|
|
I-Worm.Magistr. Viruses Information
| Name: |
I-Worm.Magistr. |
| Category: |
Viruses |
| Description:
|
Details
I-Worm.Magistr.b
This is an improved version of the original "Magistr" email worm and Win32 PE EXE files infector.
The differences are:
The payload routine is imoroved by another branch that will overwrite a WIN.COM file in the Windows directory and an NTLDR file in the C: root directory with a program that erases hard drive data upon start-up. This is done for local and for network shared drives as well.
While infecting a local file, this virus encrypts an entry routine with a key that depends on the computer's name. This causes infected-machine disinfection to be much more difficult.
To spread via e-mail, the worm also looks for Eudora email data as well.
While infecting network drives the worm looks for more Windows directories names:
WINNT
WINDOWS
WIN95
WIN98
WINME
WIN2000
WIN2K
WINXP
The worm copy is then registered in WIN.INI and SYSTEM.INI files in the following sections:
WIN.INI: Windows Run
SYSTEM.INI: boot shell
The worm looks for GIF files, and can send GIF images out of the computer, as well as clean DOC files (as the original version does).
The worm destroys .NTZ files each time if such files are located. It also attempts to terminate the ZoneAlarm firewall if it is installed, but fails and ZoneAlarm continues to protect the machine. |
Top Viruses Visited Pages:
Invader. - 241 visits
not-a-virus:RiskWare.Tool.RegPatch. - 73 visits
Worm.P2P.Harex. - 67 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 60 visits
Small.58. - 56 visits
Coito.64 - 54 visits
I-Worm.Mapson. - 48 visits
Win32.Hidra - 43 visits
Win16.Klon.1177 - 42 visits
Marine.500 - 35 visits
Random Viruses Pages:
Win32.SanKei.106
Rexan.78
Raubkopie.221
Worm.Win32.Lovesan.
Clone.83
AsmVir Famil
Ufa.120
Mface.144
Major Famil
Wench.253
|
|
