Welcome to the Virus Encyclopedia of Panda Security.
|Alias:||W795/Babylonia.plugin, W95/Babylonia.exe; W95/Babylonia.hlp; W95/Babylonia.irc; W95/Babylonia.bat; W95.Babylonia; Babylonia.exe; Win95.Babylonia; Win95_Babylonia; W32/Babylonia-m|
|Effects: ||It infects executable files and Windows help files.
|Detection updated on:||Oct. 19, 2001|
|Country of origin:||BRAZIL|
Babylonia is a resident virus very easy to identify, as it always reaches computers in an e-mail message with an attached file called X-MAS.EXE. The icon of this file is a picture of Santa Claus.
When infection has been carried out, Babylonia goes memory resident. From there, it infects PE files with an EXE extension, and Windows help files (with an HLP extension) when they are run.
Babylonia spreads via e-mail in a file that it attaches to each message that the user of the affected computer sends.
Babylonia is easy to identify, as it always reaches computers in an e-mail message with the following characteristics:
This is a test
Once infection has been carried out, Babylonia displays some messages, which vary according to the operating system installed on the affected computer:
- If the operating system is Windows 95/98, it displays two dialog boxes that indicate that the Windows API cannot be found and that the program will terminate because Windows NT is required.
- If the operating system is Windows NT, the message will indicate that Windows 95/98 is required.
Finally, Babylonia waits until January 15 after it has infected the computer. From that date on, it will display a message every time the system is started:
ECHO W95/Babylonia by Vecna (c) 1999
ECHO Greetz to RoadKil and VirusBuster
ECHO Big thankz to sok4ever webmaster
ECHO Abracos pra galera brazuca!!!
ECHO Eu boto fogo na Babilonia!