|Updated||Aug 3rd 2010|
|Crack Size||240 KB|
Magistr Detection & Clean is a handy tool that targets the [email protected] malware infection and removes it immediately.
This virus is an improved and more stable version of the [email protected]
It's decryption routine is more elaborate and the original data from the Entry Point is now encrypted with a key generated from the computer name. Because of this, cleaning the infected files is more difficult.
It is able to infect more computers connected in a network because it now looks for more Windows directory names than the previous version.
In network infection it searches for the following directory names:
and infects the files in those directories. After that it registers itself in WIN.INI and SYSTEM.INI under the [Windows] and [Run] sections for WIN.INI and under [boot] and [Shell] sections for SYSTEM.INI.
On the local machine it adds itself in the registry under the following key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
with the name of the first infected file and the value the path to that file.
This new version search for e-mail addresses in Eudora's address book, in addition to the previous e-mail clients such as Outlook Express, Netscape and so on.
The texts for e-mail body are now in French too. The word used to compose the message are in the following list:
aux entiers depens
le present arret
conformement a la loi
a fait constater
cadre de la procedure
Now the virus sends trough e-mail not only doc files but .GIF images too. The virus checks for existence of ZoneAlarm firewall and if it exists, the virus terminates it.
Your email will not be published. Required fields are marked as *