Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically

Win32/Magistr.29188

Alias: Magistr.b

Win32/Magistr.29188 represents a combination of a virus and of a worm exactly as its foregoer Win32/Magistr.24876 did. This version is improved and has several new features.
First of all it tries to look for and infect files of the operating system Windows in larger number of directories than its foregoer did. While Win32/Magistr.24876 tries to infect files in directories WIN95, WIN98, WINNT and WINDOWS, Win32/Magistr.29188 has this list expanded by WINME, WIN2000, WIN2K and WINXP. At attacking files on the local disk the virus sometimes uses the first four characters of the computer name for additional encrypting of the original beginning of the program. The virus is able to gain e-mail addresses for its spreading from address books of the mail client Eudora. Moreover, it sometimes attaches a picture in GIF format to the mail. Manifestation of the virus is enlarged by deleting files with extension NTZ (extension of anti-virus InVircible files) as well as by attempting to turn off the popular personal firewall Zone Alarm. The destructive routine was supplemented by a code which overwrites the file WIN.COM and the file NTLDR.EXE on all accessible disks by the code overwriting the first sector of the first hard disk. The virus also modifies the files WIN.INI and SYSTEM.INI.
The anti-virus system NOD32 starting from the version 1.110 with environment minimum 1.35 and newer can remove this virus. If you have an older environment (version 1.34 or lower) its update is necessary. For correct removal of the virus cleaning must be done from the local computer and not on the network.

© 1992-2004 Eset s.r.o. All rights reserved. No part of this Encyclopedia may be reproduced, transmitted or used in any other way in any form or by any means without the prior permission.