Techguy
December 7, 2000, 11:51 pm
PE_KRIZ.4050
Risk rating: low
Virus type: File Infector
Destructive: Y
Aliases:
KRIZ.4050, W32/Kriz.4050, W32. Kriz.4050, W32.Kriz.4050.kernel, W95.Kriz
Description:
This polymorphic Windows executable virus infects EXE files. It may also destroy some type of PC’s Flash BIOS (similar to PE_CIH) and the infected computer's CMOS information.
Solution:
To clean this virus, use the PC-Cillin Rescue Disk under MSDOS mode.
From a non-infected system, download the Emergency Rescue Disk (ERD) from our website: http://www.antivirus.com/pc-cillin/edisks.htm
Restart your system
Boot from ERD boot disk
Scan your system with your antivirus and delete all files detected as PE_KRIZ.4050.
In the wild: Yes
Trigger condition 1: Upon execution
Payload 1: Others (destroys CMOS information and Flash BIOS)
Detected by pattern file#: 668
Detected by scan engine#: 5.17
Language:
English
Platform: Windows 9x/NT
Encrypted: Yes
Size of virus: 4,050 Bytes
Details:
When a file infected with this infector is run, it drops a file KRIZED.TT6. This file is a copy of the kernel with the viral codes embedded in it. The virus also modifies WININIT.INI. Due to this after the next Windows startup, the virus deletes the dropped file KRIZED.TT6 after replacing the original KERNEL32.DLL. This method makes the virus resident in the memory. While resident in memory, the virus infects all the executed files.
The virus attempts to destroy the computer’s CMOS information. This information includes the system time and date, hard disk type installed in the computer and other system configurations. When the system is rebooted the CMOS displays a checksum error. The CMOS runs again after loading its default settings and detecting all hard disks installed.
------------------
Thank you for using Help From Techs Support Forums!
Please come again and remember to refer a friend to our site.
Risk rating: low
Virus type: File Infector
Destructive: Y
Aliases:
KRIZ.4050, W32/Kriz.4050, W32. Kriz.4050, W32.Kriz.4050.kernel, W95.Kriz
Description:
This polymorphic Windows executable virus infects EXE files. It may also destroy some type of PC’s Flash BIOS (similar to PE_CIH) and the infected computer's CMOS information.
Solution:
To clean this virus, use the PC-Cillin Rescue Disk under MSDOS mode.
From a non-infected system, download the Emergency Rescue Disk (ERD) from our website: http://www.antivirus.com/pc-cillin/edisks.htm
Restart your system
Boot from ERD boot disk
Scan your system with your antivirus and delete all files detected as PE_KRIZ.4050.
In the wild: Yes
Trigger condition 1: Upon execution
Payload 1: Others (destroys CMOS information and Flash BIOS)
Detected by pattern file#: 668
Detected by scan engine#: 5.17
Language:
English
Platform: Windows 9x/NT
Encrypted: Yes
Size of virus: 4,050 Bytes
Details:
When a file infected with this infector is run, it drops a file KRIZED.TT6. This file is a copy of the kernel with the viral codes embedded in it. The virus also modifies WININIT.INI. Due to this after the next Windows startup, the virus deletes the dropped file KRIZED.TT6 after replacing the original KERNEL32.DLL. This method makes the virus resident in the memory. While resident in memory, the virus infects all the executed files.
The virus attempts to destroy the computer’s CMOS information. This information includes the system time and date, hard disk type installed in the computer and other system configurations. When the system is rebooted the CMOS displays a checksum error. The CMOS runs again after loading its default settings and detecting all hard disks installed.
------------------
Thank you for using Help From Techs Support Forums!
Please come again and remember to refer a friend to our site.