W32.ElKern.3326 is a virus that infects files over open shares and mapped drives. It also tries to infect all executable files in the \Windows\System folder.
If it is activated under Windows NT/2000, then this virus crashes when it is first activated. If it is activated under Windows 9x and you have a mapped network share that is write-protected, then this virus crashes the computer after a short period of time.
Some files that become infected with this virus do not change in size.
This virus has a payload that destroys all files on locally connected drives (including mapped drives).
This payload becomes active on March 13 and September 13.
When the virus is executed, it has a very small chance of randomly activating this payload.
: This virus is associated with and can be dropped by either W32.Klez.A
. Please read those write-ups for additional information.
Symantec has provided a tool to remove infections of all known variants of W32.Klez and W32.ElKern. Click here
to obtain the tool. This is the easiest way to remove these threats and should be tried first.
Note on W32.Klez.gen@mm detections:
is a generic detection for variants of W32.Klez. Computers that are infected with W32.Klez.gen@mm most likely have been exposed to either W32.Klez.E@mm or W32.Klez.H@mm. If your computer is detected as infected with W32.Klez.gen@mm
, download and run the tool. In most case, the tool will be able to remove the infection.
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.