This is a new variant of the
W32.ElKern.3326 virus. This variant is dropped by
W32.Klez.H@mm.
Symantec offers a tool to remove infections of all known variants of W32.Klez and W32.ElKern.
Click here to obtain the tool. This is the easiest way to remove these threats and should be tried first.
NOTE: Virus definitions and the W32.Klez Removal Tool (which also removes ElKern infections) dated from September 10, 2002, have an innoculation feature. If infected files are repaired by Symantec AntiVirus products or by the W32.Klez Removal Tool, those files will not be reinfected by W32.ElKern.4926.
Differences in this variant include:
- A recognition algorithm to guard against infecting self-extracting .rar and .zip archives (first seen in W32.ElKern.3587)
- An improved encryption algorithm in an attempt by the virus author to make detection more difficult
- Removal of the destructive payload
Note on W32.Klez.gen@mm detections: W32.Klez.gen@mm is a generic detection for variants of W32.Klez. Computers that are infected with W32.Klez.gen@mm most likely have been exposed to either W32.Klez.E@mm or W32.Klez.H@mm. If your computer is detected as infected with W32.Klez.gen@mm, download and run the tool. In most case, the tool will be able to remove the infection.
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.
