Magistr Virus Information and Help

What is Magistr Virus and How Did I Get It?

This is one virus you definitely want to protect yourself from. Its dangerous, can mass-email itself and is hard to detect. Let's start with how deadly this virus is...its destructive payload trashes the primary hard drive controller, overwrites CMOS RAM, and erases flash memory (BIOS). In other words, it destroys your data and your computer. By flashing the BIOS, the virus can create a situation where your computer does not even boot, without replacing the BIOS or the motherboard. This is very similar to the CIH or Chernobyl virus that attacks on April 26th of each year, or the Kriz virus that attacks on December 25th. But it also has characteristics of the infamous MTX virus in 2000 - 2001.

When the virus attacks, it infects Windows System files then sends infected files via the address books of MS Outlook, Outlook Express, and Netscape Navigator. Because the Magistr trojan virus can mass email itself it can spread quickly. Unfortunately it is hard to detect because it changes the email's subject line, body, and attached file names with each new infection.

It infects .EXE and .SCR files It is capable of searching for all local drives, mapped network drives, and shared directories having full access privileges and infects Windows NT, Windows 95, Windows 98, and Windows ME directories and files.

The virus also sends non-viral attachments such as DOC, TXT, and Javascript (JS) files with emails it sends out. It randomly picks text strings from DOC files and TXT files contained in the infected system and uses these text strings as its subject and message bodies.

It adds the registry entry below:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

with the key:

<Virus Name> = "<Path to Virus>\<Virus Name>.EXE"

When Does the Destructive Payload Hit?

If the computer has been infected for one month and at least 100 people have been sent an infected file, and if at least three files contain at least three examples from the following list:

sentences you
sentences him to
sentence you to
ordered to prison
convict
, judge
circuit judge
trial judge
found guilty
find him guilty
affirmed
judgment of conviction
verdict
guilty plea
trial court
trial chamber
sufficiency of proof
sufficiency of the evidence
proceedings
against the accused
habeas corpus
jugement
condamn
trouvons coupable
a rembourse
sous astreinte
aux entiers depens
aux depens
ayant delibere
le present arret
vu l'arret
conformement a la loi
execution provisoire
rdonn
audience publique
a fait constater
cadre de la procedure
magistrad
apelante
recurso de apelaci
pena de arresto
y condeno
mando y firmo
calidad de denunciante
costas procesales
diligencias previas
antecedentes de hecho
hechos probados
sentencia
comparecer
juzgando
dictando la presente
los autos
en autos
denuncia presentada

One month after the initial infection, in Windows 9X systems, it erases CMOS data, erases Flash BIOS, and wipes out the hard drive. These destructive payloads do not affect computers in Windows NT or Windows 2000 environments. It will also display the following message:

magistr1.gif (2824 bytes)

If the computer has been infected for two months, then on odd days the desktop icons are repositioned whenever the mouse pointer approaches them, giving the impression that the icons are running away from the mouse.

magistr2.gif (4222 bytes)

If the computer has been infected for three months, the infected file is deleted.

How to Clean/Delete the Magistr Virus?

There are currently two variations of the Magistr virus (A and B), each has its own cleaner that can be run to find and delete the virus. Click below to download an automatic cleaner for each version.

If you are unsure of what version of the Magistr virus your computer is infected with, click below to run the online virus utility and scan your system.

Housecall Online Virus Scanner

Magistr A Version

Magistr B Version

Please learn how to UPDATE YOUR ANTI-VIRUS SOFTWARE and run a thorough system scan.

Links to:

Norton's Magistr Virus Page

McAfee's Magistr Virus Page

PC-Cillin's Magistr Virus Page

space.gif (58 bytes)

 

Search PCHell.com



 




Tools for Removing Spyware, Adware, and Malware


PC HELL
Other Pages

Spyware/Adware Removal Help

MSBlast.exe Worm Removal

Welchia (Dllhost.exe and SVCHost.exe) Worm Removal

Uninstall McAfee Instructions

Uninstall Norton Instructions

Uninstall Avast Instructions

Uninstall AVG Instructions

Uninstall Antivir Instructions

Uninstall Panda Instructions

How to Manually Run the Microsoft Malicious Software Removal Tool

Bloodhound.Exploit.6 Virus Removal

MyDoom Virus Removal

MiMail.C Virus Removal

Swen Worm Virus Removal

SoBig.F Worm Removal

Dumaru Virus Removal

BugBear.B Worm Removal

SoBig.E Worm Removal

Pop Up Ad Removal Info

KAK Worm Removal

MiMail.A Worm Removal

W95.MTX Virus Removal

Snow White Virus Removal

BadTrans Trojan Removal

Wininit Virus (Bymer Trojan)

Happy99 Worm Removal

VBS Netlog Worm Removal

Pretty Park Worm Removal

Sasser Worm Virus Removal

Backdoor SDBot.H Trojan Removal

VBS.Loveletter Help

Computer Security Information

Back Orifice Information

PC HELL Main Page

 






iPadastic - News, Tutorials, Help, Tips, and Hints for the iPad



Download Hoyle Games
including Casino 3D, Card, Board, and Solitaire games.



Written by Mark Hasting

Recommended Software for PC Hell Visitors
Malwarebytes Anti-Malware
Malwarebytes Anti-Malware
iolo System Mechanic® - Fix, Speed Up Your PC
iolo System Mechanic®
Emsisoft Anti Malware
Emsisoft Anti Malware
space.gif (58 bytes)

Search PCHELL.COM

Return to PC Hell
Return to PC Hell

Google