Magistr virus hits India

DQW Bureau
New Update

W32.Magistr.24876, a deadly virus that overwrites hard

drives and attempts to erase the Basic Input Output System (BIOS) providing

communication between the operating system and hardware, has finally hit India.

Chennai-based anti-virus provider, K7 Computing, has cited reports of the

symptoms of the virus discovered on March 13 from places as far as Kolkatta,

Chennai and Tuticorin.


Magistr, categorized both as a virus and a worm, spreads

by email, shared disks and on the local area network. Spread as an email

attachment with a size of at least 25-KB, it infects Windows Portable Executable

files except .dll system files when it is executed. It goes into memory using

Explorer.exe process. After waiting for three minutes, it infects a file in the

Windows directory to ensure that the virus is activated every time Windows is


It then sends emails to addresses gathered from the

Windows Address Book used by mail clients such as Microsoft Outlook, Microsoft

Outlook Express, the Outlook/Outlook Express Sent Items Folder and the Netscape

Address Book. It also spreads fast on the local area network infecting files in

the directories that are shared.

"In addition to being a deadly virus, Magistr

sometimes infects and attaches .doc or .txt file to the emails it sends out

which might result in the leakage of confidential files. It is similar to the

Kriz virus, based on the CIH virus, that gets activated on Christmas day,"

said J. Kesavardhanan, CEO, K7 computing.

"After sitting on the system for a month, Magistr

overwrites all disk files in the local and network drives making it almost

impossible to retrieve the lost data. The incubation period of one month gives

the virus enough time to multiply and spread the infection. We were on the

lookout for the virus in India after it hit the scene last week. We have updated

our Vx 2000 anti-virus to clean the Magistr virus and the updated version is

available in our site," he added.