Symantec Hong Kong
 global sites
products
purchase
service and support
security updates
downloads
about symantec
search
feedback


© 1995-2006 Symantec Corporation.
All rights reserved.
Legal Notices
Updated Privacy Policy
press centre


Symantec provides free tool to detect and repair highly destructive w32.kriz Christmas virus


Hong Kong -- December 20, 2000 - Symantec (NASDAQ: SYMC) has announced the availability of a tool that can be downloaded and run to detect and repair the highly destructive virus W32.Kriz, which is expected to make computer systems inoperable on Christmas day.

The W32.Kriz virus works by wiping out all hard drives and attempting to erase the BIOS, an essential set of computer instructions that is stored on a chip and provides communication between the operating system and the hardware.

To counter W32.Kriz, PC users should scan their system prior to December 25 and on Christmas Day. If their system is infected, any computer user can download a repair tool from www.symantec.com/avcenter. The current virus definitions available from Symantec can already detect this virus and are available either through LiveUpdate or by download from www.symantec.com/avcenter/download.html

W32.Kriz was first discovered over a year ago, but has not been widespread until recently. In a rare, but increasingly common occurrence, the virus infected several common computer worms including Happy99.worm and W32.hllw.bymer.worm, allowing the two to propagate rapidly as one destructive unit. If no action is taken, the Symantec AntiVirus Research Center (SARC) expects to see high numbers of damage reports from all parts of the world on December 25. The payload is very similar to the Chernobyl or CIH virus, which triggered on 26 April in both 1999 and 2000 causing worldwide damage. The CIH virus was also circulating in the wild for more than a year before it caused major destruction.

"To be completely protected from the destructive W32.Kriz virus, users should scan their system prior to 25 December, as well as on Christmas Day using the utility program available on the SARC Web site," said David Banes, manager Asia Pacific for SARC.

"Symantec specifically created this utility to detect and remove the W32.Kriz virus from infected systems, ensuring customers enjoy uninterrupted use of their systems throughout the holiday season. SARC researchers will be working throughout the holidays to analyse new viruses and to provide our customers with protection."

W32.Kriz Virus Characteristics
W32.Kriz is a Windows 9x/NT virus, which infects Portable Executable (PE) Windows files. After entering a computer system, the virus becomes resident in memory, attempting to infect any files that are opened by the user or application programmes. Additionally, the virus modifies the KERNEL32.DLL file, a critical operating system file that enables the virus to spread throughout the system, and attempts to corrupt some PE files, requiring them to be replaced by known, clean backup files or from the original software installation package.

Payload
On December 25th, the virus will attempt to flash the BIOS of the computer, preventing the computer from booting up properly and in most cases, requiring the user to replace the hardware. The virus will also begin overwriting files on all available drives including mapped network drives, floppy drives and RAM disks. The payload is very similar to W95.CIH virus.

Symantec AntiVirus Research Center
SARC is one of the industry's largest dedicated teams of virus experts. With offices located in the United States, Japan, Australia, and the Netherlands, the sun never sets on SARC. The center's mission is to provide swift, global responses to computer virus threats, proactively research and develop technologies that eliminate such threats, and educate the public on safe computing practices. As new computer viruses appear, SARC develops identification and detection for these viruses, and provides either a repair or delete operation, thus keeping users protected against the latest virus threats.

About Symantec
Symantec, a world leader in Internet security technology, provides a broad range of content security solutions to individuals and companies. The company is a leading provider of anti-virus protection, Internet content and e-mail filtering, and mobile code detection technologies to enterprise customers. Headquartered in Cupertino, California, Symantec has worldwide operations in more than 33 countries.

NOTE TO EDITORS: If you would like additional information on Symantec Corporation and its products, please view the Symantec Press Center at http://www.symantec.com/region/hk/PressCenter/ on Symantec's Web site.

Brands and products referred to in this release are the trademarks or registered trademarks of their respective holders.

# # #

Brands and product names are the trademarks or registered trademarks of their respective holders.

Issued on behalf of Symantec Corporation by Newell Public Relations