magistr virus

www.housecall.antivirus.com

Er en online virusscanner......det kan løse dit problem!!!

http://housecall.antivirus.com/pc_housecall/
online scanner

der findes ca. en 1/2 snes varianter af magistr...hvilken har du?

I-Worm.Magistr (AVP)  I-Worm.Magistr.b (AVP)
Magistr (F-Secure)  PE_MAGISTR.A (Trend)
PE_MAGISTR.B (Trend)  W32.Magistr.24876@mm (Symantec)
W32.Magistr.39921@mm (NAV)  W32/Magistr-a (Sophos)
W32/Magistr.a@MM  W32/Magistr.b.dam1
W32/Magistr.b@MM  W32/Magistr.dam3
W32/Magistr@MM  Win32.Magistr.B (CA)

flere detaljer omkring magistr:

Virus Characteristics: 

W32/Magistr@MM is a combination of a files infector virus and e-mail worm.
- The viral code infects 32 bit PE type files (.exe) files in the WINDOWS directory and subdirectories.
- It uses mass mailing techniques to send itself to email addresses stored in several places.
- It installs itself to run at each system startup.

Five minutes after the virus is run, it attempts a mailing routine. Email addresses are gathered from the Windows Address Book, Outlook Express mailboxes, and Netscape mailboxes (address found in email messages within existing mailboxes are gathered), and these file locations and addresses are saved to a hidden .DAT file somewhere on the hard disk (varies). The messages sent by the worm contain varying subject headings, body text, and attachments. The body of the message is derived from the contents of other files on the victim's computer. It may send more than one attachment and may include non .EXE or non-viral files along with an infectious .EXE file. The second letter of the e-mail address in the From field is often changed by the virus. As a result, replying to the message will fail due to the invalid address.

The virus proceeds by infecting 32 bit PE (Portable Executable) type .EXE files found in the WINDOWS SYSTEM directory and subdirectories. The viral code is encrypted, polymorphic, and uses anti-debugging techniques to make it difficult to detect. Email addresses have been seen encrypted in infected files. These addresses are believed to represent other users that have also been infected from the same point of origin.

In the decrypted body of the virus code, the following comments exist:

ARF! ARF! I GOT YOU! v1rus: Judges Disemboweler.
by: The Judges Disemboweler.
written in Malmo (Sweden)

W32/Magistr@MM has a payload routine that, on some systems, may result in cmos/bios info being erased as well as destroying sectors on the hard disk.
Indications Of Infection: 

- Icons on the desktop move when the mouse cursor passes over them
- Increase in size of .EXE files (adds 24Kb or more)
- Infected files use a modified access date of the time of the infection
- Presence of a newly created .DAT file containing email addresses (representing those users which were sent the virus)
-Entry in WIN.INI RUN=(App)
-Entry in Registry, run key value:
HKLM\Software\Microsoft\Windows\CurrentVersion\
Run\AppName (varies)=C:\WINDOWS\SYSTEM\(App).EXE (varies)

kan du genkende disse symtomer??

der er den sidste der. W32/Magistr@MM ..
Mine ikoner styrter rundt på skrivebordet...
fjener den der online også virussen?
jeg har været der inde og scanne men den slettede ikke virussen...

Removel instrukstion
http://vil.mcafee.com/dispVirus.asp?virus_k=99040&

Klik blot hér og så er den væk.

http://www.antivirus.com/vinfo/security/fix_magistr.exe

thesaint - er virklig en saint........
takker