Fandom

Malware Wiki

Mip

1,335pages on
this wiki
Add New Page
Comments0 Share


Mip is a virus written in Visual Basic 6 that attempts to be destructive, but fails. It first surfaced in 2001, and infects systems running Windows.

Behavior

When Mip is executed, it displays a text windows that types out "curiosidadN@yahoo.com". It then overwrites several .com files in the C:\WINDOWS\COMMAND directory, and copies itself to the C:\WINDOWS\SYSTEM directory as a hidden file named "RundII32.exe". It adds itself to run on startup in win.ini, and constantly runs in the background. If the user attempts to end Mip's process through task manager, the virus will kill task manager.

If the user attempts to run Registry Editor or any of the overwritten command files while Mip is present in memory, Windows will display an "Another program is currently using this file" error message.

The virus will also modify the registry, it adds its own key under HKCU\Software, called "VB and VBA program settings." Within that key it creates another key "CuriosidadN", and it creates another key withing CuriosidadN called "Opciones." This key contains a value named "Conteo", which is a timer that the virus advances periodically. Once this timer's value is greater than 90, Mip's payload activates.

When Mip is run and the counter is past 90, it will display a message box with the title bar "Curiosidad5" and the message "Uruguay", and open a notepad window. It will then begin typing the phrase "Curiosidad5, Uruguay, 2001, CuriosidadN@yahoo.com" repeatedly, and will never stop as long as the virus is running. This makes the computer difficult if not impossible to use.

The virus will also add a line to autoexec.bat to delete your hard drive with the deltree command, however this fails because the virus overwrites the deltree.com file when it is first run.

When a floppy drive is accessed the virus tries to copy itself there with the following names: README.EXE, GRATIS.EXE, LEEME.EXE, TRUCOS.EXE, TEXTO.EXE, NOTAS.EXE, FREE.EXE, AVISO.EXE, DEMO.EXE, SOFTWARE.EXE, SHAREWARE.EXE, CHISTES.EXE, LEER.EXE, !WARING!.EXE, !DANGER!.EXE, FREEWARE.EXE, PASSWORD.EXE, CLAVE.EXE and CONTRASENA.EXE. The virus doesn't infect any files on a hard drive.

Video

Mip Windows Virus06:09

Mip Windows Virus

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.