Saltar al contenido principal

Babylonia: dangerous blend of computer virus, Internet-worm and "Trojan horse"

7 de diciembre de 1999

Please, update your AVP anti-virus database Kaspersky Labs Int., announces the discovery of Win95.Babylonia virus, which features capabilities of Internet-worm and "Trojan horse" program. The virus has been reported "in-the-wild" in United States, Europe and Australia. Because of some new improved...

Please, update your AVP anti-virus database

Kaspersky Lab Int., announces the discovery of Win95.Babylonia virus, which features capabilities of Internet-worm and "Trojan horse" program. The virus has been reported "in-the-wild" in United States, Europe and Australia. Because of some new improved backdoor features the virus should be considered as very dangerous. We recommend AVP users to update their anti-virus databases with an emergency update.

Technical Characteristics

This is a memory resident parasitic Windows virus with worm and backdoor abilities. The virus infects Win9x machines only and affects several types of files on them: PE EXE files (Windows executable files), Windows HLP files, affects Windows socket library to send its copies to Internet, drops additional components and is able to download "virus plugins" from the Internet and install them in the system.

The virus uses VxD calls that are allowed on Win9x computers only, so the virus is not able to infect WinNT stations and servers. The virus uses several features that were already found in other computer viruses: network spreading in the "I-Worm.Happy" virus; Windows Help file infection - "WinHLP.Demo"; memory installation - "Win95.CIH", etc.

Infection Indication

There are several ways of understanding whether your computer is infected with Win95.Babylonia virus.

  • Check out if there is a file KERNEL32.EXE is Windows system directory (usually /Windows/System)
  • Check out if there is a file BABYLONIA.EXE in root directory of disk C:
  • Check out Windows registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Run if there is a file KERNEL32.EXE
Infection Prevention and Removal

To prevent infection with Win95.Babylonia virus you should not open the following files that could arrive to your computer:

X-MAS.EXE
2KBUG-MIRCFIX.EXE
2KBUGFIX.INI

We recommed you to delete these files immediately as they arrive to your system.

In case you have been infected with this virus you can remove it with AntiViral Toolkit Pro (AVP) with the emergency update of anti-virus databases installed.

More Technical Details

Babylonia: dangerous blend of computer virus, Internet-worm and "Trojan horse"

Please, update your AVP anti-virus database Kaspersky Labs Int., announces the discovery of Win95.Babylonia virus, which features capabilities of Internet-worm and "Trojan horse" program. The virus has been reported "in-the-wild" in United States, Europe and Australia. Because of some new improved...
Kaspersky logo

Sobre Kaspersky

Kaspersky es una empresa de ciberseguridad y privacidad digital global fundada en 1997. Con más de mil millones de dispositivos protegidos hasta la fecha ante ciberamenazas emergentes y ataques dirigidos, la enorme experiencia de Kaspersky en cuestión de información y seguridad ante amenazas se transforma de forma constante en soluciones y servicios innovadores que ofrecen protección a negocios, infraestructuras vitales, gobiernos y consumidores de todo el mundo. El completísimo catálogo de la compañía incluye los mejores productos y servicios de protección de terminales, así como soluciones de ciberinmunidad para combatir amenazas digitales sofisticadas y en constante evolución. Ayudamos a que más de 200 000 clientes corporativos protejan aquello que más les importa. Más información en www.kaspersky.es.

Artículo relacionado Comunicados de prensa