Aliases: Donut (F-Secure), .NETW32.Donut
Variants: N/A

Classification: Malware
Category: Computer Virus

Status: Inactive
Spreading: Low
Geographical info: Europe and some part of Asia and US
Removal: Easy
Platform: W32
Discovered: 09 Jan 2002
Damage: low

Characteristics: The W32.Donut program is said to be the very first virus that uses the Microsoft’s .NET design.

More details about W32.Donut

Because the Microsoft’s .NET architecture requires unusual requirements and the environment of the design creates a replica of itself, the risk of the W32.Donut program to spread is quite improbable. It was called “dotNET” by its author and their targets are all the executable .exe files created for the Microsoft.Net architecture. After infecting some of the.NET files on its folder and other 20 more above it, the virus automatically exits and does stay in the resident memory. When the W32.Donut virus is run; it is 10% probable that a dialog box with a title ".NET.dotNET by Benny/29A" would be displayed. The message in the box is “This cell has been infected by dotNETvirus!” This virus only infects Windows 2000, Windows ME, Windows XP and other Windows Operating System created after it. When it was first created, the author sent copies of the virus to few antivirus companies. It was first written in some Microsoft Intermediate Language (MSIL) and Win32 assembly.

Although this virus may be downloaded, it does not spread through email messages. A direct access to the .exe files is required before this virus runs. This is a self replicating virus that could infect other users and computers after accessing their .exe folder. Another thing about this virus is that, it does not cause any trouble o your computer except spread itself to others. Accordingly, this virus is merely a concept virus and a demonstration that the authors are studying the new model of the Microsoft’s .NET framework.