Return To Home Page Search Fire Products, Services and others Overview of the Site Design and Build a Career Contact us for customer service and other feedback info Prognet Privacy Statement

Click here to view product details, fire framework, screen shots, Y2K statement, etc.Download fire evaluation copy, updates, upgrades, user manual, free utils and lot more.Customers can enjoy technical support, security tips, FAQ, free virus alert mail, etc. Online ordering, renewal form and upgrade details.Resellers, dealers and distributors can enter here.Click here to view latest virus alerts, virus information center, virus calendar, etc.Latest news and other press releases.About Prognet Technologies Pvt. Ltd, technical team, clients, events and lot more.

 

Win95/Babylonia Virus

Information about Babylonia virus:

                     Win95/Babylonia is a polymorphic virus, When executed, the virus infects .EXE and .HLP files. The virus creates a file called KERNEL32.EXE size 4096 bytes, which monitors system activity for Internet connection. When it detects an Internet connection, it attempts to connect to a Web site hosted by a virus authoring group, and if successful, it downloads additional components of the complete virus to the host PC.

                     The system registry is modified to load this at system startup- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run KERNEL32.EXE="KERNEL32.EXE". The KERNEL32.EXE process uses WSOCK32.DLL, WININET.DLL, SHLWAPI.DLL, USER32.DLL, GDI32.DLL, ADVAPI32.DLL and KERNEL32.DLL to monitor internet connection.

                     If the internet connection is made, will attempt to connect to a website hosted in Japan and maintained by a Virus authoring group to download 'components' of the virus. The components are listed in a file named "virus.txt" - the names on the list are then used to download the other named files to the local system. When all files are downloaded, this virus will use them to further spread. Right the virus.txt contains the following componets namely DROPPER.DAT, GREETZ.DAT, IRCWORM.DAT and POLL.DAT.

                     If mIRC is installed in your machine, this bug will modify the script.ini to automatically send itself as the file "2KBug-MircFix.exe" when connecting to irc channels on the internet. The virus uses Wsock32.dll to send an email notification to the email address "babylonia_counter@hotmail.com.Strings within one of the downloaded components suggests that the virus monitors the system clock waiting for the right time to modify the AUTOEXEC.BAT with the following text:

echo W95/Babylonia by Vecna (c) 1999
echo Greetz to RoadKil and VirusBuster
echo Big thankz to sok4ever webmaster
echo Abracos pra galera brazuca!!!
echo ---
echo Eu boto fogo na Babilonia!

How can I protect my system?

Fire has incorporated Win95/Babylonia into its virus signature file, with the aim of helping users affected by this Worm attack to detect and eliminate it from their systems. Fire anti-virus users can update this signature file from our web site. A free utility also available to detect and clean this virus in Download Center.

Go to top of the page
Bottom image.