MEMZ

Last updated
MEMZ
MEMZ running on Windows 10.JPG
A computer infected with the MEMZ virus, depicted is one of the malware's key payloads, a 'screen tunnelling' effect.
Common name
  • MEMZ
  • MEMZ trojan
  • MEMZ virus
Type Trojan horse
Author(s)Leurak
Operating system(s) affected Windows XP

Windows Vista Windows 7 Windows 8 Windows 10 Windows 11

Contents

Linux (via WineHQ)

macOS (via WineHQ)

MEMZ (pronounced: memes[ citation needed ]) is a malware computer virus in the form of a trojan horse made for Microsoft Windows. [1] [2] [3] [4] [5] The name of the virus refers to its purpose as a humorous virus intended to replicate the effects of early computer viruses.

Origin

MEMZ was originally created by Leurak for YouTuber danooct1's Viewer-Made Malware series. [4] It was later featured by Joel Johansson, alias Vargskelethor, a member of the live-streaming group Vinesauce on his series Windows Destruction, who demonstrated the trojan in action against a Windows 10 virtual machine [6] after being provided with a copy by danooct1.

Actions

The virus gained notoriety for its unique and complex payloads, which automatically activate after each other, some with delay. Examples of payloads include displaying a Windows Notepad saying "YOUR COMPUTER HAS BEEN FUCKED BY THE MEMZ TROJAN. Your computer won't boot up again, so use it as long as you can! :D Trying to kill MEMZ will cause your system to be destroyed instantly, so don't try it :D",randomly moving the cursor slightly, opening up satirical Google searches under Google.co.ck such as "how to remove a virus" and "how to get money" on the user's web browser, reversing text, and opening various random Microsoft Windows programs (such as the calculator or command prompt). True to the program's name, many parts of the virus are based on Internet memes; for example, the virus overwrites the boot sector with an animation of Nyan Cat and the bootsplash text displays "Your computer has been trashed by the MEMZ trojan. Now enjoy the Nyan Cat... [1] [2] [3] [4] [5] Leurak also created a safer version of MEMZ called MEMZ-Clean. The clean version allows the non-destructive payloads to be safely tested and gives the user full control about which payloads are active. [7]

VineMEMZ variant

A variant of MEMZ, dubbed "VineMEMZ", was coded by Leurak as a gift to Johansson after the livestream featuring the original MEMZ gained significant traction. This version of MEMZ is similar to the original, but features many references to Vinesauce, especially Johansson's other game streams, such as the bootleg game 7 Grand Dad and the adware program BonziBuddy. This variant has also been released to the public. [8]

VineMEMZ running on Windows 11.JPG
VineMEMZ running on Windows 11. Depicted is one of its payloads, the christmas light effect, where it changes the screen color. For this image, it's set to pink. Half of the payloads have executed at this point.

Related Research Articles

Malware is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, deprive access to information, or which unknowingly interferes with the user's computer security and privacy. Researchers tend to classify malware into one or more sub-types.

In computing, a Trojan horse is any malware that misleads users of its true intent by disguising itself as a standard program. The term is derived from the ancient Greek story of the deceptive Trojan Horse that led to the fall of the city of Troy.

<span class="mw-page-title-main">Timeline of computer viruses and worms</span> Computer malware timeline

This timeline of computer viruses and worms presents a chronological timeline of noteworthy computer viruses, computer worms, Trojan horses, similar malware, related research and events.

A key generator (key-gen) is a computer program that generates a product licensing key, such as a serial number, necessary to activate for use of a software application. Keygens may be legitimately distributed by software manufacturers for licensing software in commercial environments where software has been licensed in bulk for an entire site or enterprise, or they may be developed and distributed illegitimately in circumstances of copyright infringement or software piracy.

<span class="mw-page-title-main">Antivirus software</span> Computer software to defend against malicious computer viruses

Antivirus software, also known as anti-malware, is a computer program used to prevent, detect, and remove malware.

<span class="mw-page-title-main">ESET NOD32</span> Computer protection software

ESET NOD32 Antivirus, commonly known as NOD32, is an antivirus software package made by the Slovak company ESET. ESET NOD32 Antivirus is sold in two editions, Home Edition and Business Edition. The Business Edition packages add ESET Remote Administrator allowing for server deployment and management, mirroring of threat signature database updates and the ability to install on Microsoft Windows Server operating systems.

Ransomware is a type of cryptovirological malware that permanently blocks access to the victim's personal data unless a ransom is paid. While some simple ransomware may lock the system without damaging any files, more advanced malware uses a technique called cryptoviral extortion. It encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem, and difficult-to-trace digital currencies such as paysafecard or Bitcoin and other cryptocurrencies are used for the ransoms, making tracing and prosecuting the perpetrators difficult.

The Vundo Trojan is either a Trojan horse or a computer worm that is known to cause popups and advertising for rogue antispyware programs, and sporadically other misbehavior including performance degradation and denial of service with some websites including Google and Facebook. It also is used to deliver other malware to its host computers. Later versions include rootkits and ransomware.

<span class="mw-page-title-main">Storm Worm</span> Backdoor Trojan horse found in Windows

The Storm Worm is a phishing backdoor Trojan horse that affects computers using Microsoft operating systems, discovered on January 17, 2007. The worm is also known as:

<span class="mw-page-title-main">Vba32 AntiVirus</span> Antivirus software

VBA32 is antivirus software from the vendor VirusBlokAda for personal computers running Microsoft Windows. It detects and neutralizes computer viruses, computer worms, Trojan horses and other malware in real time and on demand.

The Zlob Trojan, identified by some antiviruses as Trojan.Zlob, is a Trojan horse which masquerades as a required video codec in the form of ActiveX. It was first detected in late 2005, but only started gaining attention in mid-2006.

<span class="mw-page-title-main">CCleaner</span> Suite of utilities for cleaning disk and operating system environment

CCleaner, developed by Piriform Software, is a utility used to clean potentially unwanted files and invalid Windows Registry entries from a computer. It is one of the longest-established system cleaners, first launched in 2004. It was originally developed for Microsoft Windows only, but in 2012, a macOS version was released. An Android version was released in 2014.

<span class="mw-page-title-main">Computer virus</span> Computer program that modifies other programs to replicate itself and spread

A computer virus is a type of malware that, when executed, replicates itself by modifying other computer programs and inserting its own code into those programs. If this replication succeeds, the affected areas are then said to be "infected" with a computer virus, a metaphor derived from biological viruses.

<span class="mw-page-title-main">Microsoft Security Essentials</span> Discontinued antivirus product for Microsoft Windows

Microsoft Security Essentials (MSE) is a discontinued antivirus software (AV) product that provides protection against different types of malicious software, such as computer viruses, spyware, rootkits, and Trojan horses. Prior to version 4.5, MSE ran on Windows XP, Windows Vista, and Windows 7, but not on Windows 8 and later versions, which have built-in AV components known as Windows Defender. MSE 4.5 and later versions do not run on Windows XP. The license agreement allows home users and small businesses to install and use the product free of charge.

Koobface is a network worm that attacks Microsoft Windows, Mac OS X, and Linux platforms. This worm originally targeted users of networking websites like Facebook, Skype, Yahoo Messenger, and email websites such as GMail, Yahoo Mail, and AOL Mail. It also targets other networking websites, such as MySpace, Twitter, and it can infect other devices on the same local network. Technical support scammers also fraudulently claim to their intended victims that they have a Koobface infection on their computer by using fake popups and using built-in Windows programs.

<span class="mw-page-title-main">Conficker</span> Computer worm

Conficker, also known as Downup, Downadup and Kido, is a computer worm targeting the Microsoft Windows operating system that was first detected in November 2008. It uses flaws in Windows OS software and dictionary attacks on administrator passwords to propagate while forming a botnet, and has been unusually difficult to counter because of its combined use of many advanced malware techniques. The Conficker worm infected millions of computers including government, business and home computers in over 190 countries, making it the largest known computer worm infection since the 2003 SQL Slammer worm.

Alureon is a trojan and rootkit created to steal data by intercepting a system's network traffic and searching for banking usernames and passwords, credit card data, PayPal information, social security numbers, and other sensitive user data. Following a series of customer complaints, Microsoft determined that Alureon caused a wave of BSoDs on some 32-bit Microsoft Windows systems. The update, MS10-015, triggered these crashes by breaking assumptions made by the malware author(s).

Sality is the classification for a family of malicious software (malware), which infects Microsoft Windows systems files. Sality was first discovered in 2003 and has advanced to become a dynamic, enduring and full-featured form of malicious code. Systems infected with Sality may communicate over a peer-to-peer (P2P) network to form a botnet to relay spam, proxying of communications, exfiltrating sensitive data, compromising web servers and/or coordinating distributed computing tasks to process intensive tasks. Since 2010, certain variants of Sality have also incorporated rootkit functions as part of an ongoing evolution of the malware family. Because of its continued development and capabilities, Sality is considered one of the most complex and formidable forms of malware to date.

Slenfbot is the classification for a family of malicious software (malware), which infects files on Microsoft Windows systems. Slenfbot was first discovered in 2007 and, since then, numerous variants have followed; each with slightly different characteristics and new additions to the worm's payload, such as the ability to provide the attacker with unauthorized access to the compromised host. Slenfbot primarily spreads by luring users to follow links to websites, which contain a malicious payload. Slenfbot propagates via instant messaging applications, removable drives and/or the local network via network shares. The code for Slenfbot appears to be closely managed, which may provide attribution to a single group and/or indicate that a large portion of the code is shared amongst multiple groups. The inclusion of other malware families and variants as well as its own continuous evolution, makes Slenfbot a highly effective downloader with a propensity to cause even more damage to compromised systems.

Trojan.Win32.DNSChanger is a backdoor trojan that redirects users to various malicious websites through the means of altering the DNS settings of a victim's computer. The malware strain was first discovered by Microsoft Malware Protection Center on December 7, 2006 and later detected by McAfee Labs on April 19, 2009.

References

  1. 1 2 White, Daniel (July 8, 2016). "Viewer-Made Malware 8 - MEMZ (Win32) (flashing lights warning)". YouTube . Retrieved December 21, 2018.
  2. 1 2 Dean, Madeleine (August 26, 2016). "MEMZ virus: what is it and how it affects Windows PC?". Windows Report. Archived from the original on 2018-07-05. Retrieved December 21, 2018.
  3. 1 2 Oberhaus, Daniel (July 9, 2016). "Watch This Malware Turn a Computer into a Digital Hellscape". Motherboard . Retrieved December 21, 2018.
  4. 1 2 3 Maiberg, Emaneul (July 30, 2016). "Preserving the Ancient Art of Getting Pwned". Motherboard . Retrieved December 21, 2018.
  5. 1 2 Kushman. "Hãy xem cách Malware biến máy tính của bạn thành một địa ngục số kinh hoàng như thế nào". GenK (in Vietnamese). Retrieved December 21, 2018.
  6. Leurak (2016-07-24), [Vinesauce] Joel tries out the MEMZ Trojan (with chat) , retrieved 2019-06-26
  7. "MEMZ 4.0 - The clean version (including download)". KC Protrade Services Inc. 2017-06-01. Retrieved 2021-04-14.
  8. danooct1. "VineMEMZ (Win32)". YouTube . Retrieved 8 December 2019.{{cite web}}: CS1 maint: numeric names: authors list (link)


This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.