Mip is a virus written in Visual Basic 6 that attempts to be destructive, but fails. It first surfaced in 2001, and infects systems running Windows.
When Mip is executed, it displays a text windows that types out "curiosidadN@yahoo.com". It then overwrites several .com files in the C:\WINDOWS\COMMAND directory, and copies itself to the C:\WINDOWS\SYSTEM directory as a hidden file named "RundII32.exe". It adds itself to run on startup in win.ini, and constantly runs in the background. If the user attempts to end Mip's process through task manager, the virus will kill task manager.
If the user attempts to run Registry Editor or any of the overwritten command files while Mip is present in memory, Windows will display an "Another program is currently using this file" error message.
The virus will also modify the registry, it adds its own key under HKCU\Software, called "VB and VBA program settings." Within that key it creates another key "CuriosidadN", and it creates another key withing CuriosidadN called "Opciones." This key contains a value named "Conteo", which is a timer that the virus advances periodically. Once this timer's value is greater than 90, Mip's payload activates.
When Mip is run and the counter is past 90, it will display a message box with the title bar "Curiosidad5" and the message "Uruguay", and open a notepad window. It will then begin typing the phrase "Curiosidad5, Uruguay, 2001, CuriosidadN@yahoo.com" repeatedly, and will never stop as long as the virus is running. This makes the computer difficult if not impossible to use.
The virus will also add a line to autoexec.bat to delete your hard drive with the deltree command, however this fails because the virus overwrites the deltree.com file when it is first run.
When a floppy drive is accessed the virus tries to copy itself there with the following names: README.EXE, GRATIS.EXE, LEEME.EXE, TRUCOS.EXE, TEXTO.EXE, NOTAS.EXE, FREE.EXE, AVISO.EXE, DEMO.EXE, SOFTWARE.EXE, SHAREWARE.EXE, CHISTES.EXE, LEER.EXE, !WARING!.EXE, !DANGER!.EXE, FREEWARE.EXE, PASSWORD.EXE, CLAVE.EXE and CONTRASENA.EXE. The virus doesn't infect any files on a hard drive.