Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Included in our products from | March 2002 (3.55) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please follow the instructions for disinfecting PE executables.
Please read the instructions for removing PE executable viruses.
More Information
W32/Donut is a .NET aware Windows file infector.
W32/Donut is a .NET aware Windows file infector. When an infected file isexecuted it searches the current folder and its parent folder for executables
containing .NET code. These files are modified so that Windows will treat them
as standard executables and they are then infected with the virus.
After infection the virus creates a copy of itself. The filename used is
created by adding a space to the end of the filename just before the extension.
This file is then executed and on Windows XP may display a Message Box with the
text:
This cell has been infected by dotNET virus!
.NET.dotNET by Benny/29A
On Windows 2000 the virus will recursively make a copy of itself by adding a
further space into the filename and will then call this file which will create
another file and so on until several hundred files are executed. This process
will eventually terminate.
Finally the virus creates a copy of itself which has the original .NET code
restored so that it executes as a normal .NET file. This file will have the
same filename as the original infecting file, with a space added.
|
