( ! ) Notice: Undefined variable: p in /app/domains/com/druid628/www/public_html/techtips/virus/header.php on line 5
Call Stack
#TimeMemoryFunctionLocation
10.0004230768{main}( )../magistr.php:0
20.0007237752include( '/app/domains/com/druid628/www/public_html/techtips/virus/header.php' )../magistr.php:5
<br /> <font size='1'><table class='xdebug-error xe-notice' dir='ltr' border='1' cellspacing='0' cellpadding='1'> <tr><th align='left' bgcolor='#f57900' colspan="5"><span style='background-color: #cc0000; color: #fce94f; font-size: x-large;'>( ! )</span> Notice: Undefined variable: subtopic in /app/domains/com/druid628/www/public_html/techtips/virus/header.php on line <i>15</i></th></tr> <tr><th align='left' bgcolor='#e9b96e' colspan='5'>Call Stack</th></tr> <tr><th align='center' bgcolor='#eeeeec'>#</th><th align='left' bgcolor='#eeeeec'>Time</th><th align='left' bgcolor='#eeeeec'>Memory</th><th align='left' bgcolor='#eeeeec'>Function</th><th align='left' bgcolor='#eeeeec'>Location</th></tr> <tr><td bgcolor='#eeeeec' align='center'>1</td><td bgcolor='#eeeeec' align='center'>0.0004</td><td bgcolor='#eeeeec' align='right'>230768</td><td bgcolor='#eeeeec'>{main}( )</td><td title='/app/domains/com/druid628/www/public_html/techtips/virus/magistr.php' bgcolor='#eeeeec'>../magistr.php<b>:</b>0</td></tr> <tr><td bgcolor='#eeeeec' align='center'>2</td><td bgcolor='#eeeeec' align='center'>0.0007</td><td bgcolor='#eeeeec' align='right'>237752</td><td bgcolor='#eeeeec'>include( <font color='#00bb00'>'/app/domains/com/druid628/www/public_html/techtips/virus/header.php'</font> )</td><td title='/app/domains/com/druid628/www/public_html/techtips/virus/magistr.php' bgcolor='#eeeeec'>../magistr.php<b>:</b>5</td></tr> </table></font> Druid628 :: Virus :: Magistr
DruiD628 :: Tech Tips ::
( ! ) Notice: Undefined variable: subtopic in /app/domains/com/druid628/www/public_html/techtips/virus/header.php on line 38
Call Stack
#TimeMemoryFunctionLocation
10.0004230768{main}( )../magistr.php:0
20.0007237752include( '/app/domains/com/druid628/www/public_html/techtips/virus/header.php' )../magistr.php:5
Virus ::
Magistr  


( ! ) Notice: Undefined variable: PHP_SELF in /app/domains/com/druid628/www/public_html/techtips/virus/header.php on line 55

Call Stack
#TimeMemoryFunctionLocation
10.0004230768{main}( )../magistr.php:0
20.0007237752include( '/app/domains/com/druid628/www/public_html/techtips/virus/header.php' )../magistr.php:5
','500','500');" onMouseDown="javascript:window.status=' ';return true;" onMouseOver="javascript:window.status='';return true;" onMouseUp="javascript:window.status='';return true;" onMouseOut="javascript:window.status='';return true;"> Email this to a friend
Magistr, the worm.... what can I say, this is one of the more disturbing virii. It can be delivered in your email with a variety of possible subjects. The attachment can be delivered in a variety of files such as: 
.pif .exe .com .doc .scr 
as well as others. 
The best advice I can give is I hope you have a good anti-virus.  If you don't, I suggest you get one.  My recommendations are:
McAfee, PC-Cillin, F-Prot (Command Anti-Virus).
When you are infected by this virus/worm you will notice very strange things happening on your pc such as icons on your desktop being afraid of your mouse and running away from it.  You might have also received a nasty note from your computer.  
For more information on this worm visit Symantec's site at:
http://www.sarc.com/avcenter/venc/data/w32.magistr.24876@mm.html

 

Legend: 
%SystemRoot% C:\Windows (In Windows NT or 2000 it will be C:\Winnt )
%SystemDrive% C:\
%WinDir% C:\Windows (In Windows NT or 2000 it will be C:\Winnt )
Files to clean: What to look for:
%SystemRoot%\System.ini (C:\windows\system.ini)

****NOTE****
PAY ATTENTION and write down the file name that is appended to the
shell= line, for you will need it when looking through the registry.

Under [boot] look for shell=explorer.exe , if you have anything past explorer.exe on this line, it is part of the virus. Therefore delete it. An example of what it should look like:
[boot]
      oemfonts.fon=vgaoem.fon
      shell=Explorer.exe
      system.drv=system.drv
An example of what the infected system.ini file might look like:
[boot]
      oemfonts.fon=vgaoem.fon
      shell=Explorer.exe      extrafile.exe
      system.drv=system.drv 
 
%SystemRoot%\win.ini
(C:\windows\win.ini)

****NOTE****
PAY ATTENTION and write down the file name that is appended to the
shell= line, for you will need it when looking through the registry.

Under the [windows] section look for run= , this should be blank if you are infected you will probably see a file name there, delete it. An example of what this portion should look like:
[windows]
      load=
      run=
      NullPort=None
An example of what an infected win.ini file would look like:
[windows]
      load=
      run=extrafile.exe
      NullPort=None
Registry Keys to check: String Value:
Before editing the registry always remember to back up the registry
HKEY_LOCAL_MACHINE\Software\Microsoft\
WindowsNT\CurrentVersion\Winlogon
****NOTE****
PAY ATTENTION and write down the file name that is appended to the
shell data, for you might need it later.
Look for the value that says Shell double click on the value. Examine the value data if there is anything other than explorer.exe
HKEY_Local_Machine\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Examine this key and it's values for the mysterious file name. If so delete it.

2000-2018 DruiD628
micah {at symbol} druid628.com

Home | Links | Geekdom | About Me | Code | Tablet (Blog)
Tech Tips | Virus