Kuang2 theVirus v0.21
(Virus.Win32.Weird.10240)

by Weird

Released in May 1999

Made in Yugoslavia

more versions 


Kuang2 theVirus is the first Windows and Internet virus that gives to user the possibilty to 'connect' with infected computer.
Kuang2 Client is a program for users to comunicate with infected computer. 
Kuang2 Infector can infect any particular exe file.
Virus performanses are very good.
If you use plug-ins (for example: Kuang2 VeryFun, Kuang2 veryLite etc.) you can forget NetBus and others big and slow programs.

	
Techincal properties

	Kuang2 theVirus is invisible in registry or ctrl+alt+del task list.
	When somebody start in on clean system it will first infect some of system files so virus will be active every nect time when target reboots.
	After that virus is active and it start to infect all Windows PE EXE files on all fixed disks. Virus don't change time & date of infected file.
	It infect also files with ReadOnly attribute. Infected file grow in size by aprox 11 KB.
	Port that is used is 17300.
	Maximum number of connected users to the infected computer is 5.	
	Kuang2 theVirus & Kuang2 Client internet protocol is simply. It was designed to be as fast as possible so it is a senssitive. So, use client with care:)
	Virus infect 10 files for aprox. 21 sec. what gives 1000 infected files for aprox. 35 minutes. Max foolder deep where virus look for files is 12.
	There are exe files that check their own structure and check if there are some changes in it (a lot of instalations, for example).
	 If this files are infected, they will show a warning message, but too late, cause virus will be started anyway.
	There is an anti-virus included into Kuang2 Client. It can scann up to 1200 files for less than 2 minutes. 
	It will clean all infected files. If there is a need only to check if computer is infected then you can leav IP address filed blank and click to the 'Connect' button.
	If client connect to the server than system is infected!
	Anti-virus woks ok, but it is simple. It is recomended to start it at least twice when system is infected!
	Kuang2 theVirus has been tested on Win95, Win97 & Win98 on more than 2000 files. Don't know about NT, cause I dont have one.


Weird


Server:
dropped files:
c:\WINDOWS\Explorer.o   size: 192.512 bytes 

c:\WINDOWS\wininit.ini  size: 57 bytes  
content:
[Rename]
C:\WINDOWS\Explorer.exe=C:\WINDOWS\Explorer.o


changed files:
c:\WINDOWS\SYSTEM\ADDREG.EXE
old size: 32.768 bytes 
new size: 45.056 bytes 

c:\WINDOWS\SYSTEM\CFGWIZ32.EXE
old size: 65.536 bytes 
new size: 77.824 bytes 

c:\WINDOWS\SYSTEM\DDHELP.EXE
old size: 32.768 bytes 
new size: 44.032 bytes 

c:\WINDOWS\SYSTEM\DPLAYSVR.EXE
old size: 40.960 bytes 
new size: 53.248 bytes 

c:\WINDOWS\SYSTEM\dxdiag.exe
old size: 274.432 bytes 
new size: 286.720 bytes 

c:\WINDOWS\SYSTEM\icwscrpt.exe
old size: 151.040 bytes 
new size: 162.304 bytes 

c:\WINDOWS\SYSTEM\msiexec.exe
old size: 83.456 bytes 
bew size: 94.720 bytes 

port: 17300 TCP

startup: wininit.ini
 
tested on Windows 98

MegaSecurity