There are 6 variants:
When the virus is loaded into memory, it first infects C:\COMMAND.COM, followed by hooking INT 13h and 21h to infect any executable file by writing itself to the end of the file. It also infects the boot sector of floppy disks that are accessed.
The virus behaves stealthy so that there would have no observable size change on infected files.
The virus might not perform infection on every program execution, and it does not infect files containing digits or the following strings in their filename:
V TB SC F- GU
Additionally, the virus has bugs that may corrupt the files during infection.
CriCri.4335 and 5595 are the cracked versions, they contain even more bugs that the former one cannot infect any file while the later one fails to load into memory and hang the system.
The TSR memory usage of the variants:
|Variant||Memory usage in bytes|
When the infected system is loaded or an infected program is run on the Payload day, the virus displays a green message at the center of the screen and hangs the system.
CriCri.4289, 4300, 4616 and 4690Edit
These variants activate on June 4th.
CriCri.4289 and 4300:
Cri-Cri ViRuS by Griyo/29A ...Tried, tested, not approved.
CriCri.4616 and 4690:
Cri-Cri ViRuS by Griyo96 ...Tried, tested, not approved.
CriCri.4335 and 5595Edit
These variants activate on February 3rd, they display the following instead:
Yulgok Virus 2!! Yulgok middle school Virus.. Viructive in
Due to the display size limit set in the code that the creator did not notice, the whole message is:
Yulgok Virus 2!! Yulgok middle school Virus.. Viructive in Kangreung! Yulgok virus Version 1.5
In fact, this virus avoids most of the files in DOS system directory.
The Implant virus is related to the CriCri family.
- List of variants of the CriCri virus on VX Heaven