Introduction to the Magistr virus
The Magistr virus (code name W32/Magistr.b@MM, I-Worm.Magistr.b.poly or PE_MAGISTR.B) is a polymorphic worm (a worm whose shape, or more precisely signature, is constantly changing) which spreads using email. It is a variant on the Disemboweler worm (Magistr.A) and mainly affects users with the Microsoft Outlook, Eudora or Netscape email client in the operating systems Windows 95, 98, Millenium and 2000.
What the virus does
The Magistr.B virus searches the system for address book files (extension .WAB for Outlook and .DBX/.MBX for Eudora), in order to choose recipients to send the message to.
The subject and body of the email sent by the Magistr worm are chosen at random, by taking an extract from a file on the infected computer's hard drive.
The Magistr virus attaches a copy of itself to the message, with a filename containing an extension of one (or two) of the following types: .com, .bat, .pif, .exe or .vbs.
The Magistr worm may also delete all data found in:
- The CMOS
- The BIOS
- The hard drive
Because of this, the Magistr.B virus may cause serious damage to your system and the information found on it.
What's more, the Magistr.B virus can disable the personal firewall ZoneAlarm by using the command WM_QUIT.
Symptoms of infection
Infected machines display the following behavior:
Moving the cursor over the desktop causes icons to move.
Eradicating the virus
To eradicate the Magistr virus, the best method is to run an up-to-date antivirus program, or the following virus removal tool:
Download the virus removal utility.
More information about the virus
Latest update on October 16, 2008 at 09:43 AM by Jeff.