W32.ElKern.4926

This is a new variant of the W32.ElKern.3326 virus. This variant is dropped by W32.Klez.H@mm.

Symantec offers a tool to remove infections of all known variants of W32.Klez and W32.ElKern. Click here to obtain the tool. This is the easiest way to remove these threats and should be tried first.

NOTE: Virus definitions and the W32.Klez Removal Tool (which also removes ElKern infections) dated from September 10, 2002, have an innoculation feature. If infected files are repaired by Symantec AntiVirus products or by the W32.Klez Removal Tool, those files will not be reinfected by W32.ElKern.4926.

Differences in this variant include:

• A recognition algorithm to guard against infecting self-extracting .rar and .zip archives (first seen in W32.ElKern.3587)
• An improved encryption algorithm in an attempt by the virus author to make detection more difficult
• Removal of the destructive payload

Note on W32.Klez.gen@mm detections: W32.Klez.gen@mm is a generic detection for variants of W32.Klez. Computers that are infected with W32.Klez.gen@mm most likely have been exposed to either W32.Klez.E@mm or W32.Klez.H@mm. If your computer is detected as infected with W32.Klez.gen@mm, download and run the tool. In most case, the tool will be able to remove the infection.

Protection

• Initial Rapid Release version April 17, 2002
• Latest Rapid Release version March 3, 2008 revision 035
• Initial Daily Certified version April 17, 2002
• Latest Daily Certified version March 3, 2008 revision 037
• Initial Weekly Certified release date April 17, 2002

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

• Wild Level: Medium
• Number of Infections: 50 - 999
• Number of Sites: More than 10
• Geographical Distribution: High
• Threat Containment: Easy
• Removal: Moderate

Damage

• Damage Level: Low

Distribution

• Distribution Level: High