Malware type: File Infector

Aliases: Email-Worm.Win32.Qizy (Kaspersky), W32/Quis@MM (McAfee), W32.HLLP.Belzy@mm (Symantec), Worm/Qizy.2 (Avira), W32/Qizy-A (Sophos), Virus:Win32/Ziquy (Microsoft)

In the wild: Yes

Destructive: Yes

Language: English

Platform: Windows 95, 98, ME

Encrypted: No

Description: 

This destructive mass-mailing virus infects all .EXE files in the following folders by prepending 32,768 bytes of itself to the target files:

• My Documents
• C:\progra~1\mirc folders

It arrives on a target system as an email message, which has the following details:

Subject: Merry Christmas!
Message Body:
You've probably received enough e-cards. Here's a nice Christmas screensaver instead :)
Attachment: xmas.scr

It overwrites all .RTX files that it finds in the My Documents folder of the infected system.

This UPX-compressed malware is compiled using Microsoft Visual C++, a high-level programming language.

It runs on Windows 95, 98, and ME.

For additional information about this threat, see:
Solution
Technical Details

Description created: Dec. 23, 2003 2:23:38 PM GMT -0800
Description updated: Jan. 1, 2004 3:53:26 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.