Please note: Some users get confused between this virus and the SULFNBK and JDBGMGR hoaxes.
W32/Magistr-A is a polymorphic Windows 32 executable file virus which spreads by infecting files and via email. Magistr includes highly destructive code which - if triggered - can delete all files from local and network drives, wipe the CMOS settings, and flash the BIOS chip of your computer.
The virus searches the user's address book, mailboxes and other files present on the computer for email addresses. The virus specifically targets addresses from Outlook Express, Netscape Navigator and Internet Mail and News. It then sends itself to these email addresses using its own SMTP client.
The email message it sends has a randomly generated subject, body text and attached filename.
Filenames that the virus can use include:
CFGWIZ32.EXE
CHLINST.EXE
DPLAYSVR.EXE
MAKETAG.EXE
MKCOMPAT.EXE
MLSET32.EXE
MSOOBD.EXE
MSOOBE.EXE
OEMRNCE.EXE
SETMODD.EXE
SUCATREG.EXE
SULFNBK.EXE
UNREGASF.EXE
Please note that these files are often found on uninfected systems, so their mere presence on your computer is not necessarily an indication of infection by this virus.
W32/Magistr-A will attempt to infect files in shared network resources. This includes files in both mapped drives and named shared areas.
The virus contains the following text:
ARF! ARF! I GOT YOU! v1rus: Judges Disemboweler. by The Judges Disemboweler written in Malmo (Sweden)
The virus also includes a series of words and phrases, including the following:
sentences you
sentences him to
sentence you to
ordered to prison
convict
judge
circuit judge
trial judge
found guilty
find him guilty
affirmed
judgment of conviction
verdict
guilty plea
trial court
trial chamber
sufficiency of proof
sufficiency of the evidence
proceedings
against the accused
habeas corpus
jugement
It also contains similar phrases in French and Spanish.
W32/Magistr-A is a polymorphic Windows 32 executable file virus which spreads by infecting files and via email. Magistr includes highly destructive code which - if triggered - can delete all files from local and network drives, wipe the CMOS settings, and flash the BIOS chip of your computer.
The virus searches the user's address book, mailboxes and other files present on the computer for email addresses. The virus specifically targets addresses from Outlook Express, Netscape Navigator and Internet Mail and News. It then sends itself to these email addresses using its own SMTP client.
The email message it sends has a randomly generated subject, body text and attached filename.
Filenames that the virus can use include:
CFGWIZ32.EXE
CHLINST.EXE
DPLAYSVR.EXE
MAKETAG.EXE
MKCOMPAT.EXE
MLSET32.EXE
MSOOBD.EXE
MSOOBE.EXE
OEMRNCE.EXE
SETMODD.EXE
SUCATREG.EXE
SULFNBK.EXE
UNREGASF.EXE
Please note that these files are often found on uninfected systems, so their mere presence on your computer is not necessarily an indication of infection by this virus.
W32/Magistr-A will attempt to infect files in shared network resources. This includes files in both mapped drives and named shared areas.
In an attempt to remain active when Windows is restarted the virus adds the name of an infected file to the "run=" lines of the WIN.INI file and to the Registry key:
HKLM\Software\Microsoft\Windows\
CurrentVersion\Run\<infected filename>.
The virus contains the following text:
ARF! ARF! I GOT YOU! v1rus: Judges Disemboweler. by The Judges Disemboweler written in Malmo (Sweden)
The virus also includes a series of words and phrases, including the following:
sentences you
sentences him to
sentence you to
ordered to prison
convict
judge
circuit judge
trial judge
found guilty
find him guilty
affirmed
judgment of conviction
verdict
guilty plea
trial court
trial chamber
sufficiency of proof
sufficiency of the evidence
proceedings
against the accused
habeas corpus
jugement
It also contains similar phrases in French and Spanish.