病毒名称:Kriz.4029
别名:PE_KRIZ.4029,W/32.KRIZ
病毒特点:
该病毒和KRIZ.3836病毒很相似,不同的是增加了一些程序,而且,如果SoftIce调试程序安装在系统中的时候,病毒的破坏程序会被激活;病毒含有的字符串也有不同,这个病毒的字符串是:T-2000 / Immortal Riot 。
当一个被该病毒感染的程序文件执行时,病毒首先感染KERNELL32.DLL,在此后,每次启动Windows病毒立即变为常驻内存的,并感染每一个Win32的可执行程序。
病毒在每次感染前都查找文件,如果与下列文件名匹配,感染就不会发生。(AVP32.EXE,AVPM.EXE,ALERTSVC.EXE,AMON.EXE,AVP32.EXE,AVPM.EXE,N32SCANW.EXE,NAVAPSVC.EXE,NAVAPW32.EXE,NAVLU32.EXE,NAVRUNR.EXE,NAVWNT.EXE,NOD32.EXE,NPSSVC.EXE,NSCHEDNT.EXE,NSPLUGIN.EXE,SCAN.EXE,SMSS.EXE)
该病毒具有相当破坏性的有效载荷,当12月25日病毒被触发,它将毁坏CMOS数据,向染毒机器的所有文件写入垃圾数据并破坏Flash BIOS。该病毒使用秘密技术来加密它的代码,在解密以后,你会在病毒体中发现下面的文本:
=( [c] 1999 [t] )=
YOU CALL IT RELIGION, YOU'RE FULL OF SHIT
YOU NEVER KNEW, YOU NEVER DID, YOU NEVER WILL
YOU'RE SO FULL OF SHIT, I DON'T WANT TO HEAR IT
ALL YOU DO IS TALK ABOUT YOURSELF
I DON'T WANNA HEAR IT, COZ I KNOW NONE OF IT'S TRUE
I'M SICK AND TIRED OF ALL YOUR GODDAMN LIES
LIES IN THE NAME OF GOD
WHEN ARE YOU GOING TO REALIZE THAT I DON'T
WANT TO HEAR IT?!
I KNOW YOU'RE SO FULL OF SHIT, SO SHUT YOUR FUCKING MOUTH
YOU KEEP ON TALKING, TALKING EVERYDAY FIRST YOU'RE TELLING STORIES, THEN YOU'RE TELLING LIES
WHEN THE FUCK ARE YOU GOING TO REALIZE THAT I DON'T WANT TO HEAR IT!!
AH, SHUT THE FUCK UP...
