W32.Magistr.24876@mm virus spread on the increase! (4/5/01)
This question was answered on April 6, 2001. Much of the information contained herein may have changed since posting.
The W32.Magistr.24876@mm was first detected on March 13th, 2001 Due to the recent increased number of submissions of W32.Magistr.24876@mm, the Symantec Anti-virus Research Center has updated the threat level of this virus from 3 to 4
W32.Magistr.24876@mm is a virus that has email worm capability and is also network aware It infects Windows Portable Executable (PE) files and sends email messages to addresses that it gathers from the Outlook/Outlook Express mail folders (.dbx, .mbx), the sent items file from Netscape, and Windows address books (.wab), which are used by mail clients such as Microsoft Outlook and Microsoft Outlook Express The email message may have up to two attachments, and it is some what "poly-morphic" because it has a randomly generated subject line and message body.
The effects of an infection can include:
- System instability and corruption
(Overwrites hard drives, erases CMOS, flashes the BIOS.)
- Releases confidential information
(It could send confidential Microsoft Word documents to others.)
If the computer has been infected for two months, on odd numbered days the desktop icons are repositioned whenever the mouse pointer approaches, giving the impression that the icons are "running away" from the mouse.
If the computer has been infected for three months, then the infected file is deleted.
This virus contains bugs which will corrupt some files while attempting to infect them, as well as when the first payload activates These files cannot be repaired; they must be restored from backup.
Make sure your anti-virus program is up-to-date as most current versions from the major anti-virus companies will detect and eliminate this virus/worm.
For a complete explaination and pictures of what an infected computer does, go to SARC's warning at:
About the author
Posted by Ken Colburn of Data Doctors on April 6, 2001