1. Symantec/
  2. Security Response/
  3. VBS.Davinia


Risk Level 1: Very Low

January 13, 2001
February 13, 2007 11:48:13 AM
Systems Affected:

VBS.Davinia is an email worm that mails everyone in the Outlook address book an HTML message. This worm currently will not operate properly due to the removal of a webpage the worm attempts to access. The message has no subject line and appears blank, but contains HTML code which launches Internet Explorer to download and open a Word 2000 document. The Word 2000 document contains a macro which performs the mass mailing using Outlook and also creates a VBS (Visual Basic Script) file on the system. The VBS file is executed after restarting the computer. The VBS file finds all files on the local and mapped drives and overwrites and renames these files potentially corrupting the system.

The infectious Word 2000 document no longer exists on the web server and thus, the worm will no longer operate properly. The worm will also not work properly if one has patched a security bug in Microsoft Office 2000 products. More information regarding this security hole can be found at http://www.microsoft.com/technet/security/bulletin/ms00-034.asp

The Word 2000 document is detected as W2KM.Davinia.A
The VBS file is detected as VBS.Davinia
The overwritten files are detected as HTML.Davinia.dam
The email HTML is detected as HTML.Davinia

Antivirus Protection Dates

  • Initial Rapid Release version January 16, 2001
  • Latest Rapid Release version March 23, 2017 revision 037
  • Initial Daily Certified version January 16, 2001
  • Latest Daily Certified version March 23, 2017 revision 041
  • Initial Weekly Certified release date pending
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: JP Duan

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube