News Spacer Products Spacer Service Spacer Virus Center Spacer Contact Spacer Downloads Spacer Search

LogoGlobeAntiVirus Software

virus alerts

W95/Babylonia Information

  • Download the latest version of Command AntiVirus

  • Get the latest virus definition files

  • Buy Command AntiVirus online


  • Name:W95/Babylonia
    Aliases:
    Type: Memory resident, polymorphic virus, worm, and trojan

    Description:

    W95/Babylonia is believed to have first been discovered on an Internet newsgroup. The file, serialz.hlp, was advertised as containing serial numbers of commercial software. The virus is unique in both its complexity and its abilites. Infection occurs under Windows 95 only and incorporates worm and backdoor trojan capabilities. Executing infected HLP files actually provides the mechanism to build the viral code into a Win32 executable.

    In a similar fashion to Happy99, W95/Babylonia affects WSOCK32.DLL. If an infected user logs onto mIRC, all other members of the same chat room will be sent the infection, apparently disguised as a Y2K fix. In addition, the virus attempts to send e-mail to a hotmail account, believed to be for the purpose of allowing the virus authors to track the virus. W95/Babylonia also attaches an infected executable, X-MAS.EXE, to all otherwise legitimate e-mail. If the recipient executes the attachment, they will in turn be infected. The execute attachment displays two erroneous dialogs:

    Loader Error
    API not found!

    Loader Error
    Windows __ required!
    This program will be terminated

    Depending on whether the operating system is 95 or NT, the opposite operating system will be identified as being required. However, if the operating system is Windows NT, the infection will not occur.

    W95/Babylonia remains resident as a VxD, intercepting file access commands, including FileOpen. This allows the virus to intercept control and bypass some anti-virus software.

    W95/Babylonia also creates a completely separate Trojan, C:\Babylonia.exe. The trojan then attempts every 60 seconds to contact a hacker's site in Japan. Once connected, Babylonia.exe downloads vecna/virus.txt which contains a list of additional files. Essentially, the trojan then downloads and process each of the additional files. This particular routine allows the virus creator(s) to perform various tasks, including updating the virus and installing remote access tools.

    Detection:

    Command AntiVirus 4.58 will detect W95/Babylonia with Deffiles dated 12/9/99.

    . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

    HomePurchase CenterVirus CenterSupport Center
    Quick Links
    BUY NOW
    PRODUCT INFO
    SOFTWARE UPDATES
    LATEST DEFFILES


    This Section
    Product Information
    Product Literature
    Tutorials
    Documentation
       - Manuals
       - Readmes
       - Quick Start Guide
       - Viewing Utilities
    Test Drives
    How to Buy
    Contact Us
    Latest DEF Files
    Latest Version
    Latest Patches

    Awards





    Home Page