1. /
  2. Security Response/
  3. VBS.Davinia.B

VBS.Davinia.B - Removal

Risk Level 1: Very Low

Discovered:
February 7, 2001
Updated:
February 13, 2007 11:53:30 AM
Type:
Worm, Macro

To recover from this infection you need to:
  • Edit the registry \Run key to remove the values that refer to littledavinia.
  • Scan for viruses and delete infected files.
  • Replace overwritten files.

See the following sections for detailed instructions.

To edit the registry:

CAUTION: We strongly recommend that you back up the system registry before making any changes. Incorrect changes to the registry could result in permanent data loss or corrupted files. Please make sure you modify only the keys specified. Please see the document How to back up the Windows registry before proceeding.
  1. Click Start, and click Run. The Run dialog box appears.
  2. Type regedit and then click OK. The Registry Editor opens.
  3. Navigate to the following subkey:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
  4. In the right pane, look for the following values:

    Davinia         \Windows\System\Littledavinia.vbs
    Davi            littledavinia.html
  5. Select one, press Delete, and then click Yes to confirm. Repeat for the other one.
  6. Click Registry, and click Exit to save the changes and close the Registry Editor.

To scan for viruses and delete infected files:
  1. Start Norton AntiVirus (NAV), and make sure that it is set to scan all files.
  2. Run a full system scan.
  3. Delete any files that are detected as infected with Davinia.B.

To replace overwritten files:
Files that have been overwritten must be restored from backup, or in the case of program files, reinstalled. If Norton Utilities is installed and the Norton Protected Recycle Bin is enabled, you may be able to recover files using the restore function.


Writeup By: Douglas Knowles

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver