Win32/Kriz, also known as Win32.Kriz.3862 and Win32.Kriz.3740 is a polymorphic Microsoft Windows (9x, NT, and 2000) virus discovered in the autumn of 1999.


It infects files on Windows 9x and Windows NT systems. It has a potentially devastating payload that triggers on December 25th of any year once an infected file is run. When this happens, the virus overwrites files on the floppy disk drive, hard drive, RAM drive, and network drives. On Windows 9x, it also erases the information stored on the computer's BIOS. A successful attempt could prevent the computer from booting up, even if a floppy disk is used. This behavior is similar to that caused by CIH virus. In some cases, the Kriz virus will corrupt the file it infects and cleaning may not be possible.

Kriz is known as a polymorphic virus, meaning it will reside in computer memory until the next time the system is rebooted. This virus encrypts its code, leaving only a small random decryptor. This virus will infect files as they are opened by any application while it is in memory. This will occur when a user scans files as well. In other words, computers users may be infected but not know about the virus until the following Dec. 25.