1. /
  2. Security Response/
  3. VBS.Davinia

VBS.Davinia

Risk Level 1: Very Low

Discovered:
January 13, 2001
Updated:
February 13, 2007 11:48:13 AM
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP


VBS.Davinia is an email worm that mails everyone in the Outlook address book an HTML message. This worm currently will not operate properly due to the removal of a webpage the worm attempts to access. The message has no subject line and appears blank, but contains HTML code which launches Internet Explorer to download and open a Word 2000 document. The Word 2000 document contains a macro which performs the mass mailing using Outlook and also creates a VBS (Visual Basic Script) file on the system. The VBS file is executed after restarting the computer. The VBS file finds all files on the local and mapped drives and overwrites and renames these files potentially corrupting the system.

The infectious Word 2000 document no longer exists on the web server and thus, the worm will no longer operate properly. The worm will also not work properly if one has patched a security bug in Microsoft Office 2000 products. More information regarding this security hole can be found at http://www.microsoft.com/technet/security/bulletin/ms00-034.asp

The Word 2000 document is detected as W2KM.Davinia.A
The VBS file is detected as VBS.Davinia
The overwritten files are detected as HTML.Davinia.dam
The email HTML is detected as HTML.Davinia

Antivirus Protection Dates

  • Initial Rapid Release version January 16, 2001
  • Latest Rapid Release version September 28, 2010 revision 054
  • Initial Daily Certified version January 16, 2001
  • Latest Daily Certified version September 28, 2010 revision 036
  • Initial Weekly Certified release date pending
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Easy

Damage

  • Damage Level: Low

Distribution

  • Distribution Level: Low
Writeup By: JP Duan

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver