Information About the .NET W32.Donut Virus (316287)
The information in this article applies to:
- Microsoft Windows Server 2003, Standard Edition
- Microsoft Windows Server 2003, Enterprise Edition
- Microsoft Windows Server 2003, Datacenter Edition
- Microsoft Windows Server 2003, 64-Bit Enterprise Edition
- Microsoft Windows Server 2003, 64-Bit Datacenter Edition
- Microsoft Windows XP Professional
- Microsoft Windows XP Home Edition
- Microsoft Windows XP 64-Bit Edition
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows Small Business Server 2003, Premium Edition
- Microsoft Windows Small Business Server 2003, Standard Edition
This article was previously published under Q316287 SYMPTOMS If you run the W32.Donut virus, the virus attempts to
infect all .exe files that contain .NET code in the folder that contains the
virus and up to 20 parent folders. After the files are infected, the virus
replicates. You can identify infected files because they have a space inserted
by the virus between the file name and the file extension. Additionally, you
may receive the following message: This cell has been
infected by dotNET virus!
.NET.dotNET by Benny/29A
RESOLUTION To resolve this behavior, run a virus-detection program.
MORE INFORMATION The virus must be run by a user after being downloaded.
W32.Donut takes advantage of a stub that .NET programs use to run Mscoree.dll.
The virus only attacks files that are part of the .NET framework.
NOTE: This virus does not spread through e-mail messages. You must
have direct access to the .exe file to run the code.
Because .NET
programs run native code before running platform-independent code at the time
that this article was published, the virus can use Mscoree.dll to attack the CorExeMain function.
The W32.Donut virus is a concept virus and
cannot spread widely, cause any damage, or carry a harmful payload.
| Modification Type: | Minor | Last Reviewed: | 7/8/2005 |
|---|
| Keywords: | kbprb kbvirus KB316287 |
|---|
|