/dqweek/media/agency_attachments/JNb31gQnqJvAm0jqPxaV.png)
Follow Us
McAfee, a division of Network Associates, Inc. has announced the detection and removal of the deadly .Net virus -The Donut virus.
This is the first virus to make use of Microsoft's .NET architecture. Due to the uncommon system requirements and replicating environment, the virus is unlikely to become widespread. The .NET architecture must be installed on Windows2000/XP in order for the virus to function and it only infects some MSIL PE files. The virus has Czech Republic origin with a minimum Dat of 4181 and minimum Engine of 4.0.70
W32/Donut is a file infector that infects other .NET executables using the .EXE extension files in the current directory and up to 20 directories above it and then exits. It does not stay resident in memory. When run, there is a 10 percent chance that a dialog box will be displayed. It is primarily written in Win32 assembly and some MSIL (Microsoft Intermediate Language)
Display of message box entitled, ".NET.dotNET by Benny/29A" which reads, "This cell has been infected by dotNET virus!".
This is a file-infecting virus, which spreads to other .NET executables on the local system. Infected files should be deleted and restored from backup.
Detection is included in McAfee's DAILY DAT (beta) files <http://www.mcafeeb2b.com/naicommon/avert/avert-research-center/virus-4d.asp> and will also be included in the next weekly DAT release. In addition to the DAT version requirements for detection, the specified engine version (or greater) must also be used.