|
|
 |
|
|
Pages: 1
W32/Magistr.b@MM
(Click here to view the original thread with full colors/images)
Posted by: Hell's Wrath
To make a long story short. Found out that my Mom has this virus. My isp uses an e-mail scan (uses McAfee) that caught the e-mail before it got to my computer. She is currently running a program called Inoculate IT personal edition. It does not find the virus, but we now know it is there. It is sending out random e-mail to people in her address book.
My question is, if she goes out and purchases an anti-virus program, will it find and eliminate this virus?? If not, what must she do to get rid of it, short of reformatting??
All responses are appreciated. Thanks in advance for all your help.
HW
Posted by: Canis Lupus
See if this helps ya out, HW:
http://www.antivirus.com/vinfo/viru...me=PE_MAGISTR.B
Posted by: JANNA
norton's will pick it up and stop it u need to turn that comp off now before it does irrepairable harm. the magistr will eventually over write one sector of ur HD usually the boot sector and attempt to zorch ur bios. turn the comp off till u get proper virus software
Posted by: REVENGE
H~W,
Well, turning the computer off will normally set the virus in motion. If you have already turned the computer on, then yes, keep it off. Anytime you think you have a virus, you should disconnect the wire to any networks or any phone lines.
Now, to manually kill this virus, here is how to do it.
To remove the W32.Magistr.Trojan entry from the System.ini:
1. During the scan with NAV, note the name of any files infected by W32.Magistr.Trojan.
2. Click Start, and click Run.
3. Type the following, and then click OK.
edit c:\windows\system.ini
The MS-DOS Editor opens.
NOTE: If Windows is installed in a different location, make the appropriate path substitution.
4. In the [boot] section of the file, look for the following entry
shell=Explorer.exe
5. Position the cursor immediately to the right of Explorer.exe.
6. Press Shift+End to select all of the text to the right of Explorer.exe and then press Delete.
7. Click File, and Exit.
8. Click Yes when you are prompted whether to save the changes.
To edit the registry:
CAUTION: We strongly recommend that you back up the registry before you make any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify only the keys that are specified. Read the document How to back up the Windows registry for instructions.
1. Click Start, and click Run. The Run dialog box appears.
2. Type regedit and then click OK. The Registry Editor opens.
3. Navigate to the following key:
HKEY_Local_Machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
4. In the right pane, look for a value that has a random file name with the .exe extension, and that points to the \WinNT\System or \Windows\System folder. This may be the name of a file that was detected as W32.Magistr.39921@mm when you ran the full system scan.
5. Delete any such values that you find.
6. Do one of the following:
If you are running Windows 95/98/Me, click Registry, and then click Exit.
If you are running Windows NT/2000/XP, go on the step 7.
7. Navigate to the following key:
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon
8. In the right pane, double-click the following value:
Shell
9. Look in the value data box. It should contain only the text Explorer.exe, as shown.
10. If it contains any text to the right of Explorer.exe, for example, warm.exe,
remove that text so that only Explorer.exe remains, as shown in step 9.
11. Click Registry, and then click Exit.
|
|
|
|
|
