W32.Kriz is not a virus hoax
Question: I received the following e-mail from someone. “Another virus … Win32.Kriz. What Is It? Once Win32.Kriz infects your computer, it erases memory, overwrites data on all drives, and destroys the Flash BIOS …”
Is this a real virus or a hoax?– A.L.T.
Answer: For once, an e-mail warning is legitimate. The secret to any e-mail virus hoax is usually two-fold.
- The writer cites numerous well-place sources for the warning like IBM, AOL, or Microsoft.
- The writer urges the recipient to send a copy of the e-mail to “everyone in your address book” or some such nonsense.
The idea behind such mischief is to get the hoax circulating as much as possible.
Further investigation shows that the Win32.Kriz (also called W32.Kriz.3740) virus is a certifiable threat. It is a Windows 9x/NT virus, which infects Portable Executable (PE) Windows files. The virus hops into memory and attempts to infect any files that are opened by the user or computer programs. The virus also changes the KERNEL32.DLL file, which is the heart and soul of Windows.
Win32.kriz also contains a payload. Simply put, that’s a piece of programming code that does a nasty task, like data deletion.
Win32.Kriz’s payload is executed on December 25th, Christmas Day. The evil Christmas gift attempts to flash the BIOS of the computer. That’s the part of the computer that stores basic information about the workings of the computer (date, time, disk drive settings, etc.) and is read when a computer is booted up. Without it, a computer won’t boot.
The virus also overwrites files on all available drives. This includes mapped network drives, floppy drives, and RAM disks. The payload is very similar to the now-infamous CIH virus.
Most anti-virus software programs will remove Win32.Kriz. If you aren’t using an anti-virus program, I highly suggest you add one.
Here are some freeware recommendations:
And some recommended payware titles: