General explanation

Type: Worm

Degree of destruction: average

Prevalence: low

What is the Worm?

Computer worms such as Daws are types of malware that are capable of reproduction. For permanence, worms set ways to maintain the infection in each system boot. The prominent feature of worms is in their distribution which is generally perform through portable drives and shared directories in the network.

What is Daws malware?

Daws malware places in the worm category. This malware will upload multiple Iranian News and commercial websites into the user’s browsers and by constant execution of multiple malicious processes, will slow the function and result in the malfunction of the system.  By creating and executing a file in the system (which know as CoinMiner) malware will send the information to its malicious server.

Technical explanation

Daws malware initially creates a copy of itself in the %SystemRoot% path with a random name. After execution, this copied file will proceed to create a second copy in the same exact path with a random name and also executes it.  By creating two copies and executing them, each one of these processes counts as another backup version and if any of them is deleted, the other will again create it.

Also, the malware will execute again in each system boot, and if a portable drive connects to the system, then it will create two copies of the malware into it. It will hide all directories of the portable drive and copies its main file with the same name of each hidden directory into the portable drive.  To execute the copied malware, it will proceed to create an autorun.inf into the portable drive.

How to deal with it and disinfect the system

By UMP capability that is a part of behavioral protection, Padvish can prevent the system from infection through a portable drive. Therefore, to prevent infection to all types of malware that transfer through portable drive such as Daws malware, it is recommended to install Padvish and prevent malware from entering the system and infecting it.

If your system is infected by Daws malware act as follows:

  1. Install Padvish on your system
  2. Connect the infected portable drive to your system
  3. Scan the portable drive using Padvish to disinfect both the system and portable drive


Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>