W32/Elkern.A
| W32/Elkern.A |
Destructivity:  Spreading:  Overall risk:
|
| • Detected by virus detection files published: 11/5/2001 | • Type: Virus |
| • Virus characteristics first published: 11/5/2001 | • Spreading mechanism: Network, File Infection, Other |
| • Virus characteristics latest update: 12/17/2003 | • Overall risk: Medium |
| • Alias: | • Payload: File destruction |
| • Infection type: Microsoft Windows 95/98/98 SE/ME/NT 4/2000/XP/2003/Vista |
| Virus type |
Spreading mechanism |
Destructivity and payload |
Additional descriptions |
Detection and removal |
||||||||||
|
This is the virus which is planted by the W32/Klez.A and B worms. It will work properly only under some Windows installations. The virus installs itself as a hidden file in the Windows system directory under the name WQK.EXE, and adds a key to the registry that automatically starts WQK.EXE on bootup. It will also try to nstall itself when run on Windows NT/2000, but then uses the name WQK.DLL. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\WQK = %System%\WQK.EXE The virus is polymorphic, and will add itself to Windows executable files on the local hard disk and on network resources that the user has write access to. Infected files may or may not increase in size - this depends on the virus' choice of infection method. |
||||||||||||||