W32/Almanahe.sys
Additional type information.
Date that AVERT discovered this threat.
File size, in bytes, of the threat.
McAfee DAT files contain detection and repair information for threats. The Minimum DAT field specifies the lowest/oldest DAT version that is capable of detecting the first incarnation of a threat, and the release date. The highest/newest DAT version should always be used for the most complete protection and are available on the Anti-Virus Updates page.
Each description displays the minimum, fully tested, DAT version that includes regular detection for a particular threat. These fully tested DATs are released on a daily basis. If necessary, they are also released when a Medium, Medium On Watch, or High risk threat is discovered. An EXTRA.DAT will also be posted for these more prevalent threats, if necessary.
For each description listed, detection is always available. In the event that the DAT version specified is not yet available, an EXTRA.DAT file may be downloaded via the McAfee AVERT Extra.dat Request Page. Alternatively, minimally tested HOURLY BETA DAT files are available for downloading.
McAfee DAT files are constantly being updated to enhance detection capabilities. The Updated DAT field specifies the released DAT version that contains the most up to date detection.
The scan engine uses the DAT files to detect threats. The Minimum Engine field specifies the lowest/oldest engine version that is capable of detecting this threat. The highest/newest engine version should always be used for the most complete protection and are available on the Anti-Virus Updates page.
Date/time this description was published using Pacific Time.
Date/time this description was last modified using Pacific Time.
Risk Assessment
- Corporate User
-
Low
- Home User
-
Low
Tab Navigation
Overview
W32/Almanahe.sys is the rootkit component of W32/Almanahe.a. More details of this virus at:
Aliases
- troj_corelink.a (TrendMicro)
Characteristics
W32/Almanahe.sys is the rootkit component of W32/Almanahe.a. More details of this virus at:
Symptoms
W32/Almanahe.sys is the rootkit component of W32/Almanahe.a. More details of this virus at:
Method of Infection
W32/Almanahe.sys is the rootkit component of W32/Almanahe.a. More details of this virus at:
Removal
VirusScan Users
Use the latest engine and DAT files for detection.
|
Due to the nature in which this virus operates once a machine is successfully infected, read-access to the DLL and SYS components of the virus may be denied.
VirusScan 11.x and VirusScan Enterprise 8.5 or newer can detect and remove these rootkit-protected components directly.
Older versions of VirusScan will not be able to detect these files in this case. Because of this, if a machine is suspected to be infected, users can follow the procedure below:
- Reboot the system into Safe Mode (hit the F8 key as soon as the Starting Windows text is displayed, choose Safe Mode.
- Run a system scan using the specified engine/DATs.
- Clean files flagged as infected
- Restart machine in default mode.
|
Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).
Additional Windows ME/XP removal considerations
All Information
Overview -
W32/Almanahe.sys is the rootkit component of W32/Almanahe.a. More details of this virus at:
Aliases
- troj_corelink.a (TrendMicro)
Characteristics
Characteristics -
W32/Almanahe.sys is the rootkit component of W32/Almanahe.a. More details of this virus at:
Symptoms
Symptoms -
W32/Almanahe.sys is the rootkit component of W32/Almanahe.a. More details of this virus at:
Method of Infection
Method of Infection -
W32/Almanahe.sys is the rootkit component of W32/Almanahe.a. More details of this virus at:
Removal -
Removal -
VirusScan Users
Use the latest engine and DAT files for detection.
|
Due to the nature in which this virus operates once a machine is successfully infected, read-access to the DLL and SYS components of the virus may be denied.
VirusScan 11.x and VirusScan Enterprise 8.5 or newer can detect and remove these rootkit-protected components directly.
Older versions of VirusScan will not be able to detect these files in this case. Because of this, if a machine is suspected to be infected, users can follow the procedure below:
- Reboot the system into Safe Mode (hit the F8 key as soon as the Starting Windows text is displayed, choose Safe Mode.
- Run a system scan using the specified engine/DATs.
- Clean files flagged as infected
- Restart machine in default mode.
|
Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).
Additional Windows ME/XP removal considerations
Variants
Variants -
