Malware type: File Infector

Aliases: W32.ElKern.4926(Symantec), W32/Elkern-C(Sophos), Virus.Win32.Elkern.c(Kaspersky), W32/Elkern.C(Avira), W32/Elkern.C(F-Prot), W32/Elkern.cav.c(McAfee)

In the wild: No

Destructive: No

Language: English

Platform: Windows 95, 98, ME, XP

Encrypted: Yes

Description: 

This encrypted, memory-resident file infector is dropped by the mass-mailer WORM_KLEZ.H and WORM_KLEZ.I. It infects all .EXE and .SCR files in all local and shared network drives. It uses several anti-debugging techniques and infects all running processes. This virus has no destructive payloads.

This cavity-type virus inserts itself into unused spaces within a target file. When there are no free spaces available, it attaches its code at the end of the file.

It runs on Windows 95, 98, ME, and XP.

For additional information about this threat, see:
Solution
Technical Details

Description created: Apr. 17, 2002 1:24:31 PM GMT -0800
Description updated: Apr. 17, 2002 2:21:00 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.