W95/Babylonia.bat, W95/Babylonia.hlp, W95/Babylonia.irc
Category: Trojan Horse
Active & Spreading
Asia, North and South America, and some parts of Europe and Australia
07 Dec 1999
The W95.Babylonia program is a Windows-based virus with worm that resides on the system's memory. It infects executable and help files. It downloads virus components from Internet, then installs downloaded components to the infected computer.
W95.Babylonia Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a trojan horse removal tool to automatically clean W95.Babylonia from your computer.
More details about W95.Babylonia
W95.Babylonia is a virus that has the ability to download “plugin components” from the Internet. The plugins downloaded are used by this virus to populate, spread, and propagate by means of IRC, SMTP email, and or local system infection. This virus tends to infect files of .exe and .hlp extensions. When this virus is activated on a system, it installs itself as a system driver, and then creates an executable file called KERNEL32.exe of size 4,096 bytes. This file monitors the activity of the system for Internet connection. Afterwards, this virus creates an additional executable file of 4kb long in the root directory C:\BABYLONIA.EXE – a standalone virus component that provides additional virus function. The W95.Babylonia virus was posted and first released in a form of help file containing serial numbers of registered products.
When Babylonia.exe is executed, it copies itself to the system folder, and then adds value to a system registry key. This results to having a hidden application running on the system’s background every time Windows starts. Then, it checks if an application “Rnaapp.exe” is running, done by enumerating active processes on the system. When the “Rnaapp.exe” application is detected up, W95.Babylonia virus will connect to a virus authoring group’s website, then downloads a text file named Virus.txt. This text file contains list of file names that are downloaded and executed one by one, completing components of the virus hosting the infected machine.