It may also open one of the following Windows applications:Īfter a while, the trojan will start randomly moving the mouse slightly, and messages taunting the user appear (see image), getting more violent and rapid as time progresses.
The first payload inside of Windows is opening random websites, as well as Google searches at .ck(.ck is the country code top-level domain for the Cook Islands). If the installed system uses an EFI bootloader, "Nyan Cat" does not appear on startup due to different booting schemes, but the computer will still fail to boot as the EFI system partition will be impossible to find due to the partition table being broken. The MBR payload written while note.txt gets opened is a "Nyan Cat" animation running as a custom bootloader, and this write is likely to break your partition table.
MEMZ Destructive launches multiple instances of itself - one renders the payloads, while the other guard each other and trigger killWindows(), which creates a rain of message boxes and crashes the PC as elaborated further down.
exe in Wine or Crossover, although only the dialog box and MBR overwriting payload are functional.
It is also possible to launch MEMZ on Mac OS X by converting it from. However, the MBR overwrite payload works on all Windows versions from 95 onwards. The payloads are meant to work on Windows XP and up, failing on all versions of Windows 9x, especially Windows 98 and below. Trying to kill MEMZ will cause your system to beĪt the same moment, the computer's Master Boot Record is overwritten by MEMZ.
YOUR COMPUTER HAS BEEN POOPED BY THE MEMZ TROJAN. At the same time, it will leave a note titled note.txt for the user saying that they will not be able to use the computer anymore after rebooting it : If the user answers Yes to both warning messages, MEMZ will run. Newer versions of MEMZ Destructive, 4.0 and up, warn the user not to run it on a physical machine as it will damage it and advise the user to run the trojan on a virtual machine. The batch version works like a self-extracting archive, which just extracts and runs the. It is available as an executable .exe file and a batch version. This trojan has quite a few payloads, which all automatically activate after each other, with some delay. It was originally created for danooct1's "Viewer-Made Malware" series. Bonzi does all these like no other buddy or friend can, making it an outstanding buddy.MEMZ is a trojan for Microsoft Windows. In summary, Bonzi Buddy keeps you informed of late breaking news, organizes the internet the way you want it, makes you smile throughout your day with the little monkey personality, educates people of all ages with its wealth of knowledge and trivia, makes your computer and the internet easier, safer, and definitely more fun, and has the ability to save you money.īonzi Buddy takes the form of a purple monkey on your desktop, and can easily be spotted.Īmongst what it can do includes talking to keep you company, walking, telling you a joke- funny right?, helping you browse, searching for files, send an e-mail, and helping in downloading files.
The software provides an on-screen software agent designed to help users surf the Internet by using Microsoft Agent technology. Bonzi Buddy Screenshot Version: 1.7.0īonziBuddy, sometimes called Bonzi Buddy, Bonzibuddy, BonziBuddy, or BONZIBuddy.
BonziBuddy, sometimes called bonsai buddy.