VBS.Davinia is an email worm that mails everyone in the Outlook address book an HTML message. This worm currently will not operate properly due to the removal of a webpage the worm attempts to access. The message has no subject line and appears blank, but contains HTML code which launches Internet Explorer to download and open a Word 2000 document. The Word 2000 document contains a macro which performs the mass mailing using Outlook and also creates a VBS (Visual Basic Script) file on the system. The VBS file is executed after restarting the computer. The VBS file finds all files on the local and mapped drives and overwrites and renames these files potentially corrupting the system.
The infectious Word 2000 document no longer exists on the web server and thus, the worm will no longer operate properly. The worm will also not work properly if one has patched a security bug in Microsoft Office 2000 products. More information regarding this security hole can be found at
http://www.microsoft.com/technet/security/bulletin/ms00-034.asp
The Word 2000 document is detected as W2KM.Davinia.A
The VBS file is detected as VBS.Davinia
The overwritten files are detected as HTML.Davinia.dam
The email HTML is detected as HTML.Davinia
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.
