Home>Classic Viruses>File and Boot Viruses>

Virus.Win32.Elkern.c

Alert Level :	High
Discovered:	Apr 19 2002
Tag:	Executable   File   and   Boot   Viruses
Discoverer and Source:	http://www.kaspersky.com/

Malware Behavior and Technical Description

Elkern is a harmless encrypted resident parasitic Win32 virus.

It searches recursively for Win32 EXE applications (PE EXE files) with .SCR and .EXE extensions in the current directory on fixed and network drives and all available network resources, and infects them.

The virus doesn't infect files if they have tem32\dllcac(part of System32\dllcache) or rary Inter (part of the Temporary Internet Files) in their full path.

While infecting the virus writes itself to the file in separate blocks, similar to the Win95.CIH infection routine.

The virus has a bug that may cause double infections. Despite this infected files work without any problem.

The virus stays in memory, and infects all active processes that don't have \explorer in their name. It copies a part of its body into the process and then intercepts DispatchMessageA and DispatchMessageW functions. When one of these functions is called, the virus activates its copy into the current process.

The Elkern virus doesn't reveal itself overtly in any way.

0

Removal Virus.Win32.Elkern.c instructions:

0

Need help? Live computer support via remote at SupportSpace.Help with printer problems, windows, hardware, software, spyware removal and more. - Go Now!

Great Anti-Virus Software : Kaspersky Internet Security 2009 Save 35% Buy Panda Global Protection 2009 and Panda Antiviru Download PandaLabs Reports Free AVG virus removel tools Hunting Down Spyware and Adware Adware and spyware, knowing the basics Adware Spyware Remover from CBAdvance Keeping Your Computer in Good Condition Using Free Spyware A Beware of Covert Online Spies Why the Need to Remove Adware and Spyware