Win32:Kriz

is a memory resident 3863 bytes long polymorphic virus which infects PE EXE files (portable executables) - i.e. the native files of Windows 9x and NT. To remain active in memory it also infects the Windows core library KERNEL32.DLL. The virus traps several KERNEL32 functions like file opening, copying, deleting, reading or changing file attributes, creating a new process etc.

This virus has a very dangerous payload that is activated on December 25th (Christmas Day). When infecting any file during this day, the virus destroyes the content of CMOS memory, overwrites data in all files on all available hard drives and then tries to damage Flash BIOS in the same way as CIH virus.

Currently this virus is not known to be widely spread In the Wild.

Any avast! with VPS file dated after 24th August 1999 is able to detect this virus.

Viruses
Viruses in the Wild Windows viruses Older windows viruses 2002 Older windows viruses 2001 Older windows viruses 2000 Script viruses Macro viruses Virus report form Virus report summary Eicar Test File VPS history
Subscription Services
VPS (iAVS) Subscr. service
avast! Virus Cleaner
Home pageWeb site mapPrint this pagePrivacy policy
Copyright © 1988 - 2008 ALWIL Software a.s.
Home page