|Updated||Aug 3rd 2010|
|Crack Size||240 KB|
Magistr Detection & Clean is a handy tool that targets the [email protected] malware infection and removes it immediately.
This virus is an improved and more stable version of the [email protected]
It's decryption routine is more elaborate and the original data from the Entry Point is now encrypted with a key generated from the computer name. Because of this, cleaning the infected files is more difficult.
It is able to infect more computers connected in a network because it now looks for more Windows directory names than the previous version.
In network infection it searches for the following directory names:
and infects the files in those directories. After that it registers itself in WIN.INI and SYSTEM.INI under the [Windows] and [Run] sections for WIN.INI and under [boot] and [Shell] sections for SYSTEM.INI.
On the local machine it adds itself in the registry under the following key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
with the name of the first infected file and the value the path to that file.
This new version search for e-mail addresses in Eudora's address book, in addition to the previous e-mail clients such as Outlook Express, Netscape and so on.
The texts for e-mail body are now in French too. The word used to compose the message are in the following list:
aux entiers depens
le present arret
conformement a la loi
a fait constater
cadre de la procedure
Now the virus sends trough e-mail not only doc files but .GIF images too. The virus checks for existence of ZoneAlarm firewall and if it exists, the virus terminates it.