W32/Autorun.worm.aw, Win32/Kbvorm, W32/Autorun.worm.e
W32/Dawin-A, Win32.Adefe.A, Mal_Otorun5, W32/Dawin-B
Category: Computer Worm
Some parts in Asia, North and South America, Europe and Australia
22 Nov 2007
W32.Dawin infects files and drives through network shares and drives that are removable on the computer. Through its copying of itself, it infects the following file: .exe files. Its length is 897,512 bytes. However, the damage level and wild threat level is low and has only small number of infections.
W32.Dawin Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.Dawin from your computer.
More details about W32.Dawin
W32.Dawin allegedly propagates by copying itself to network connections or network shares and removable drives infecting files and executable drives on the computer. This worm, written using Borland Delphi, is a newly discovered worm found in November 22, 2007. It spreads itself through removal devices such as the floppy disk, CD and USB drives. Also, it extends its threat on a local network or the Internet by spreading itself on files in the network file system or any file system that can be located. This worm can add keys in the Windows registry too. When it makes copies of itself, it creates text files (.exe) on any network resources. It does find executable files then automatically injects its viral code to any target files found on the system. It creates a file: %SystemDrive%\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe and a certain registry key value. Afterwards, when the drive is accessed, it creates another file: %DriveLetter%\autorun.inf.
Worm programs, such as the W32.Dawin application, can create copies of their own. Once they have entered a system, they will create copies and infect others. The W32.Dawin application typically spreads via the Internet. Malware authors may place them on shared network resources. It will then try to enter connected systems with weak password protection. Most worm software programs have a database of common user names and passwords that it uses to hack into a computer. Worm applications can also be spread via drive-by-downloads. Other malware programs may also be used to distribute them. They can also be sent to the user via instant messages or e-mails.