Need help? Ask the community or hire an expert.
Go to Avira Answers
Date discovered:04/12/2009
Type:File infector
In the wild:No
Reported Infections:Low
Distribution Potential:Medium to high
Damage Potential:Medium to high
Engine version:

 General Method of propagation:
    Infects files

   •  Symantec: W32.Kriz
   •  Mcafee: W32/Kriz.3863
   •  Kaspersky: Virus.Win32.Kriz.3863
   •  TrendMicro: PE_KRIZ.3862
   •  F-Secure: Win32.Kriz.3683
   •  Sophos: W32/Kriz
   •  Bitdefender: Win32.Kriz.3683
     Microsoft: Virus:Win32/Kriz.3740
     AVG: Win32/Kriz.3863
   •  Panda: W32/Kriz.3863
   •  VirusBuster: Win32.Kriz.3863
     GData: Win32.Kriz.3683
AhnLab: Win32/Kriz.3863
     Fortinet: W32/Kriz.3863
     Ikarus: Virus.Win32.Kriz.3863
     Norman: W32/Kriz.3863.A/B

Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003

Side effects:
    Access to floppy disk
Infects files

 File infection Infector type:
The following section is added to the infected file:
   • ...

Self Modification:

Polymorphic - The entire virus code changes from one infection to another. The virus contains a polymorphic engine.


This memory-resistent infector remains active in memory.

Infection length:

- 3.840 Bytes

The following files are infected:

By file type:
   • *.exe

By exact path:
   • %SYSDIR%\Kernel32.dll

Description inserted by Razvan Olteanu on Monday, February 28, 2011
Description updated by Razvan Olteanu on Friday, March 4, 2011

Back . . . .