W32/Kriz

Aliases	Kriz W32.Kriz.3740 Win32.Kriz
Category	Viruses and Spyware
Type	Virus
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary

Summary
Action
More Information


Affected operating systems	Windows
Detected by	All Sophos products

Action

Summary
Action
More Information

Please follow the instructions for disinfecting PE executables.

More Information

Summary
Action
More Information

W32/Kriz, which works under Windows 95/98 and Windows NT, infects PE (Portable Executable) files with .EXE or .SCR extensions. It also infects KERNEL32.DLL.

W32/Kriz has a particularly destructive payload. On December 25th it will erase the CMOS setup, attempt to corrupt the system BIOS (in a similar way to W95/CIH-10xx) and attempt to overwrite all files on all local hard disks and network drives with garbage.

If the system BIOS corruption is successful, you will no longer be able to use your computer and the BIOS chip may need to be replaced.

There are two known variants of this virus, but only one of these is known to be in the wild.

Get reports about the latest virus and spyware threats delivered to your computer

In this section

W32/Kriz

Summary

Action

More Information