The Magistr virus

Introduction to the Magistr virus

The Magistr virus (code name W32/Magistr.b@MM, I-Worm.Magistr.b.poly or PE_MAGISTR.B) is a polymorphic worm (a worm whose shape, or more precisely signature, is constantly changing) which spreads using email. It is a variant on the Disemboweler worm (Magistr.A) and mainly affects users with the Microsoft Outlook, Eudora or Netscape email client in the operating systems Windows 95, 98, Millenium and 2000.

What the virus does

The Magistr.B virus searches the system for address book files (extension .WAB for Outlook and .DBX/.MBX for Eudora), in order to choose recipients to send the message to.

The subject and body of the email sent by the Magistr worm are chosen at random, by taking an extract from a file on the infected computer's hard drive.

The Magistr virus attaches a copy of itself to the message, with a filename containing an extension of one (or two) of the following types: .com, .bat, .pif, .exe or .vbs.

The Magistr worm may also delete all data found in:

  • The CMOS
  • The BIOS
  • The hard drive

Because of this, the Magistr.B virus may cause serious damage to your system and the information found on it.

What's more, the Magistr.B virus can disable the personal firewall ZoneAlarm by using the command WM_QUIT.

Symptoms of infection

Infected machines display the following behavior:
Moving the cursor over the desktop causes icons to move.

Eradicating the virus

To eradicate the Magistr virus, the best method is to run an up-to-date antivirus program, or the following virus removal tool:
Download the virus removal utility.

More information about the virus

Ask a question
CCM is a leading international tech website. Our content is written in collaboration with IT experts, under the direction of Jean-François Pillou, founder of CCM reaches more than 50 million unique visitors per month and is available in 11 languages.
This document, titled « The Magistr virus », is available under the Creative Commons license. Any copy, reuse, or modification of the content should be sufficiently credited to CCM (