Home > General > Email-Worm.Win32.Magistr.c

Email-Worm.Win32.Magistr.c

there's not much I can say that hasn't been said before, but thank you so much for your supportive comments and feedback on my channel. Loading... Up next Email-Worm.Win32.Magistr (Thanks for 100,000 subscribers!!!) - Duration: 11:09. Magistr.B also attempts to disable the ZoneAlarm firewall. check over here

So the virus code is activated on each Windows restart. Uruchomienie zainfekowanego pliku Po uruchomieniu (z załącznika zainfekowanej wiadomości e-mail) robak instaluje się w pamięci systemu Windows, uruchamia się w tle, czeka klika minut i aktywuje swoje procedury: infekujące lokalne i Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! After that the virus enumerates network resources that are shared for full access, looks for WINNT, WINDOWS, WIN95, WIN98 directories in there, and infects files in these directories. http://virus.wikia.com/wiki/Magistr

danooct1 136,940 views 5:09 Loading more suggestions... danooct1 152,763 views 18:42 Viewer-Made Malware 6 - Bolbi (Win32) - Duration: 5:09. Loading...

  1. VHIRULES 15,873 views 1:27 Email-Worm/Virus.Win32.Totilix - Duration: 14:24.
  2. Duży rozmiar robaka jest spowodowany bardzo zaawansowanymi algorytmami: infekującym pliki PE EXE, wysyłającym wiadomości e-mail oraz rozprzestrzeniającym.
  3. Sign in Share More Report Need to report the video?
  4. Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options
  5. Sign in to make your opinion count.
  6. Newer Than: Search this thread only Search this forum only Display results as threads Useful Searches Recent Posts More...

You can change this preference below. It is comparable to some other potentially very dangerous viruses, such as CIH and Klez. Categories: Virus File virus Email virus Worm-like virus MSWindows virus MSWindows Polymorphic virus Win32 Win32 virus 2001 2001 virus Made in Sweden Virus from Sweden Appender Malicious Memory resident virus Encrypted It searches the system for .doc and .txt files and will use random text from one of these to construct the sender line and body of the email it will send

ARF! Virus, Worm, Malware??? Loading...

Infection The virus then gets a file (usually the first file) in Windows directory, infects it and registers that file in Windows auto-run Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Run and in WIN.INI file in

It also shares some features of the Dengue virus. Procedury dodatkowe W zależności od swoich wewnętrznych liczników robak manifestuje swoją obecność nie zezwalając użytkownikowi na dostęp do ikon Pulpitu. Stay logged in Sign up now! In one month after infecting the computer the virus runs its payload routine that overwrites all disk files with text "YOUARESHIT" on all local and network drives.

The virus encrypts its main code with polymorphic engine and writes itself to the end of the file. Rating is available when the video has been rented. Technical Details Magistr virus spreads via Internet with infected emails, infects Windows executable files on an affected machine (local machine) and is able to spread itself over a local network (LAN). Szkodnik ma rozmiar około 30 KB.

Swoje pierwsze "kroki" wirus kieruje do katalogów WINNT, WINDOWS, WIN95 oraz WIN98 i infekuje zapisane w nich pliki. The worm looks for GIF files, and can send GIF images out of an infected computer, as well as it can send out a clean DOC files (as original version does). Share the knowledge on our free discussion forum. Nazwa załączonego pliku może być różna - szkodnik wybiera jeden z zainfekowanych uprzednio plików PE EXE.

The virus also displays a vulgar message. About Press Copyright Creators Advertise Developers +YouTube Terms Privacy Policy & Safety Send feedback Test new features Loading... Na początku kod robaka jest szyfrowany przy użyciu polimorficznej procedury i zapisywany na końcu atakowanego pliku. this content File InfectionEdit At the entry point of the infected file, there will be 512 bytes of garbage code that transfers control of the program to the virus.

It gets info on the following clients: Outlook Express Netscape Messenger Internet Mail and News The virus then scans email database files of the found e-mail clients, gets email addresses from Thread Status: Not open for further replies. Watch QueueQueueWatch QueueQueue Remove allDisconnect The next video is startingstop Loading...

If the worm sends mail to more than 100 recipients and two months have passed, then on odd days icons will be running away from the cursor.

Learn more You're viewing YouTube in English (United Kingdom). Aby przejąć kontrolę nad zainfekowanym zbiorem wirus zmienia jego kod wejściowy na procedurę przekazującą sterowanie do końcowej części pliku, w której zapisany jest właściwy kod szkodnika. The attached file name is variable, it can have EXE or SCR extension. It also attempts to terminate ZoneAlarm firewall if it is installed, but fails and ZoneAlarm continues to protect the machine.

On Windows 9x systems it erases the CMOS and BIOS. Magistr checks for an active Internet connection and if there is one, begins constructing an email to send an infected file. Close Learn more You're viewing YouTube in English (UK). I GOT YOU!

Randomly as well the virus uses words and sentences from the following list: sentences you ayant delibere sentences him to le present arret sentence you to vu l',27h,'arret ordered to prison Under Win9x the virus also erases CMOS, Flash Bios and hard drive data.