high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for disinfecting PE executables.
Please read the instructions for removing PE executable viruses.
More Information
W32/Donut is a .NET aware Windows file infector.
W32/Donut is a .NET aware Windows file infector. When an infected file isexecuted it searches the current folder and its parent folder for executables
containing .NET code. These files are modified so that Windows will treat them
as standard executables and they are then infected with the virus.
After infection the virus creates a copy of itself. The filename used is
created by adding a space to the end of the filename just before the extension.
This file is then executed and on Windows XP may display a Message Box with the
text:
This cell has been infected by dotNET virus!
.NET.dotNET by Benny/29A
On Windows 2000 the virus will recursively make a copy of itself by adding a
further space into the filename and will then call this file which will create
another file and so on until several hundred files are executed. This process
will eventually terminate.
Finally the virus creates a copy of itself which has the original .NET code
restored so that it executes as a normal .NET file. This file will have the
same filename as the original infecting file, with a space added.
|
