Kriz Virus

Kriz Virus

« Back to Glossary Index
Visit Us
Follow Me

The Kriz virus, also known as W32.Kriz, W32.Kriz.dr, or PE_KRIZ, is a dangerous polymorphic Windows virus that first appeared in 1999. Its characteristics include being a memory resident, infector of Portable Executable (PE) Windows files, and possessing a highly destructive payload that activates on December 25 (Christmas Day).

Propagation and Infection

The Kriz virus spreads by infecting Windows executable (PE format) files on local and network drives. Each time an infected file is run, the virus becomes resident in the system memory, from where it can infect other executables when they are accessed. It’s worth noting that the virus doesn’t infect files smaller than 4 KB or larger than 10 MB.


The most notorious aspect of the Kriz virus is its destructive payload. On December 25th, if an infected file is executed, it overwrites crucial parts of system memory, causing damage to the BIOS, rendering the computer unbootable. Additionally, it will attempt to overwrite all the files on the local hard disks and network drives.

Protection and Removal

As with all computer viruses, the best defense against the Kriz virus is a combination of good digital hygiene practices and using up-to-date antivirus software. Antivirus software should be able to detect and remove the virus from infected files, and in many cases, can also repair the infected files.

When the Kriz virus was active, it caused significant problems due to its destructive payload. However, its impact today is minimal as contemporary antivirus software can effectively deal with this threat, and newer operating systems have been developed with more robust security measures.

As always, maintaining updated antivirus software, avoiding suspicious email attachments and downloads, and keeping your operating system and applications updated are the best ways to avoid computer viruses.

You may also like...