This is a new variant of the W32.ElKern.3326
virus. This variant is dropped by W32.Klez.H@mm
Symantec offers a tool to remove infections of all known variants of W32.Klez and W32.ElKern. Click here
to obtain the tool. This is the easiest way to remove these threats and should be tried first.
Virus definitions and the W32.Klez Removal Tool (which also removes ElKern infections) dated from September 10, 2002, have an innoculation feature. If infected files are repaired by Symantec AntiVirus products or by the W32.Klez Removal Tool, those files will not be reinfected by W32.ElKern.4926.
Differences in this variant include:
Note on W32.Klez.gen@mm detections:
- A recognition algorithm to guard against infecting self-extracting .rar and .zip archives (first seen in W32.ElKern.3587)
- An improved encryption algorithm in an attempt by the virus author to make detection more difficult
- Removal of the destructive payload
W32.Klez.gen@mm is a generic detection for variants of W32.Klez. Computers that are infected with W32.Klez.gen@mm most likely have been exposed to either W32.Klez.E@mm or W32.Klez.H@mm. If your computer is detected as infected with W32.Klez.gen@mm, download and run the tool. In most case, the tool will be able to remove the infection.
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.