This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.
Indication of Infection
Existence of file KRIZED.TT6 after executing infected file on a non-infected system.
Methods of Infection
When first run on a clean machine, the virus checks KERNEL32.DLL to see if it is infected, if yes then the virus exits. If KERNEL32.DLL is not infected then the virus copies KERNEL32.DLL to WINDOWS\SYSTEM\KRIZED.TT6 and then the virus infects this local copy. The virus then creates the file WINDOWS\WININIT.INI containing the lines :-
This causes windows to replace KERNEL32.DLL with the infected copy when the system is next re-started.
In the infected copy of KERNEL32.DLL the virus hooks the following functions :-
CopyFileA, CopyFileW, CreateFileA, CreateFileW, CreateProcessA, CreateProcessW, DeleteFileA, DeleteFileW, GetFileAttributesA, GetFileAttributesW, MoveFileA, MoveFileW, MoveFileExA, MoveFileExW, SetFileAttributesA, SetFileAttributesW
This causes any PE executable file that is run, copied, moved or scanned to be infected by the virus.
Kriz, PE_Kriz.4050, W32.Kriz, W95/Kriz.4029.kernel, W95/Kriz.4050.kernel, Win32.Kriz.4050