VIRUS ALERT!
While downloading the file that
MKJ posted, Norton AV alerted me to the presence of W32.Elkern.4926. (The file is now clean-- I'm keeping this post up for those who might have downloaded the file before I caught this.)
From
http://securityresponse.symantec.com/avcenter/venc/data/w32.elkern.4926.html
This is a new variant of the W32.ElKern.3326 virus. This variant is dropped by W32.Klez.H@mm.
Symantec offers a tool to remove infections of all known variants of W32.Klez and W32.ElKern. Click here to obtain the tool. This is the easiest way to remove these threats and should be tried first.
Note: Virus definitions and the W32.Klez Removal Tool (which also removes ElKern infections) dated from September 10, 2002, have an innoculation feature. If infected files are repaired by Symantec AntiVirus products or by the W32.Klez Removal Tool, those files will not be reinfected by W32.ElKern.4926.
Differences in this variant include:
A recognition algorithm to guard against infecting self-extracting .rar and .zip archives (first seen in W32.ElKern.3587)
An improved encryption algorithm in an attempt by the virus author to make detection more difficult
Removal of the destructive payload
Also Known As: Win32.Elkern.c [AVP], W32/Elkern.C [Sophos], Win32/WQK.C [CA], PE_ELKERN.D [Trend], W32/Elkern.cav.c [McAfee]
Variants: W32.ElKern.3587, W32.ElKern.3326
Type: Virus
Infection Length: 4,926 bytes
Systems Affected: Windows 95, Windows 98, Windows 2000, Windows XP, Windows Me
Systems Not Affected: Windows NT, Macintosh, Unix, Linux