DejaNET Communications - Welcome To Our New Site!

Home  Stock Quotes  Auction  Classifieds  Games  Special Offers   Web Pages  E-Cards  ISP  Alerts

W32.Magistr.24876@mm / I-Worm.Magistr / PE_MAGISTR.A / W32.Magistr@mm 
July 26, 2001 - MUSKEGON, MI - DejaNET Communications today has confirmed that at least one DejaNET user has received an email containing what is known as the W32.Magistr.24876@mm worm.  This particular email worm/virus is similar to the newly found W32.Sircam.worm@mm worm but is MUCH MORE DANGEROUS.  The email consists of one or two attached files from the infected system under 128k in size.  W32.Magistr.24876@mm is a polymorphic virus that also has email worm capabilites and is network aware.  A polymorphic virus has the abilty to change its shape (or byte pattern) in order to avoid detection by antivirus scanners.

This virus will infect Windows Portable Executable files (PE) and will gather email addreses from Microsoft Outlook and Outlook express folders, then sent email file from Netscape Messenger and Windows Address book (wab) files.  The subject line and message text are both randonly generated.

Once activated, and if an Internet connection is available, the virus will search for up to five .doc and .txt files and then will choose any number of random words from one of these files. These words are then used to construct the subject line and message body of the email message. Then the virus searches for up to 20 .exe and .scr files smaller than 128 KB in size, infects one of these files, attaches the infected file to the new message, and then sends this message to up to 100 people from the address books.

This virus/worm also has the capability to erase the CMOS (BIOS) rendering the motherboard unusable as well as delete every other file on the system.

For a better detailed description of this virus as well as screen shots of what happens, please see Symantec's write up here:


I usually place an exact copy of the email here, but Norton decided to destroy it this time...sorry...

If you receive a copy of this in your email, DELETE IT and DO NOT PASS IT ON AND DO NOT OPEN THE ATTACHMENT!  If you do not open the attachment, then you will not get infected!!!  You also might want to notify the sender that they have a virus/worm and give them a link to this page for more help.  DO NOT FORWARD THE WORM BACK TO THEM OR TO ANYONE ELSE!

Once again, keeping your antivirus definitons up to date and only downloading files from the original sources are the ONLY WAY to protect yourself from ANY virus. NEVER, NEVER, NEVER open an email attachment!!!

Norton Antivirus with virus definitions since March 13, 2001 will detect this virus/worm on your system.

You may also visit the following links for more detailed info on this worm as well as removal instructions:,5594,2693125,00.html

Last Modified: 07/26/2001
Copyright 2001 DejaNET Communications