|
|
Win32.Elkern. Viruses Information
| Name: |
Win32.Elkern. |
| Category: |
Viruses |
| Description:
|
Details
Win32.Elkern.c
Elkern is a harmless encrypted resident parasitic Win32 virus.
It searches recursively for Win32 EXE applications (PE EXE files) with .SCR and .EXE extensions in the current directory on fixed and network drives and all available network resources, and infects them.
The virus doesn't infect files if they have tem32dllcac(part of System32dllcache) or rary Inter (part of the Temporary Internet Files) in their full path.
While infecting the virus writes itself to the file in separate blocks, similar to the Win95.CIH infection routine.
The virus has a bug that may cause double infections. Despite this infected files work without any problem.
The virus stays in memory, and infects all active processes that don't have explorer in their name. It copies a part of its body into the process and then intercepts DispatchMessageA and DispatchMessageW functions. When one of these functions is called, the virus activates its copy into the current process.
The Elkern virus doesn't reveal itself overtly in any way. |
Top Viruses Visited Pages:
Invader. - 233 visits
not-a-virus:RiskWare.Tool.RegPatch. - 70 visits
Worm.P2P.Harex. - 65 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 59 visits
Small.58. - 56 visits
Coito.64 - 54 visits
I-Worm.Mapson. - 47 visits
Win16.Klon.1177 - 42 visits
Win32.Hidra - 42 visits
Marine.500 - 35 visits
Random Viruses Pages:
Constructor.VC
Press.102
Trojan.Dre
Hybrid.130
Win98.Matya
Trojan.Win32.SecondThought.
Trojan-Downloader.Win32.Bagle.
Wintermute.105
ASCh.79
Penetrator.98
|
|
