Worm:Win32/Dorkbot!lnk is a detection for shortcut files created by Worm:Win32/Dorkbot, a family of worms that spread via instant messaging and removable drives.

There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptoms.

Worm:Win32/Dorkbot!lnk is a detection for shortcut files created by Worm:Win32/Dorkbot, a family of worms that spread via instant messaging and removable drives.

LNK files detected as Worm:Win32/Dorkbot!lnk are commonly found on removable drives, and are used to launch a Worm:Win32/Dorkbot executable file also found on the drive. If the user tries to open the shortcut file, it launches the worm executable and also opens an Explorer window. The shortcut file commonly tries to launch the worm executable located in one of the following folders on the drive:

• %drive%\recycler
• %drive%\AdobeReader

The file name used by Dorkbot is usually generated randomly with a .exe or .jpg extension, for example:

• 0xd80a89c7.exe
• DSCI5271.jpg

For more information about Worm:Win32/Dorkbot, see the description elsewhere in the encyclopedia.

Analysis by Michael Johnson & Amir Fouda

To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. The following Microsoft products detect and remove this threat:

• Microsoft Security Essentials
• Microsoft Safety Scanner

For more information on antivirus software, see http://www.microsoft.com/windows/antivirus-partners/.