Q

The ability of W32.Elkern.4926 to pass through Admin shares in Windows

Can the W32.Elkern.4926 virus pass through Administrative shares in a Windows environment?

All W95/Elkern variants were renamed to W32/Elkern. A new variant was recently discovered (W32/Elkern.cav.c), which is dropped by a new W32/Klez variant, W32/Klez.h. W32/Elkern.cav.c detection and removal will be included in the 4198 DATs (www.mcafee.com). Current DATs often detect these samples as W32/NGVCK.a or New Win32 with program heuristics.

This virus is network-aware and can spread through a local network. It also contains a payload to overwrite files with zeros while maintaining the original file size. This can result in critical files being overwritten and thus an inability to load the operating system after infection occurs.

The virus can and does infect its own carrier -- W32/Klez@MM worm. That is why files specific to both W32/Klez@MM and for W32/Elkern.cav are likely to coexist on the same computer. If you suspect W32/Elkern.cav virus on your computer, you are strongly advised to read a description of W32/Klez@MM.

Aliases: Elkern (F-Secure), W32.ElKern.3326 (NAV), W32/Elkern.cav.c, W95/Elkern

So, can this bypass the Admin share? Most likely. Does it do it as part of the infection? That is not evident. Can it infect the Admin Share? Yes.


For more information on this topic, visit these other SearchSecurity.com resources:
Featured Topic: Klez cleanup
News & Analysis: Old viruses never really go away
Featured Topic: Your favorite virus tips


This was first published in June 2002

Dig deeper on Security Resources

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close