Type File virus
Creator Domitor
Date Discovered 2000.04.25
Place of Origin
Source Language
Platform MS Windows 9x
File Type(s) .dll, .exe, .scr
Infection Length 10,262 Bytes
Reported Costs

Smash is a polymorphic encrypted virus. It uses a rare form of polymorphism, and carries a destructive payload. In spite of being potentially terribly destructive, it was never widespread.
Table of Contents


When an infected file is executed, Smash becomes memory resident. It switches from application mode to kernel mode, allocating a block of kernel memory and staying in memory as a VxD driver. The virus appends itself to the end of .dll, .exe and .scr files as they are searched, opened or run.

 Smash in action
Smash has an interesting method of polymorphic encryption. The code is broken into 60 blocks, which are randomly placed in the infected section of the file and linked with a special table. This is quite similar to the DOS Badboy virus.

On the 14th day of July (some sources report the 14th of any month) the virus trojanizes the file C:\IO.SYS and displays the message:

  Virus Warning!
  Your computer has been infected by virus.
  Virus name is 'SMASH', project D version 0x0A.
  Created and compiled by Domitor.
  Seems like your bad dream comes true...


The virus was reportedly very destructive, but not very widespread. In fact, it may have never even been wild. Antivirus companies were even hesitant to warn users about the virus, calling the threat "theoretical" and saying the chances were "almost zero" that users would actually encounter the virus. A few of the newer antivirus companies in Europe believed it would be a problem


Kaspersky Lab., Virus.Win9x.Smash.10262.

PCHell, Smash Virus Help and Information.

Erich Luening. CNet News, "Smash" virus' potential downplayed by experts. 2000.07.14

CNN Tech, 'Smash' virus more hype than hurt. 2000.07.14

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-NonCommercial-ShareAlike 3.0 License