VERIFIED VIRUS ALERT

[Guest guest]

Please do not reply to this post as it is crossposted.

lmolivier@...

Computer Virus Alert - W32/Magistr@MM

Dear Lynn Olivier,

SmartReminders has detected the following computer viruses:

W32/Magistr@MM

This worm which arrives as an .EXE file with varying filenames.

Executing this attachment infects your machine which is used to

propagate the virus. When first ran, the virus may copy one .EXE file

in the WINDOWS or WINDOWS SYSTEM directory using the same name with an

altered last character.

W32/Magistr@MM is a combination of a files infector virus and e-mail

worm.

-The viral code infects 32 bit PE type files (.exe) files in the

WINDOWS directory and subdirectories.

-The worm part is using mass mailing techniques to send itself to

email addresses stored in several places. The worm installs itself to

run at each system startup.

Five minutes after the virus is run, it attempts a mailing routine.

Email addresses are gathered from the Windows Address Book, Outlook

Express mailboxes, and Netscape mailboxes (address found in the email

messages within existing mailboxes are gathered), and these file

locations and addresses are saved to a hidden .DAT file somewhere on

the hard disk (varies). The messages sent by the worm contain varying

subject headings, body text, and attachments. The body of the message

is derived from the contents of other files on the victim's computer.

It may send more than one attachment and may include non .EXE or

non-viral files along with an infectious .EXE file.

The virus proceeds by infecting 32 bit PE (Portable Executable) type

..EXE files found in the WINDOWS SYSTEM directory and subdirectories.

The viral code is encrypted, polymorphic, and uses anti-debugging

techniques to make it difficult detected. Email addresses have been

seen encrypted in infected files. These addresses are believed to

represent other users that have also been infected from the same point

of origin.

In the decrypted body of the virus code, the following comments exist:

ARF! ARF! I GOT YOU! v1rus: Judges Disemboweler.

by: The Judges Disemboweler.

written in Malmo (Sweden)

W32/Magistr@MM has a payload routine that on some systems may result

in cmos/bios info being erased as well as destroying sectors on the

hard disk.

The virus has a medium risk factor according to McAfee Avert Research

Center.

Other aliases for this worm are:

I-Worm.Magistr (CA)

Magistr (F-Secure)

PE_MAGISTR.A (Trend)

W32.Magistr.24876@mm (Symantec)

W32/Disemboweler (Panda)

W32/Magistr-a (Sophos)

Use specified engine and DAT files for detection and removal.

-------------------------------------------------------------

According to a report on msnbc.com, the creator of the tool that

generated the " Kournikova " virus last month has released an

updated version of his worm-generating software.

The new tool is believed to have the potential to create worms that

are much more malicious and harder to track than those that have come

before.

SmartReminders will keep you updated on new developments through your

computer virus alerts.

Get helpful ideas and insights from other small business owners and

entrepreneurs. Sign up for Advice for Small Business.

For more information on this advertisement visit:

http://www.smartreminders.com/SmartAds.cfm?ID=107 & SRToken=B905E900-5F5

C-465B-A2EF21CC1385AB74