Selected viruses, spyware, and other threats: sorted alphabetically
Win32/ElKern |
Win32/ElKern.A
This virus attacks executable files on accessible local and network disks.
After it is activated the virus creates its copy in the system directory of the operating system Windows. Name of the created file is wqk.exe under Windows 9x/Me and wqk.dll under Windows NT/2000.
With the help of creating a key in the registry in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run with the value "WQK"="C:\WINDOWS\SYSTEM\Wqk.exe" the virus ensures that it will be activated again. It succeeds only in the Windows 9x/Me environment. The virus gradually attacks files in the directory in which it was created. The virus contains errors in its code which sometimes lead to the system collapse. Attacking of files is done in the classical way but if there is enough unused space in a file the virus is able to infect the file without changing its length.
The virus overwrites files on the disk and by doing so it destroys them irreparably. This activity is performed on March 13th and September 13th.
Win32/ElKern.B
The virus Win32/ElKern.B is associated with the virus Win32/Klez.E, which creates it on the hard disk. It has identical properties as Win32/ElKern.A including the destructive activities.
© 1992-2004 Eset s.r.o. All rights reserved. No part of this Encyclopedia may be reproduced, transmitted or used in any other way in any form or by any means without the prior permission.
