Need help? Ask the community or hire an expert.
Go to Avira Answers
Virus:W95/Kriz.3840
Date discovered:04/12/2009
Type:File infector
In the wild:No
Reported Infections:Low
Distribution Potential:Medium to high
Damage Potential:Medium to high
Engine version:7.09.01.98/8.02.01.98

 General Method of propagation:
   • Infects files


Aliases:
   •  Symantec: W32.Kriz
   •  Mcafee: W32/Kriz.3863
   •  Kaspersky: Virus.Win32.Kriz.3863
   •  TrendMicro: PE_KRIZ.3862
   •  F-Secure: Win32.Kriz.3683
   •  Sophos: W32/Kriz
   •  Bitdefender: Win32.Kriz.3683
   •  Microsoft: Virus:Win32/Kriz.3740
   •  AVG: Win32/Kriz.3863
   •  Panda: W32/Kriz.3863
   •  VirusBuster: Win32.Kriz.3863
   •  GData: Win32.Kriz.3683
   •  AhnLab: Win32/Kriz.3863
   •  Fortinet: W32/Kriz.3863
   •  Ikarus: Virus.Win32.Kriz.3863
   •  Norman: W32/Kriz.3863.A/B


Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Access to floppy disk
   • Infects files

 File infection Infector type:
– The following section is added to the infected file:
   • ...


Self Modification:

Polymorphic - The entire virus code changes from one infection to another. The virus contains a polymorphic engine.


Method:

This memory-resistent infector remains active in memory.


Infection length:

- 3.840 Bytes


The following files are infected:

By file type:
   • *.exe

By exact path:
   • %SYSDIR%\Kernel32.dll

Description inserted by Razvan Olteanu on Monday, February 28, 2011
Description updated by Razvan Olteanu on Friday, March 4, 2011

Back . . . .