1. Symantec/
  2. Security Response/
  3. VBS.Davinia.B


Risk Level 1: Very Low

February 7, 2001
February 13, 2007 11:53:30 AM
Worm, Macro

VBS.Davinia.B is an email worm that mails a message written in HTML to everyone in your Microsoft Outlook address book.

The message has no subject line and appears blank, but it contains HTML code that starts Internet Explorer and attempts to download and open a Microsoft Word 2000 document.

NOTE: The Word 2000 document has been removed from the Web server, so it cannot be downloaded, and the worm no longer operates properly.

The Word 2000 document contains a macro that does the following:
  1. Performs the mass mailing using Outlook.
  2. Creates a Visual Basic Script (VBS) file on the computer.
  3. The VBS file is executed after the computer is restarted; it then overwrites and renames all files on the local and mapped drives.

Because the infectious Word 2000 document no longer exists on the Web server, the worm will no longer do this. Also, the worm will not run if you have patched a security hole in Microsoft Office 2000 products. More information regarding this security hole can be found at:


The Word 2000 document is detected as W2KM.Davinia.B.
The VBS file is detected as VBS.Davinia.B.
The overwritten files are detected as HTML.Davinia.B.dam.
The email HTML message is detected as HTML.Davinia.B.

Antivirus Protection Dates

  • Initial Rapid Release version February 7, 2001
  • Latest Rapid Release version September 28, 2010 revision 054
  • Initial Daily Certified version February 7, 2001
  • Latest Daily Certified version September 28, 2010 revision 036
  • Initial Weekly Certified release date pending
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Douglas Knowles

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube