Virus Name : W32.Magistr.24876@mm (PE_MAGISTRA.A, W32/Magistr@mm, Magistr, W32/Magistr-A)

Here (http://www.symantec.com/avcenter/venc/data/w32.magistr.24876@mm.html) is a pretty good description of it. Had a customer call me up today to tell me she had it. I had never heard of it before and wasn't too woried about. Did a little research and called her back immediately to tell her to turn off her computer until tomorrow when I have a chance to look at it. Definately keep an eye open for this bugger.

Eeeeks!!!
Thanks for letting us know about it, looks pretty scary.

yea, glad I'm over careful and run live update every 3 days and scan my machines everynight while sleeping. had a bad experence 3 years ago with 3 nastys when I first came online and don't want that thrill again.. madfish

Thanks for the info.
cm

Thanks for the update!!

GEEZ, that is a bad one!!

This is Trend's description of it:

This per-process, memory-resident, polymorphic virus uses complex routines and anti-debugging techniques, which make it very difficult to analyze. It has both virus and worm capabilities in that it infects the local system as well as all files with .EXE and .SCR extensions. Upon execution, it infects Windows System files and then sends infected files via MS Outlook/Outlook Express/Netscape Navigator to all addresses listed in the infected user's Windows and Outlook Express address book. Its destructive payload trashes the primary hard disk drive controller, overwrites CMOS RAM, and erases flash memory (BIOS). Due to its polymorphic nature the email that it comes with does not have a static subject line, message body, or attachment filename.


Harder

Thanks for the info

HOLY *****

I gotta Make sure stay away from this Little F****r.

Thats SCARY!!

Well you guys might be safe from me if it gets by PC-cillin (Trend), but I won't! http://www.sysopt.com/forum/frown.gif

I don't have M$ Outlook/Outlook Express/Windows and Outlook Express addrss books on my computer and Netscape has to ask permission to access the net. http://www.sysopt.com/forum/smile.gif

On the bright side, nothing has been able to get past the 2nd of 5 layers of defense I use. http://www.sysopt.com/forum/biggrin.gif

Harder

Well I have successfully removed it. I couldn't get norton to do it, even tho they claim it does. Ended up using InoculateIt. The InoculateIt site was not allowing any more downloads, but I did manage to get a copy from download.com. Big thumbs up for a free program.