Guest guest Posted January 18, 2002 Report Share Posted January 18, 2002 Again we have BADTRANS infections coming from list members. Name: W32/ElKern-B Type: Win32 executable file virus Date: 17 January 2002 A virus identity file (IDE) which provides protection is available now from our website and will be incorporated into the March 2002 (3.55) release of Sophos Anti-Virus. At the time of writing Sophos has received no reports from users affected by this virus. However, we have issued this advisory following enquiries to our support department from customers. Description: W32/ElKern-B is an executable file virus that works under Windows 98, Windows Me, Windows 2000 and Windows XP. It is capable of infecting file cavities, meaning that it may not change the sizes of files it infects. Under Windows 98 and Windows Me W32/ElKern-B copies itself to the Windows System directory as the hidden file Wqk.exe, and sets the registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Run\WQK to point to this file so that the virus runs every time the computer is rebooted. Under Windows 2000 and Windows XP W32/ElKern-B copies itself to the Windows System directory as the hidden file Wqk.dll, and sets the registry key HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ Windows\AppInit_DLLs to point to this file so that the virus runs every time the computer is rebooted. This virus is carried and dropped by the W32/Klez-E worm. Download the IDE file from http://www.sophos.com/downloads/ide/elkernb.ide Read the analysis at http://www.sophos.com/virusinfo/analyses/w32elkernb.html Download a ZIP file containing all the IDE files available for the current version of Sophos Anti-Virus from http://www.sophos.com/downloads/ide/ides.zip Read about how to use IDE files at http://www.sophos.com/downloads/ide/using.html on 18/1/02 16:13, soulmates email at _soulmates@... wrote: Quote Link to comment Share on other sites More sharing options...
Guest guest Posted March 7, 2009 Report Share Posted March 7, 2009 I am passing on a warning I was given that a post which had my name on it had what is apparently a virus in a link within the post. I did not find the message attributed to me, but did see it as another persons .. either way, please be warned. His was titled " Good day " and the link had rapidshare.com and wow9 within the link. I have added those phrases to my message blockers for emails. I thought my virus maintenance was good, so if it did pass my filters I am sorry. So heads up ... Joyce Simmerman Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You are posting as a guest. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.