Threat description


Category: Malware
Type: Virus
Platform: W32
Aliases: Delwin, Windel


Delwin was found from Denmark in Spring 1995. It infects the MBR of the hard drive as well as all accessed EXE files. Delwin is a fast infector.

Delwin is also a full stealth virus, hiding all the changes to boot sectors and EXE files as long as it is resident.

The virus is encrypted and contains the text "DELWIN". Delwin activates when WIN.COM is executed. After this, it will modify the 'check-dos-version' service to always report v2.10. This will prevent many programs from being executed. Otherwise the virus is harmless.

Delwin.1759 got widespread circulation in May 1996 when an infected copy of the full version of 'Duke Nukem 3D' game was distributed via pirate systems.

There is also another variant, 1199 bytes in length.


Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.


More information on scanning and removal options available in your F-Secure product can be found in the Help Center.

You may also refer to the Knowledge Base on the F-Secure Community site for more information.

Contact Support

For further assistance, F-Secure customers can request support online via the Request support or the Chat forms on our Home - Global site.

Description Details: Mikko Hypponen, F-Secure


Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More