Skip to main content

Babylonia: dangerous blend of computer virus, Internet-worm and "Trojan horse"

December 7, 1999

Please, update your AVP anti-virus database Kaspersky Labs Int., announces the discovery of Win95.Babylonia virus, which features capabilities of Internet-worm and "Trojan horse" program. The virus has been reported "in-the-wild" in United States, Europe and Australia. Because of some new improved...

Please, update your AVP anti-virus database

Kaspersky Lab Int., announces the discovery of Win95.Babylonia virus, which features capabilities of Internet-worm and "Trojan horse" program. The virus has been reported "in-the-wild" in United States, Europe and Australia. Because of some new improved backdoor features the virus should be considered as very dangerous. We recommend AVP users to update their anti-virus databases with an emergency update.

Technical Characteristics

This is a memory resident parasitic Windows virus with worm and backdoor abilities. The virus infects Win9x machines only and affects several types of files on them: PE EXE files (Windows executable files), Windows HLP files, affects Windows socket library to send its copies to Internet, drops additional components and is able to download "virus plugins" from the Internet and install them in the system.

The virus uses VxD calls that are allowed on Win9x computers only, so the virus is not able to infect WinNT stations and servers. The virus uses several features that were already found in other computer viruses: network spreading in the "I-Worm.Happy" virus; Windows Help file infection - "WinHLP.Demo"; memory installation - "Win95.CIH", etc.

Infection Indication

There are several ways of understanding whether your computer is infected with Win95.Babylonia virus.

  • Check out if there is a file KERNEL32.EXE is Windows system directory (usually /Windows/System)
  • Check out if there is a file BABYLONIA.EXE in root directory of disk C:
  • Check out Windows registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Run if there is a file KERNEL32.EXE
Infection Prevention and Removal

To prevent infection with Win95.Babylonia virus you should not open the following files that could arrive to your computer:

X-MAS.EXE
2KBUG-MIRCFIX.EXE
2KBUGFIX.INI

We recommed you to delete these files immediately as they arrive to your system.

In case you have been infected with this virus you can remove it with AntiViral Toolkit Pro (AVP) with the emergency update of anti-virus databases installed.

More Technical Details

Babylonia: dangerous blend of computer virus, Internet-worm and "Trojan horse"

Please, update your AVP anti-virus database Kaspersky Labs Int., announces the discovery of Win95.Babylonia virus, which features capabilities of Internet-worm and "Trojan horse" program. The virus has been reported "in-the-wild" in United States, Europe and Australia. Because of some new improved...
Kaspersky logo

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help over 200,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

Related Articles Press Releases