hCKptj ÄSu,SM=S<= SubjSuu Sut72ҋΉ^DA$Vu ;jVhxSPGjuSj s'ȸ#;u esEPEPEPu_^[ UQSVWu }uh!serjWu -hDreshSW]w u t53Phha$jSPPjEPW; P)7oÐ%0)USVWP)]P);ƿp@)t@ txrsWj$pp[cSu u4ءP);t@ txrSWj%pp)c_^[] UXP)3ʼnEE E3S]fEVuWEEEЍ}fC{MME؋CN\EE܉M0)ρF`\tGPttt ,CEC @ jY9Msc K$E܋}tEuS);s£S);S)s[S)T@ x M0)E܋;G`sG`S)9G`sG`S)9G`vG`M0)jYM0 M$ڵ'F8EfF)jVppF}' Q)0) Q)AQ)@ 9uEs9P);t"@ txrVu h>)jWppY7E7Vu3WV]Q)H ;߉}vgVAtNffAt'ABG s'ffB$@@BaG t E9]rQ)` Q)Q0)E_^[UVX)W0)39=Y)X)tE8EY)H`Ia?(8X)0)_^]UQQeSVu F`X V Wx8}xU fxt t 't+u֋] EPWSuRQ{=t-t!;t=sf(CMNjX;r M EFf33Ff~2ҋP0)_^[UQSVWE P)]P);ƿ>)t @ txrSWjppWP)/suuuuu >)EP);t@ txruWjppsWE_^[UVWP)P);ƿ>)t@ txrWj ppB3ɸX)AAuW Q)S20) Q)A Q)Q ҋAv%f8tHJut Q)H Q)Q0)[M aa2P0)P);t@ txrWj pp,B_3^]USVWP)] P);tNx txrhA)j ppAP);t#x txrsshA)j ppUX)0)=X)X)X)Dt;Ut&?;uЋ0)3ɸQ)Ao<M 0) alt="Contact us for customer service and other feedback info" border="0" width="78" height="26"> SRN Micro Privacy Statement



Virus Name  : W32/Kriz

Alias             : Win32.Kriz, PE_KRIZ

Virus type    : PE File Infector

Threat level : Medium

Virus details :

                      W32/Kriz is a Windows file virus infects PE files under Win9x and WinNT 4.0 platforms. This virus will wake up or get activated on 25th of December [Christmas day] and it will damage the motherboard and the hard disk. The damage caused could be extreme and expensive.

                     When the virus is first run, it patches the critical operating system file KERNEL32.DLL and stores it in the name of KRIZED.TT6. On the next startup it replaces original KERNEL32.DLL file with KRIZED.TT6. The variants of Kriz will use different name to patch KERNEL32.DLL. Then it become memory resident and infects all accessed Windows Portable Executable files.


                     The payload of W32/Kriz is stolen from deadly W95/CIH virus. The computer motherboards manufactured in the last few years store their BIOS on a flash ROM chip which are rewritable. W32/Kriz virus directly attacks the code stored in the flash ROM chip and makes the computer unbootable.

                     In certain motherboard the BIOS chip are replaceable and solution is possible by inserting a new chip. However in most of the cases the BIOS chip is soldered to the motherboard and there is no solution except to replace the motherboard which could be expensive. If the Flash BIOS is write-protected by jumper set then the Kriz virus will delete all the data stored on hard disk, which puts every computer at risk irrespective of the BIOS layout.

                     At present there are 5 known versions of Kriz variants reported which destroys the motherboard and hard disk. W32/Kriz.4271 is most frequently reported in the wild. Solo cleans W32/Kriz and its variants without problems.

How can I protect my system?

                   Solo has incorporated Win32/Kriz in its signature file to protect users from this virus attack. Solo antivirus registered users are already protected from this virus. Make sure that you have installed registered version of Solo Antivirus to protect your system from all virus threats.

How to remove this virus?

                   If you are already infected with this virus, you can remove it from your computer using Solo Antivirus software. Solo antivirus can detect and remove Win32/Kriz safely. Use the following link to Download 30 day trial version of Solo antivirus to remove viruses from your computer.

                   Solo anti-virus not only scans for all viruses, it contains a unique System Integrity Checker to protect you from New Internet Worms, Backdoors and malicious VB, Java Scripts. It also effectively removes all existing Internet Worms, File viruses, malicious VB, Java scripts, Trojans, Backdoors, boot sector, partition table and macro viruses.

You can purchase Solo antivirus using the link