1. Symantec/
  2. Security Response/
  3. W32.HLLW.Bymer


Risk Level 2: Low

October 9, 2000
February 13, 2007 11:50:29 AM
Also Known As:
Dnet.Dropper, W32/MsInit.worm.a [McAfee], Worm.Bymer.a [Kaspersky], TROJ_MSINIT.A [Trend], WORM_BYMER.A [Trend], W32/Bymer-A [Sophos], Win32.Bymer.A [Computer Associ
Systems Affected:

Due to a decreased rate of submissions, Symantec Security Response has downgraded the threat level of this worm from Category 3 to Category 2.

W32.HLLW.Bymer is a worm written in a high-level language. The worm spreads over shared network drives. It searches for shared folders on the network and then copies itself to the \Windows\System folder.

The payload copies the Dnetc client and modifies the Win.ini file. The Dnetc client is not viral and is not detected by Norton AntiVirus.

The worm was previously detected as Dnet.Dropper.

Symantec has created an interactive tutorial to help you remove this worm.

Configure Windows for maximum protection
Because this virus spreads by using shared folders on networked computers, to ensure that the virus does not reinfect the computer after it has been removed, Symantec suggests sharing with read-only access or using password protection. For instructions on how to do this, see your Windows documentation or the document How to configure shared Windows folders for maximum network protection.

Antivirus Protection Dates

  • Initial Rapid Release version October 10, 2000
  • Latest Rapid Release version August 8, 2016 revision 023
  • Initial Daily Certified version October 10, 2000
  • Latest Daily Certified version August 9, 2016 revision 001
  • Initial Weekly Certified release date October 10, 2000
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Neal Hindocha

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube