|
0 members (),
334
guests, and
26
robots. |
|
Key:
Admin,
Global Mod,
Mod
|
|
S |
M |
T |
W |
T |
F |
S |
|
|
1
|
2
|
3
|
4
|
5
|
6
|
|
7
|
8
|
9
|
10
|
11
|
12
|
13
|
|
14
|
15
|
16
|
17
|
18
|
19
|
20
|
|
21
|
22
|
23
|
24
|
25
|
26
|
27
|
|
28
|
29
|
30
|
|
|
|
|
|
There are no members with birthdays on this day. |
#27930
Sun 09 Sep 2001 09:09:AM
|
Joined: Feb 2001
Posts: 3,536
Mission Commander
|
OP
Mission Commander
Joined: Feb 2001
Posts: 3,536 |
Virus Information:<BR>Date Discovered: 9/3/01<BR>Date Added: 9/3/01<BR>Origin: Unknown<BR>Length: N/A<BR>Type: Virus<BR>SubType: File Infector<BR>DAT Required: 4158<P>This variant of W32/Magistr.a@MM is considered a medium risk due to the number of samples received by AVERT.<P>The variant differs in several ways.<P>- It uses a more complex encryption technique.<BR>- It deletes all .NTZ files on the local machine.<BR>- It terminates the ZoneAlarm firewall user interface process if it is running (not the entire program).<BR>- It creates a SYSTEM.INI [boot]shell value to run itself at startup.<BR>- It uses random file extensions on the executables which it sends (.bat, .com, .exe, .pif)<BR>- It has also been reported to retrieve email addresses from Eudora mailbox files (.MBX), overwrite the WIN.COM/NTLDR file at times, and send .GIF files found on the local machine to others along with itself.<P>The characteristics mentioned above are in addition to those found under the W32/Magistr.a@MM description.<P>Removal Instructions:<P>Detection is included in our DAILY DAT (beta) files and will also be included in the next weekly DAT release. In addition to the DAT version requirements for detection, the specified engine version (or greater) must also be used.<P>Additional Windows ME Info:<BR>NOTE: Windows ME utilizes a backup utility that backs up selected files automatically to the C:\_Restore folder. This means that an infected file could be stored there as a backup file, and VirusScan will be unable to delete these files. These instructions explain how to remove the infected files from the C:\_Restore folder.<P>Disabling the Restore Utility<P>1. Right click the My Computer icon on the Desktop.<BR>2. Click on the Performance Tab.<BR>3. Click on the File System button.<BR>4. Click on the Troubleshooting Tab.<BR>5. Put a check mark next to "Disable System Restore".<BR>6. Click the Apply button.<BR>7. Click the Close button.<BR>8. Click the Close button again.<BR>9. You will be prompted to restart the computer. Click Yes.<BR>NOTE: The Restore Utility will now be disabled.<BR>10. Restart the computer in Safe Mode.<BR>11. Run a scan with VirusScan to delete all infected files, or browse the file's located in the C:\_Restore folder and remove the file's.<BR>12. After removing the desired files, restart the computer normally.<BR>NOTE: To re-enable the Restore Utility, follow steps 1-9 and on step 5 remove the check mark next to "Disable System Restore". The infected file's are removed and the System Restore is once again active.
|
|
CMS The Best Conveyancing solicitors conveyancing quotes throughout the UK
For any webhosting enquiries please email webmaster@aus-city.com
|
|
Forums60
Topics684,257
Posts718,866
Members2,957
| |
Most Online3,142
Jan 16th, 2023
|
|
|
