Loading ...
Sorry, an error occurred while loading the content.

This is a dangerous VIRUS:Re: [hreg] a red dot, within 5

Expand Messages
  • mike
    Here is the info on this virus, if you clicked on the executable you are infected and must use a virus checker to remove it. It uses various names. My virus
    Message 1 of 1 , Jul 30, 2001
    • 0 Attachment
      Here is the info on this virus, if you clicked on the executable you are
      infected and must use a virus checker to remove it.
      It uses various names. My virus checker didn't detect it.
      :

      Name: W32/Magistr-A
      Aliases: W32/Magistr@MM, I-Worm.Magistr, PE_MAGISTR.A, W32.Magistr.24876,
      W32/Disemboweler, W32.Magistr/MM, Begemont
      Type: W32 executable file virus
      Detection: Detected by Sophos Anti-Virus May 2001 (3.45) or later. A virus
      identity (IDE) file is available for earlier versions from the Latest virus
      identities section.
      Sophos has received many reports of this virus from the wild.

      Comments: Please read the instructions for disinfecting W32/Magistr-A.

      W32/Magistr-A is a polymorphic Windows 32 executable file virus which
      spreads by infecting files and via email. Magistr includes highly
      destructive code which - if triggered - can delete all files from local and
      network drives, wipe the CMOS settings, and flash the BIOS chip of your
      computer.

      The virus searches the user's address book, mailboxes and other files
      present on the computer for email addresses. The virus specifically targets
      addresses from Outlook Express, Netscape Navigator and Internet Mail and
      News. It then sends itself to these email addresses using its own SMTP
      client.

      The email message it sends has a randomly generated subject, body text and
      attached filename.

      Filenames that the virus can use include:

      SULFNBK.EXE
      CFGWIZ32.EXE
      OEMRNCE.EXE
      SETMODD.EXE
      MSOOBE.EXE
      SUCATREG.EXE
      MKCOMPAT.EXE

      Please note that these files are often found on uninfected systems, so their
      mere presence on your computer is not necessarily an indication of infection
      by this virus.

      In an attempt to remain active when Windows is restarted the virus adds the
      name of an infected file to the "run=" lines of the WIN.INI file and to the
      Registry key:
      HKLM\Software\Microsoft\Windows\
      CurrentVersion\Run\<infected filename>.

      The virus contains the following text:

      ARF! ARF! I GOT YOU! v1rus: Judges Disemboweler. by The Judges Disemboweler
      written in Malmo (Sweden)

      The virus also includes a series of words and phrases, including the
      following:

      sentences you
      sentences him to
      sentence you to
      ordered to prison
      convict
      judge
      circuit judge
      trial judge
      found guilty
      find him guilty
      affirmed
      judgment of conviction
      verdict
      guilty plea
      trial court
      trial chamber
      sufficiency of proof
      sufficiency of the evidence
      proceedings
      against the accused
      habeas corpus
      jugement

      It also contains similar phrases in French and Spanish.



      ----- Original Message -----
      From: "Steven Shepard" <sbtdesigns@...>
      To: <hreg@yahoogroups.com>
      Sent: Monday, July 30, 2001 9:01 AM
      Subject: Re: [hreg] a red dot, within 5


      > There is a virus attached to this message I received from hreg.
      > Members beware!
      >
      > SBT Designs
      > 25840 IH-10 West #1
      > Boerne, Texas 78006
      > 210-698-7109
      > FAX: 210-698-7147
      > www.sbtdesigns.com
      >
      > Please note we are moving our email address to sbtdesigns@....
      > Please update our information in your records.
      >
      >
      > ----- Original Message -----
      > From: "mike" <mlandrus@...>
      > Sent: Sunday, July 29, 2001 9:47 AM
      > Subject: [hreg] a red dot, within 5
      >
      >
      > > The test shows a positive result for HIV infection. These unapproved
      test
      > kits use a simple finger prick process for home blood collection or a
      > special sponge device for saliva collection. The blood or saliva sample is
      > then added to a plastic testing device containing a special type of paper.
      A
      > developing solution is added to determine if the sample is positive for
      HIV.
      > >
      > >
      > >
      > > Your use of Yahoo! Groups is subject to
      http://docs.yahoo.com/info/terms/
      > >
      > >
      >
      >
      >
      >
      >
      > Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
      >
      >
      >
    Your message has been successfully submitted and would be delivered to recipients shortly.