x
48h OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
SPECIAL OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
HALLOWEEN OFFER
take advantage of our
terrific discounts
BUY NOW AND GET A 50% OFF
x
CHRISTMAS OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 40% OFF
x
SPECIAL OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 50% OFF
x
BLACKFRIDAY OFFER
Buy the best antivirus
at the best price
TODAY ONLY UP TO 70% OFF
x
CYBERMONDAY OFFER
Buy the best antivirus
at the best price
(Only for homeusers)
TODAY ONLY UP TO 70% OFF
Active Scan. Scan your PC free
Panda Protection

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Encyclopedia GetVirusCard True 0

HTML.Winevar

 
Threat LevelModerate threatDamageHighDistributionNot widespread
Common name:HTML.Winevar
Technical name:HTML/Winevar
Threat level:Low
Type:Virus
Effects:  It deletes the content of all the directories on the computer, except for those belonging to programs that are active.

Affected platforms:

MS-DOS; Windows XP/2000/NT/ME/98/95

First detected on:Nov. 25, 2002
Detection updated on:Nov. 25, 2002
StatisticsNo

Brief Description 

    

HTML.Winevar is a dangerous worm, as it deletes the content of the directories on the affected computer, except for those belonging to active programs. In addition it drops another virus called Funlove.4099.Dr in the affected computer.

HTML.Winevar reaches computer hidden in an e-mail message with three attachments: WINXXX.TXT WINXXX.GIF and  WINXXX.PIF.

HTML.Winevar exploits an Internet Explorer vulnerability, which allows the computer to be infected when the message carrying the worm is viewed through Outlook’s Preview Pane, without needing to run the attachment. The code used by Winevar to carry out this action is detected by Panda Security as Exploit/Iframe.

Visible Symptoms 

    

A clear indication that HTML.Winevar has infected a computer is that the message below is displayed when the affected computer is restarted:

This window will probably appear several times.

If the user clicks OK, HTML.Winevar start deleting the content of the directories on the affected computer, except for those corresponding to the programs that are active at the time.