Classification

Category :

Malware

Type :

Virus

Aliases :

Delwin, Windel

Summary

Delwin was found from Denmark in Spring 1995. It infects the MBR of the hard drive as well as all accessed EXE files. Delwin is a fast infector.

Delwin is also a full stealth virus, hiding all the changes to boot sectors and EXE files as long as it is resident.

The virus is encrypted and contains the text "DELWIN". Delwin activates when WIN.COM is executed. After this, it will modify the 'check-dos-version' service to always report v2.10. This will prevent many programs from being executed. Otherwise the virus is harmless.

Delwin.1759 got widespread circulation in May 1996 when an infected copy of the full version of 'Duke Nukem 3D' game was distributed via pirate systems.

There is also another variant, 1199 bytes in length.

Removal

Based on the settings of your F-Secure security product, it will either move the file to the quarantine where it cannot spread or cause harm, or remove it.

A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:

  • Check for the latest database updates

    First check if your F-Secure security program is using the latest updates, then try scanning the file again.

  • Submit a sample

    After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.

    Note: If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.

  • Exclude a file from further scanning

    If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.

    Note: You need administrative rights to change the settings.

Technical Details

N/A