TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
PE_KRIZ.4029
Overview
Solution

Malware type: File Infector

Aliases: W32.Kriz(Symantec), W32/Kriz(Sophos), Virus.Win32.Kriz.4029(Kaspersky), W95/Kriz.4608(Avira), W32/Kriz.4029.kernel (exact)(F-Prot), W32/Kriz.4029(McAfee)

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 95,98,ME,NT,2000,XP

Encrypted: Yes

Overall risk rating:

Reported infections:

Damage potential:

 High

Distribution potential:

 High

Description: 

This polymorphic Win32 virus runs on all Windows platforms but its infection routine only executes on Windows 95 and 98.

It infects files with an EXE or SCR extension by appending its codes at the last section of target files. It also modifies the characteristics of the infected files last section to sharable, writable, and readable.

When the system date is December 25, the virus clears the CMOS Memory and overwrites the first few bytes of all files in local drives and shared network drives.

For additional information about this threat, see:
Solution
Technical Details

Description created: Mar. 9, 2000 1:45:50 PM GMT -0800
Description updated: Apr. 28, 2003 6:05:06 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.