Besoin d’aide ? Fais appel à la communauté ou embauche un spécialiste.
Aller à Avira Answers
Alias:W32/Kriz@MM
Type:Worm 
Size:variable 
Origin: 
Date:12-22-2000 
Damage:It is sent as .EXE file, spreads on Windows 32-bit systems and infects .EXE files. It also changes the area of the Windows commands . 
VDF Version:6.23.00.00 
Danger:High 
Distribution:Medium 

Technical DetailsW32.Kriz is sent as .EXE file, spreads itself on Windows 32-bit systems and infects .EXE files. It also changes the area of Windows commands. The worm also infects KERNEL32.DLL, to become a memory resident virus.
When infecting an .exe file, the virus adds its code at the end of the file. For detecting the virus, you only have to scan for '666' string, which appears in the code. The virus does not infect all .exe files and programs. It does not affect the following files:

ALERTSVC.EXE AVPM.EXE AMON.EXE AVP32.EXE N32SCANW.EXE NAVAPSVC.EXE NOD32.EXE NAVAPW32.EXE NAVWNT.EXE NAVLU32.EXE NAVRUNR.EXE NPSSVC.EXE NSCHEDNT.EXE SCAN.EXE SMSS.EXE _AVP32.EXE _AVPM.EXE NSPLUGIN.EXE

For infecting KERNELL32.DLL, the virus saves this file as KRIZED.TT6 and then changes it. By the next system start, the file KERNEL32.DLL is replaced with KRIZED.TT6, thanks to an entry made in WININIT.INI.

The virus changes the area of Windows commands, so that these are included in the virus program code. Thus, the virus modifies 16 KERNEL32 functions.
The virus has an additional damage routine in its code: on December, 25th, the CMOS memory crashes, all BIOS files are overwritten and Flash BIOS is crashed using the same routine as CIH virus.
Description insérée par Crony Walker le mardi 15 juin 2004

Retour . . . .
https:// Cet écran est crypté pour votre sécurité.