| Description:
|
Details
Win32.Elkern.c
This is a harmless encoded resident Win32 virus.
It repeatedly searches the current directory, hard and network disks, and all accessible network resources for Win32 (PE exe files) with the extensions .exe and .scr.
The virus infects files in a similar way to Win95.CIH, by writing itself to the file in sections.
After launching itself, the virus remains in memory and infects all processes which do not contain the text string 'explorer'. It writes a part of its body into the process and intercepts the functions DispatchMessageA and DispatchMessageW.
When one of these functions is run the virus launches a copy of itself in the current process.
The virus does not manifest itself in the system in any way. |
