The W32/Magistr@MM is a combination virus and worm. The virus part infects the executable files in the WINDOWS directory and subdirectories. It sends itself to email addresses stored on the PC. It installs itself to run itself each time the system is started.
The worm part arrives as a .EXE file with varying filenames. The worm often alters the Reply-To email address when mailing itself to others, so that a reply to the E-mail will be bounced back.
Indications of infection are as follows:
- Icons on the desktop move when the mouse cursor passes over them.
- Increase in size of .EXE files (adds 24 Kb or more).
- Infected files use a modified access date of the time of the infection.
- Presence of a newly created .DAT file containing email addresses (representing those users which were sent the virus).
- Entry in WIN.INI; such as, RUN=(xxxxx) .
- Entry in Registry; such as, run key value: HKLM\Software\Microsoft\Windows\CurrentVersionRun\xxxxx=C:\WINDOWS\SYSTEM\xxxxx.EXE .(xxxxx = various filenames)
Most current antivirus utilities have the proper definition files to remove this virus. Use one or more of the methods to remove this virus.
Method 1: Use existing antivirus software to remove virus
Your HP notebook PC was shipped with a trial version of the Norton Internet Security (NIS) antivirus software.
Perform these steps to perform an internet security or antivirus scan and correct a problem:
NOTE:Do not install antivirus software if you already have a different version of antivirus installed. Using the notebook with two antivirus applications installed will cause performance problems.
- If you subscribed to the Norton Internet Security 2005 that was installed on your HP notebook PC, perform an NIS security scan.
- Right-click on the Norton Internet Security (NIS) icon in the system tray, and select the Open Norton Internet Security option.Verify the version displayed on the NIS application panel is the 2005 or a later. To update to the current version, contact Symantec .
- Click on Live Update and Next to download and install the latest antivirus and security definition files.
- After the updates are loaded, you will be prompted to restart the PC to activate the Norton Internet Security application. The program will monitor the system for malicious activities.
- When NIS discovers a potential security threat, it will display a warning message and instructions on what to do.
- If there is no Norton Internet Security (NIS) icon in the system tray, click on this link to download a free trial version (in English) of Norton Internet Security from Symantec. You may use this trial version for 30 days before you decide to purchase it.
- If there is no Norton Internet Security (NIS) icon in the system tray, and you want to determine if you have a problem with malicious software before you invest in an internet security and antivirus tool, click on this link for a free security scan (in English) from Symantec.
Method 2: Use an HP Service partner to remove virus
If you do not feel you have the necessary technical experience, or are uncomfortable with the idea of performing some of the methods by yourself, you may wish to take your notebook PC to an HP Service partners for assistance.
HP Service partners provide fee-based services for the removal of malicious software.