Welcome to the Virus Encyclopedia of Panda Security.
EnerKaz infects PE files. However, due to a programming bug in the virus' code, infected files are damaged after infection. All infected files are detected and disinfected by the antivirus. Once disinfected, these files are restored and recover their functionality.
EnerKaz carries out infection in the following way:
- It checks for the following entries in the Window Registry:
HKEY_LOCAL_MACHINE\ Software\ Kazaa\ Transfer
HKEY_LOCAL_MACHINE\ Software\ Kazaa\ LocalContent
HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Internet Explorer
In this way, if the Internet Explorer and KazaA programs are installed on the system, EnerKaz finds out the location of shared folders in which it carries out infection.
- It adds its code at the beginning of every PE file found in the Internet Explorer and KazaA directories.
Means of transmission
EnerKaz does not spread automatically using its own means. It needs the attacking user's intervention in order to reach the affected computer. The means of transmission used include, among others, floppy disks, CD-ROMs, e-mail messages with attached files, Internet downloads, FTP, IRC channels, peer-to-peer (P2P) file sharing networks, etc.
EnerKaz is written in the programming language Delphi 6 and is 47,104 bytes in size.
EnerKaz contains the following text in its code, though it is not displayed at any moment:
HANTA-Vjoiner ,si que lo hice yo, ErGrone/GEDZAC los señoritos de PERU, en especial a Machado, que no tiene la educación necesariapara responder un E-Mail...y para los que se enojaron con CPL, jeje, paque ocupan Hotmail!!!, teniendo miles de mailbox gratis y con mas espacio.....Falla la Heuristica y contra una técnica antigua JoJOjOO-Escrito en Delphi 6.