sort of thing before, there’s no need to be embarrassed. I did it myself once. In my defense, I had just woken up and had one foot in CuckooLand. Thankfully, I was able to fix the problem quickly.


So you get the email and proceed to open it, and that is when uWarrior is installed. Once it gets into your system, it attaches itself to Windows Update Windows Update: Everything You Need to Know Is Windows Update enabled on your PC? Windows Update protects you from security vulnerabilities by keeping Windows, Internet Explorer, and Microsoft Office up-to-date with the latest security patches and bug fixes. Read More and a file called SVC Host. Then it jumps onto your bootloader files. It takes over your computer to make it part of a much bigger botnet. If you want an analogy, think of all the Borg in Star Trek, plugged into the same “collective”. I can’t help but come up with a Star Trek analogy. I’m a total geek, what can I say?

It’s at this point that you have a problem.

So What Do I Do About It Then?


The first thing to say is this. Prevention is better than the cure. This means you should never, ever open an email file from someone you don’t know. It doesn’t matter if it claims to be your bank, your credit card company, your brokerage account, your PayPal account, your Ashley Madison account 3 Reasons Why The Ashley Madison Hack Is A Serious Affair The Internet seems ecstatic about the Ashley Madison hack, with millions of adulterers' and potential adulterers' details hacked and released online, with articles outing individuals found in the data dump. Hilarious, right? Not so fast. Read More , whoever. If you don’t know them, do not open any attached files. Any legitimate financial institution or “dating” service will not send you files like that.


Plus, keep an eye out for the following file names :

  • Anti-Money Laundering & Suspicious cases.doc
  • UPOS_update.doc
  • Amendment.doc
  • Information 2.doc

Start Scanning Your System

If you see any of those, delete the emails immediately, and run a virus and malware check to be absolutely safe. If you don’t have any anti-virus and malware software installed on your computer, change this situation immediately. If you need an anti-virus recommendation, I highly suggest AVG’s free virus scanner. It has never let me down once.


But if for some reason you don’t want to install AVG, there are of course many other options out there to choose from. We checked out 10 possibles here The 10 Best Free Antivirus Software No matter what computer you're using, you need antivirus protection. Here are the best free antivirus tools you can use. Read More , but Matt explains why you should not settle for Microsoft Security Essentials Why You Should Replace Microsoft Security Essentials With A Proper Antivirus Read More . Joel has also recommended some one-time scan anti-virus tools Why You Should Replace Microsoft Security Essentials With A Proper Antivirus Read More  (because he’s a nice guy like that).


If you find malware on your computer, then don’t fret. We have you covered there too. Brian has given you the complete malware removal guide The Complete Malware Removal Guide Malware is everywhere these days, and eradicating malware from your system is a lengthy process, requiring guidance. If you think your computer is infected, this is the guide you need. Read More . If that doesn’t work, then Aaron has ten more tricks up his sleeve 10 Steps To Take When You Discover Malware On Your Computer We would like to think that the Internet is a safe place to spend our time (cough), but we all know there are risks around every corner. Email, social media, malicious websites that have worked... Read More for you to try. And Tina has profiled three malware removal tools for you to use 3 Free Real-Time Malware Protection & Removal Tools If you realize that your browsing and download habits put you at a high risk of catching malware, you should make an effort to be protected from these threats in real-time. An anti-virus tool is... Read More .

It’s Too Late! The Monster Is Loose!


But if it’s too late, if you have already clicked on the file and released the Kraken, then you need to act fast. While a total disinfection using a competent anti-virus suite should clean things up, some prefer the nuclear option.

Malware Disinfection: Nuclear Option

Disconnect your computer from the Internet to begin with. Then you have two choices: take it to a shop to get it fixed, or do it yourself. In my opinion, the safest method would be to totally wipe the hard drive How to Completely Wipe a Hard Drive There are two ways to wire a hard drive. Here's what you need to know to get it done quick and easy. Read More and reinstall the operating system. If you don’t, you will always have that nagging doubt in the back of your mind – “did I catch it all? Is it really gone?”


This is also a good advertisement for the importance of keeping regular backups of your computer files The Windows Backup and Restore Guide Disasters happen. Unless you're willing to lose your data, you need a good Windows backup routine. We'll show you how to prepare backups and restore them. Read More . If something like this does suddenly happen, and you need to quickly wipe your drive, you need to have copies of your files onhand someplace else. Backing up daily to a removable hard drive is the recommended solution to this one.

Have you come across this virus? If so, tell us in the comments below. How did it affect your computer?

Image Credits: Programmer On a Computer – Shutterstock, Hacker Attack – Shutterstock, Scary Monster – Shutterstock

Related topics: Anti-Malware, Microsoft Word, Trojan Horse.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Anonymous
    October 4, 2015 at 11:16 pm

    I wonder why can't we use "System Restore" assuming we have had a "Restore Point".
    And Run an Anti-virus of our choice to seek and destroy malware files, if present after restore.

    Or we can take a back up of the important files we need in a DVD, format other partitions, then we can do a system restore.

    Just my opinion.

  2. Anonymous
    October 3, 2015 at 10:28 pm

    "...this weakness in peoples Microsoft Office ..." **people's** - possessive plural.

    PS: I've stopped recommending AVG Antivirus, since, on October 15th, they will be changing their Privacy Policy so they can sell web browsing habits of their customers for money. Switching to Avira or Avast's free version (probably Avira, as it has slightly better ratings).

  3. Anonymous
    October 3, 2015 at 1:49 pm

    "the safest method would be to totally wipe the hard drive and reinstall the operating system"
    I hope that you are using the expression "the operating system" to mean the O/S AND all the applications.

    Restoring files from a backup assumes that you know exactly when the infection occurred and that you have not been unknowingly backing up infected files.

    • Mark O'Neill
      October 4, 2015 at 11:34 am

      Yes I was. I meant everything. The Nuclear Option. Wipe the whole thing so clean that no NSA employee will be able to recover anything. ;-)