It is the fifth viewer-made malware from Leurak, after VineMEMZ.
Summary and Payloads
When run, BonziBUDDY will appear on the desktop, and says:
Hello, I'm Bonzi. I'm here to destroy your computer again. But this time, it's an actual destruction. The first thing I'll do is inject my beauty into all programs that start from now.
Shortly after, the program will change every icon in every file that holds icons possible on that Windows Installation into an image of BonziBUDDY's face. BonziBUDDY will then say:
Doesn't it look great? I would not recommend to restart your system from now, because it might be a bit unstable...
He then says:
If you wait a bit for me, I will do even more than just that. I will spam your computer with random executives, inject my code into them too and let them corrupt your computer. Your programs are my slaves from then, doesn't that sound great?
Right after, he will say:
You've got 30 seconds left until I activate the final destruction. You should look around your system, because now I'm everywhere.
Ten seconds after initially saying this, he says:
You've got 20 seconds left until I activate the final destruction.
Ten seconds after the twenty seconds mark, he says:
You've got 10 seconds left until I activate the final destruction.
Ten seconds after the ten seconds mark, he says:
Destruction of Death is now activated. My work is now done. Goodbye, Expand Dong. Just sit back and enjoy.
Similar to MEMZ, one of Leurak's previous trojans, pop-ups with the intention to annoy the user will appear on the screen, as well as play error sounds in the background. Even if the computer is restarted, this will continue once the computer reboots.
Leurak has mentioned that the malware has many other payloads that one may not directly notice. This malware will:
- Corrupt the RAM of hooked processes
- Launch random .EXE files from hooked programs with random delays
- Corrupt the registry
- Corrupt random .EXE files