GO TO: Summary | Removal


Category: Malware

Type: Virus

Aliases: Delwin, Windel


Delwin was found from Denmark in Spring 1995. It infects the MBR of the hard drive as well as all accessed EXE files. Delwin is a fast infector.

Delwin is also a full stealth virus, hiding all the changes to boot sectors and EXE files as long as it is resident.

The virus is encrypted and contains the text "DELWIN". Delwin activates when WIN.COM is executed. After this, it will modify the 'check-dos-version' service to always report v2.10. This will prevent many programs from being executed. Otherwise the virus is harmless.

Delwin.1759 got widespread circulation in May 1996 when an infected copy of the full version of 'Duke Nukem 3D' game was distributed via pirate systems.

There is also another variant, 1199 bytes in length.


Automatic action

Based on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the detected program or file, or ask you for a desired action.

Knowledge Base

Find the latest advice in our Community Knowledge Base.

About the product

See the manual for your F-Secure product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.