Aliases: W32/Datom-A, Win32.Datom, Datom, Worm.Win32.Datom, W32/Datom, Win32/Datom.worm
Variants: W32/Datom-A, W32/Datom.worm.dll

Classification: Malware
Category: Computer Worm

Status: Inactive
Spreading: Slow
Geographical info: Asia, North and South America, Europe and Australia
Removal: Easy
Platform: W32
Discovered: 08 Jul 2002
Damage: Low

Characteristics: W32.Datom.Worm is a network worm that replicates through shared resources and most often are open shared. This worm comes in three different files: MSVXD.EXE, MSVXD16.DLL and MSVXD32.DLL. There are more than 1000 infections affected by this worm. Its origin came from South America.

More details about W32.Datom.Worm

W32.Datom.Worm is not considered a very dangerous threat since it does now have a damaging payload. It only propagates through shared drives. It primarily looks for available resources that enable an access for connection. Its length varies according to the type of the file - 58368 bytes (msvxd.exe); 54784 bytes (msvxd16.dll); 81408 bytes (msvxd32.dll). Once the connection is established and shared directory is shared, W32.Datom.Worm copies all the components of the Windows directory. It reads the “WinNT” and “WinDir” in the MSDOS.SYS file – mostly found in the%Windir% folder or by default it looks like these: C:\Windows or C:\Winnt. Then it copies itself to either one of the locations. One of the components, MSVXD.EXE, will activate the worm making other worming operations to perform. The MSVXD.EXE modifies the WIN.INI file to launch the next file which is the MSVXD16.DLL then the MSVXD32.DLL. It can also terminate the process of the Zone Alarm firewall, send notification messages on emails and spreads shared folders.

According to some reports, other malware programs may be downloaded into the system through this program. These are installed and launched in the system. Programs commonly spread in this way are Trojan software, adware and spyware. These are applications that are not able to spread on their own. The W32.Datom.Worm software will also look for means to spread to other systems. It searches for lists of e-mail addresses it can send itself to. It may also hijack the user’s own e-mail and instant messaging accounts to spread. Worm applications may also infect removable memory devices that are attached to the infected computer.