1. Symantec/
  2. Security Response/
  3. W32.Deev@mm


Risk Level 2: Low

September 18, 2002
February 13, 2007 11:58:58 AM
Also Known As:
WORM_Deev.A [Trend]
Systems Affected:

W32.Deev@mm is a mass-mailing worm that uses Microsoft Outlook to send itself to all contacts in the Microsoft Outlook Address Book. The email message has the following characteristics:

Subject: Download MP3s fast...
Message: Download this screen saver... look for the password and we will give you 10 free MP3s. Absolutely Free!!!
Attachment: Fre.exe

NOTE: This threat has two components:
  • The Portable Executable (PE) component which is written in the Borland Delphi Programming Language and is compressed. This is detected as W32.Deev@mm.
  • The Visual Basic Script (VBS) component that is created by the PE component. This is detected as VBS.Deev@mm.

What are Portable Executable (PE) files?
PE files are files that are portable across all Microsoft 32-bit operating systems. The same PE-format executable can be executed on any version of Windows 95, 98, Me, NT, 2000, and XP. All PE files are executable, but not all executable files are portable.

A common example of a Portable Executable file is a screen saver (.scr) file.

Antivirus Protection Dates

  • Initial Rapid Release version September 19, 2002
  • Latest Rapid Release version May 31, 2016 revision 036
  • Initial Daily Certified version September 19, 2002
  • Latest Daily Certified version June 1, 2016 revision 005
  • Initial Weekly Certified release date September 25, 2002
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Yana Liu

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube