1. /
  2. Security Response/
  3. W32.Kriz Removal Tool

W32.Kriz Removal Tool

Updated:
August 24, 2005 12:00:00 AM
Type:
Removal Information
The payload of this virus is similar to the W95.CIH virus that triggered on April 26, 2000.

For computer users who do not have up-to-date antivirus software, Symantec has created an online program that will scan your computer over the Internet for W32.Kriz. If your system is infected, you will be redirected back to this location. After returning to this page, download the small Fixkriz.exe utility listed below to remove the W32.Kriz virus. Click here to begin the online scan.

NOTES:
The Fixkriz.exe utility is a preventive measure against the W32.Kriz virus. It will not repair damage done after the virus has been launched. Please download the tool and follow the instructions on this page.
Norton AntiVirus definitions dated September 1, 1999, or later will detect and clean this virus. Symantec Security Response strongly suggests enabling Auto-Protect to ensure complete protection.
If you are using Windows 2000/XP, the virus might replicate, but the payload will not be activated.
If you are using NTFS, you must launch a NTFS DOS Read/Write driver before running FixFun.exe; otherwise, the tool will not be able to repair any files on the NTFS partition. This driver is not available from Symantec. Such drivers are available on the Web at various locations. Currently, two of them are
http://www.sysinternals.com/ntw2k/freeware/ntfsdospro.shtml
http://www.winternals.com/products/repairandrecovery/ntfsdospro.shtml

Download free fix!
Click this link to download the free utility: Fixkriz.exe

Instructions for using the W32.Kriz fix tool
NOTE: The W32.Kriz fix tool will work only if the computer is restarted in MS-DOS mode. It will not work correctly in a DOS window in Windows 95/98, Windows NT, or Windows 2000.
After downloading Fixkriz.exe , double-click the icon to unzip the file.
You will be asked to specify where you want to unzip the tool. Choose a location. We recommend that you save it to the root of drive C.
After you unzip the file, restart the computer in MS-DOS mode, as follows:
Click Start, and click Shut Down.
Click Restart in MS-DOS mode, and then click OK.
Allow the computer to restart. It will open to a command prompt at the location in which Windows is installed; for example, C:\Windows.
Type the following, and then press Enter:

cd
If you unzipped the files into a location other than the root of drive C, use the cd command to change to that directory. Otherwise, skip to the next step.
Type the following, and then press Enter:

fixkriz [PATH] (where [PATH] represents the drive or directory to be scanned).

For example, to scan drive C, type:

fixkriz c:

Alternately, to scan all drives except for floppies, you can type the following (instead of specifying the path):

fixkriz /a

The scan will take 5 to 10 minutes, depending on the size of the hard drive.

After the scan has finished, you will see some statistics. Statistics may vary, but will be displayed in the following format:
Scanned: XX, infected: XX, repaired: XX
All infected files should be repaired.

Summary

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report, Volume 17
Symantec DeepSight Screensaver