W32.Dbit


Aliases: Win32/Dbit
Variants: W32/Dbit-B

Classification: Malware
Category: Computer Virus

Status: Inactive
Spreading: Slow
Geographical info: Some parts in Asia, North and South America, Europe and Australia
Removal: Easy
Platform: W32
Discovered: 28 Jul 2006
Damage: Low

Characteristics: W32.Dbit is a self-replicating virus that often spreads through network shares or by transmission to executable devices such as the removable floppy disk, writable CD, and USB drive. This virus infects files on a network file system or any file system used or shared by another computer.

More details about W32.Dbit

This self-propagating virus spreads recursively. This means it infects systems from one system to another and then further propagates. It usually infects the files, registry and network communication resources. The type of files that this virus infects is the .exe files. When this virus is executed, it creates the following files: “%System%\msjet62.dll “%UserProfile%\Local”, Settings\Temp\NEW[RANDOM NUMBER].tmp”, “%CurrentFolder%[INFECTED HOST FILE]\i\i”. The %UserProfile% refers to the current user's profile folder while the %System% refers to the System folder which is by default C:\Windows\System for Windows 95/98/Me, C:\Winnt\System32 for Windows NT/2000 or C:\Windows\System32 for Windows XP. The %CurrentFolder% is where the threat was originally executed. After the execution of the mentioned files, it creates subkey values in the registry.

This virus also injects the .dll file into running processes. This allows opening a backdoor allowing the hacker or attacker to hide network traffics from the user; download, upload, execute, delete, search and infect files, and create Autorun.inf files. The attacker also has the ability to block running processes such as ethereal.exe, windump.exe, sniffer.exe and others. This program may also spread via portable memory devices. It can create an infected .ini file in drives. This will be read each time a device is connected to the drive. A copy of the worm application will then be placed in the device. Anytime the connected device is accessed using another system, the infection will spread.