First post, by Leolo
- Rank
- Member
Hi people,
Maybe this question sounds a bit strange, but it came to my mind today after having fought a long and arduous battle with Klez.H and its sibling Elkern.C.
These two viruses quickly infected our entire network because they can spread themselves through shared folders and it was a real pain to get rid of them. To make things worse, many of the files that were infected couldn't be completely recovered because the Elkern virus often corrupts their data 🙁
I searched the web trying to get some detailed info about these viruses and I was very surprised when I read this:
http://www.sophos.com/virusinfo/analyses/w32elkernc.html
W32/ElKern-C infects all active processes on NT-based systems and the Explorer process on W9x based systems.
Since all our computers were running Windows 2000, I wondered how in the world can a virus infect all active processes??
Weren't NT-based systems supposed to protect running processes from meddling with each other?
How can I remove the virus from memory without killing all running processes??
I thought that NT-based systems were secure, but if Sophos are correct in their statements then I'm afraid they are just another bad joke from M$ 🙁
Regards.