W32.ElKern.3326, Win32.Elkern.a, W32/Elkern.cav.a, PE_ELKERN.A, W32/ElKern-A
W32/Elkern.cav.b, W32/Elkern.cav.c, W32/Elkern.cav.d
Category: Computer Virus
Europe, North and South America, and some parts of Asia and Australia
25 Oct 2001
Like many other viruses, W32.ElKern.3326 is a virus that spreads and infects files over open shares, all executable files in the windows system folder, and mapped drives. As such, auto play facility in your computer should be disabled to prevent the automatic launching of executable files on network and removable drives. File sharing should also be turned off if it is not needed. Once executed under windows NT/2000 Operating System platform, the virus will not fully manifest and may crash on its first infection.
W32.ElKern.3326 Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer virus removal tool to automatically clean W32.ElKern.3326 from your computer.
More details about W32.ElKern.3326
Even with other windows Operating Systems, the computer may also crash even on its first attempt, if the computer has a mapped network share that is write-protected. Contaminated files will not change in file size either. This means that the virus can inject itself into the host file in such a way that will not increase the file's overall size. If it is not write-protected, no modification shall be made except for its payload that usually destroys all files on locally connected drives. The virus’ payload also abides by the rule it is set through which it can only be active every March 13 and September 13. Reports also say that this virus is related to W32.Klez.A or W32.Klez.D. As such, it may also drop these viruses. Because the virus creates its own execution control, windows system folders contain a file named W32.ElKern.3326 (dr). This may come in two different variations: Wqk.exe and Wqk.dll.
According to some users, the W32.ElKern.3326 program may attempt to copy itself on various network shares to the different Startup folders. It downloads the executable PE file into the Windows directory with a certain file name and executes it. A computer infected with the W32.ElKern.3326 program may also be employed by a hacker for Denial of Service (DoS) attacks. The worm is able to function in all Windows Operating Systems including Windows 2000, Windows 95, Windows 98, Windows XP, Windows NT, and Windows 2003, but it may easily be eradicated in Windows NT/2000 Operating System platforms.