VBS.Davinia.B is an email worm that mails a message written in HTML to everyone in your Microsoft Outlook address book.
The message has no subject line and appears blank, but it contains HTML code that starts Internet Explorer and attempts to download and open a Microsoft Word 2000 document.
NOTE: The Word 2000 document has been removed from the Web server, so it cannot be downloaded, and the worm no longer operates properly.
The Word 2000 document contains a macro that does the following:
- Performs the mass mailing using Outlook.
- Creates a Visual Basic Script (VBS) file on the computer.
- The VBS file is executed after the computer is restarted; it then overwrites and renames all files on the local and mapped drives.
Because the infectious Word 2000 document no longer exists on the Web server, the worm will no longer do this. Also, the worm will not run if you have patched a security hole in Microsoft Office 2000 products. More information regarding this security hole can be found at:
http://www.microsoft.com/technet/security/bulletin/ms00-034.asp
The Word 2000 document is detected as W2KM.Davinia.B.
The VBS file is detected as VBS.Davinia.B.
The overwritten files are detected as HTML.Davinia.B.dam.
The email HTML message is detected as HTML.Davinia.B.
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.
