1. Symantec/
  2. Security Response/
  3. W32.ElKern.3326


Risk Level 2: Low

October 25, 2001
February 13, 2007 11:37:34 AM
Also Known As:
W32.ElKern.3326 (dr), Win32.Elkern.a [KAV], W32/Elkern.cav.a [McAfee], PE_ELKERN.A [Trend], W32/ElKern-A [Sophos], Win32/Wqk.A [CA]
Systems Affected:

W32.ElKern.3326 is a virus that infects files over open shares and mapped drives. It also tries to infect all executable files in the \Windows\System folder.

If it is activated under Windows NT/2000, then this virus crashes when it is first activated. If it is activated under Windows 9x and you have a mapped network share that is write-protected, then this virus crashes the computer after a short period of time.

Some files that become infected with this virus do not change in size.

This virus has a payload that destroys all files on locally connected drives (including mapped drives).

This payload becomes active on March 13 and September 13.

When the virus is executed, it has a very small chance of randomly activating this payload.

NOTE: This virus is associated with and can be dropped by either W32.Klez.A or W32.Klez.D. Please read those write-ups for additional information.

Symantec has provided a tool to remove infections of all known variants of W32.Klez and W32.ElKern. Click here to obtain the tool. This is the easiest way to remove these threats and should be tried first.

Note on W32.Klez.gen@mm detections:
W32.Klez.gen@mm is a generic detection for variants of W32.Klez. Computers that are infected with W32.Klez.gen@mm most likely have been exposed to either W32.Klez.E@mm or W32.Klez.H@mm. If your computer is detected as infected with W32.Klez.gen@mm, download and run the tool. In most case, the tool will be able to remove the infection.

Antivirus Protection Dates

  • Initial Rapid Release version October 26, 2001
  • Latest Rapid Release version October 26, 2001
  • Initial Daily Certified version October 26, 2001
  • Latest Daily Certified version October 26, 2001
  • Initial Weekly Certified release date October 26, 2001
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Atli Gudmundsson

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube