W32/ElKern-C is a parasitic virus very similar to W32/ElKern-A but which does not include a payload.
W32/ElKern-C is a parasitic virus very similar to W32/ElKern-A but which does not include a payload.
W32/ElKern-C works under Windows 98, Windows Me, Windows 2000 and Windows XP. The virus infects Windows PE executables within the current folder and within all shared folders on the local area network. It is capable of infecting file cavities, meaning that it may not change the size of files it infects.
W32/ElKern-C infects all active processes on NT-based systems and the Explorer process on W9x based systems.
The virus is dropped into the Program Files folder and run by W32/Klez-H.
W32/ElKern-C contains routines to disable the on-access component of virus scanners developed by major anti-virus software vendors. The body of the virus contains the text "Win32 Foroux V1.0" in an encrypted format.