W32.Magistr.corrupt


Aliases: W32.Magistr.int, W32/Magistr@mm, I-Worm.Magistr, IWorm_Magistr
Variants: Magistr, Magistr.A, Win32.Magistr.24876, Win32/Magistr.24876.Worm, Win32.Magistr.24876:corrupt

Classification: Malware
Category: Computer Virus

Status: Inactive
Spreading: Slow
Geographical info: N/A
Removal: Easy
Platform: W32
Discovered: 13 Mar 2001
Damage: Low

Characteristics: The W32.Magistr.corrupt belongs to a family of memory resident viruses that target 32-bit executable files stored in the host computer system. This virus has the built-in functionality of spreading to local area networks using shared network drives. Other computer systems become infected with this malware via spiked email messages with malicious file attachments. This family of virus is considered as one of the most lethal in the industry with capabilities of deleting hard drive contents.

More details about W32.Magistr.corrupt

The W32.Magistr.corrupt is considered as one of the most complex variants primarily due to its different infection algorithms, spreading routines, payload routines, polymorphic engines, and anti-debugging routines to make its detection and removal from the infected computer system more difficult. When executed the virus will load into system memory and remain dormant for a few minutes before it begins its routines. The W32.Magistr.corrupt gains access to the Explorer process of the operating system and take over its memory address. It drops an executable into the directory folder of the operating system files and creates a corresponding Windows Registry key for it. This provides the W32.Magistr.corrupt with the functionality of loading together with the operating system at every reboot or startup instance of the compromised machine.

The files infected by the W32.Magistr.corrupt will not be executed in the host machine. The virus is loaded but the control is not sent back to the calling application. The W32.Magistr.corrupt continues with its payload delivery routine by infecting executable files stored in the infected computer system. The files which are exploited by the malware cannot be repaired but only restored via reinstallation. Aside from executable files the W32.Magistr.corrupt may also target and infect screensaver files. Email databases will be scanned to gather email addresses that can be infected by the virus using malicious file attachments.