W32.Kriz


Aliases: Kriz, W32.Kriz.3740, W32.Kriz.dr, PE_KRIZ
Variants: N/A

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Moderate
Geographical info: North America
Removal: Easy
Platform: W32
Discovered: 11 Aug 1999
Damage: High

Characteristics: The virus W32.Kriz was discovered in 1999. It infects files on Windows 95/98. The virus carries a dangerous payload that triggers every 25th of December. This payload overwrite files on floppy disks, hard disks, RAM disks, and network drives. It even clears the information stored on the BIOS.

More details about W32.Kriz

W32.Kriz is a polymorphic virus. That means that it will reside in computer memory until the next time the system is rebooted. The virus may replicate even if you are using Windows 2000/XP. However, the payload will not be activated. The virus modifies Kernel32.dll file making it irreparable. It may corrupt some PE files. When this happens, they must be replaced. The payload that the virus carries is executed every 25th of December of any year. Computers may be infected but users may not know about the virus until December 25 arrives. When the virus infects a computer for the first time, it creates a copy of Kernel32.dll named Krized.tt6. This file is infected by the virus and should be deleted.

The virus will attempt to flash the BIOS of the computer if the system date is December 25. This will prevent your computer from starting. This may require you to change the hardware. Information stored in the CMOS may be cleared. When this happens, you need to restore the time, date, hard drive, etc. The virus also begins overwriting files on all drives. If you want to manually remove the virus, you must obtain the most recent virus definitions. Then, restart your computer to Command Prompt Only. Run a full scan on your computer using a reliable antivirus software program. Finally, get a new copy of the Kernel32.dll file.