This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.
4168 (2001-10-31)Updated DAT
--- Update June 11, 2002 ---
All W95/Elkern variants were renamed to W32/Elkern.
--- Update April 20, 2002 ---
A new variant was recently discovered (W32/Elkern.cav.c) which is dropped by a new W32/Klez variant, W32/Klez.h. W32/Elkern.cav.c detection and removal will be included in the 4198 DATs. Current DATs often detect these samples as W32/NGVCK.a or New Win32 with program heuristics.
--- Update January 24, 2002 ---
A new variant was recently discovered (W32/Elkern.cav.b) which is dropped by a new W32/Klez variant (some call it W32.Klez.E@mm). These new variants of W32/Klez and W32/Elkern both require minimum 4182 DATs for detection/removal.
After a reboot the virus infects random EXE files by either expanding the last section of the host file or by going into cavities without changing the host files' size at all.
The W32/Elkern virus may be dropped by the W32/Klez@MM worm. The W32/Elkern virus infects 32 bit PE file type .EXE files on the local machine and on network drives.
Use current engine and DAT files for detection and removal.
Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).
But in some particular cases, the following steps need to be taken.
Please go to the Microsoft Recovery Console and restore a clean MBR.
On Windows XP:
On Windows Vista and 7: