Windows users watch out for the Kriz computer virus (W32.Kriz also known as Win32.Kriz.3740/3863), which will try to wipe out your machine on December 25th.
Kriz hits Windows 9x and NT machines infecting certain Windows
files and stays in your computer’s memory. It can spread to any
hard or floppy drives in your computer, RAM disks, or any network
drives you’re mapped to. Nothing happens until December 25th,
when Kriz will try to flash your BIOS and start overwriting files.
Kriz has a similar payload to the Win.CIH virus which appeared early in 1999. The virus code has been encrypted in an attempt to hide the virus’ presence from anti-virus scanners. Two variants of this virus are known to exist: Kriz.3863 and 3740.
When an infected file is run, it will create a copy of the systems Kernel32.dll file, will insert viral code inside it, saves it as KRIZED.TT6. It then modifies WININIT.INI so that it will automatically rename KRIZED.TT6 to Kernel32.dll when the PC is rebooted. This will overwrite the existing Kernel32.dll with the infected version. Then the virus will attempt to infect any Windows PE (.EXE) files that are run on the PC. Since Kernel32.dll has been overwritten the original copy of Kernel32.dll has been destroyed. Returning the infected system to its clean state involves cleaning all infected files and replacing Kernel32.dll with a clean copy of the original file.
If an infected file is run on Christmas Day (the 25th of December) of any year, the virus will clear the computers CMOS memory, and attempts to destroy the computers flash BIOS.
Please note:
If the flash BIOS is damaged the chip will need to be replaced on the PCs motherboard.
If the BIOS chip is soldered to the motherboard it is unlikely to be cost effective to repair it.
Our Tip:
Update your anti-virus software today. Then, scan your computer
now for Kriz and then again on Christmas Day. The data you
save will be your own!
