WM.Thus virus strikes on December 13 again

DQW Bureau
New Update

December 13 could have been a regular day for a lot of us. But there were many for which it was a nightmare as they booted their systems and opened their Word files. While the file was being viewed, all other files in the system were getting deleted and when it was through, the machine simply hung up. The horror actually unfolded when the system was rebooted as those affected found that their systems were wiped clean of all the doc files and according to some data recovery vendors, even the system files were wiped clean. 


WM.Thus is a macro virus, which affects the system on December 13 much like the WINCIS virus, which erupts on April 26. The virus could have been in the system for long but its D-day is on December 13. And those affected who may not have booted the system on December 13 may have had a lucky escape this time round. But the danger is still lurking, as the virus remains undetected since it affects at the macro level.

Judging from market feedback, the virus has affected the SMEs and the corporate in a major way. Data recovery vendors have had requests pouring in since last week and they are still coming. For instance, both Delhi-based Stellar Systems and Unistal has had about 80 customers each with the total number of desktops standing in the range of 700-800. Pune-based Quick Heal has had requests from international clients. Even start-up companies like Delhi-based HDRC has had business pouring in during this crisis.

Retrieving the data takes anywhere between half an hour to two-and-a half-hours at an approximate cost of Rs 3,000 per hard disk.


The pertinent question is why does the virus strike when there are so many anti-virus solutions around? The reasons could be that people do not upgrade their anti-virus solutions in time or that may not even have installed one. After all, one does not realize its value until affected.

However, a more worrying reason is that the spread and the recurrence of the virus could have sinister implications. In order to generate business there are speculations that the spread of the virus could be deliberate. This is not specific to WM.Thus. It happens in all kinds of virus attacks. Hence after the I love virus, there were variants of the virus, which were I love you 1, and I love you A virus. While the original virus affected MP3 and JPG files, the later variants affect word files. This could also be a reason why we have also received inconsistent feedback about the nature of the virus. While most data recovery vendors are definite that systems file are not affected, some like Unistal said that the cases they have received have also had the system files been wiped off.

Riyaz Sayeed, Head (Customer Care), Quick Heal, offered another explanation. "If the affected user is persistent and repeatedly reboots the systems, it may result in the deletion of system files also." However, Alok Gupta, CEO, Unistal, is firm in his stand vindicating it on the grounds that last year during their first encounter with their virus while they were retrieving the files from an affected system, all the files including the system files in their own machine got wiped out.

So what are the chances of the virus recurring next year? Just as there is a cure for malaria yet it keeps recurring, so will be the case with the virus. And the data recovery guys aren't complaining!