Virus:W32/Divvi

Classification

Category :

Malware

Type :

Virus

Aliases :

Virus.Win32.Tupac.a

Summary

"Divvi" is a file infecting virus that does not currently appear to be spreading in the wild. If active, Divvi will launch a denial of service (DoS) attack against F-Secure on the 28th day of each month.

Removal

Based on the settings of your F-Secure security product, it will either move the file to the quarantine where it cannot spread or cause harm, or remove it.

A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:

  • Check for the latest database updates

    First check if your F-Secure security program is using the latest updates, then try scanning the file again.

  • Submit a sample

    After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.

    Note: If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.

  • Exclude a file from further scanning

    If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.

    Note: You need administrative rights to change the settings.

Technical Details

Divvi is a virus that infects EXE-files. When run, it displays the following messagebox:

Divvi also attempts to copy itself to removable drives and set an autorun file to enable itself to spread.Divvi also contains the following strings:

  • Mikko cut ur ponytail
  • Divinorum
  • *** Sadafa elte7am !!! ****
  • doG saW madaS
  • Coded by: Berniee!2007

On the 28th day of each month the virus will attempt to start a Denial of Service (DoS) attack against F-Secure.