Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
1 - 20 of 23 Posts

·
Registered
Joined
·
276 Posts
Discussion Starter · #1 ·
My Norton VirusScan recently detected the W32.Magistr.corrupt virus on my computer. It said that the file could not be repaired and that access to it was denied. so i started running a virus check on my system and so far it hasn't picked up anything, but it's not done yet. i just wanted to know if there was a patch or something that i could get to fix this if the virus actually infected my computer. i'll post back later when the virus scan is complete and tell you guys the results. for now i just wanted to throw out the situation to you helpful ppl. thanks a lot!
 

·
Registered
Joined
·
276 Posts
Discussion Starter · #3 ·
actually the file isn't in the quarantine. i looked for it there and it wasn't there. i also did a search on my entire computer for the file but i didn't find it anywhere.
 

·
Super Moderator
Joined
·
37,537 Posts
Hiya

Run your AV scanner again, but take a not of where it says it is. It may be in your tempory Internet Files, or from a page that has a malicoius scripting in.

I use AVP, and when I'm browsing, sometimes up it pops warning me about a virus, or malicous script. I come out of the page, but when I run a full scan, nothing comes up. Were you online when the message came up?

Regards

eddie
 

·
Registered
Joined
·
276 Posts
Discussion Starter · #6 ·
i caught the virus after downloading a file from Morpheus, a file sharing network on the internet. after that, I got two messages which said that W32.Magistr.corrupt had been found and could not be repaired, the other saying that it could not be accessed. i ran a full virus scan and nothing came up. since then i haven't experienced any problems.

still, is there a patch or something to fix this virus just in case in infected my system? i'm a little worried because the file was never repaired, could not be accessed, and was not placed in quarantine.

here's a copy of the norton activity log:

Date: 12/27/2001, Time: 16:38:14, joe on JOECOMP
The file
C:\Documents and Settings\joe\Desktop\kazaadownload10094890673712408.dat
is infected with the W32.Magistr.corrupt virus.
Unable to repair this file.


Date: 12/27/2001, Time: 16:38:14, joe on JOECOMP
The file
C:\Documents and Settings\joe\Desktop\kazaadownload10094890673712408.dat
is infected with the W32.Magistr.corrupt virus.
Access to the file was denied.


Date: 12/27/2001, Time: 16:38:46, joe on JOECOMP
Virus scan started.

Date: 12/27/2001, Time: 17:19:18, joe on JOECOMP
Virus scanning completed.
Master boot records:
Scanned: 1
Infected: 0
Repaired: 0
Boot records:
Scanned: 1
Infected: 0
Repaired: 0
Files:
Scanned: 103890
Infected: 0
Repaired: 0
Quar'ed: 0
Deleted: 0


thanks for the link above, i posted this message without seeing it.
 

·
Registered
Joined
·
276 Posts
Discussion Starter · #7 ·
OK I used the utility you gave me but it didn't find any infected files. When I restarted my computer, it started to go EXTREMELY slowly. Everything that I do goes much slower, and I don't know why. The only reason I cant think of is this virus. Any suffestions would be helpful.
 

·
Super Moderator
Joined
·
37,537 Posts

·
Registered
Joined
·
276 Posts
Discussion Starter · #9 ·
OK I used the start up utility you gave me but the program never ran.
 

·
Registered
Joined
·
276 Posts
Discussion Starter · #11 ·
yeah i got the zip version. i tried running exefix before since i read that the virus i believe i got affects EXE files. interestingly, the exefix didn't work, and both that file and the start up file are .com extension files. maybe those types aren't working correctly. any patch for those files??
 

·
Registered
Joined
·
276 Posts
Discussion Starter · #13 ·
actually that's exactly what i did. but when i ran the file, nothing happened. the program didnt do anything. the same thing happened when i ran another .com file.
 

·
Registered
Joined
·
276 Posts
Discussion Starter · #15 ·
when i ran the start up program, an hourglass came up for about a split second and then vanished. nothing more. the other .com file that i tried to run was that exefix08 or whatever, which is also a .com file.
 

·
Registered
Joined
·
276 Posts
Discussion Starter · #17 ·
I did a search for StartUp.Log, but nothing came up.

I'm running Windows XP.
 

·
Super Moderator
Joined
·
37,537 Posts
Okay

It might not work, as I tried it on my system, which is 2000 and I couldn't find it.

Lets do it manually, until Rollin' or someone else can confirm that it does/dosen't work with XP

Go to Find Files and type SYSEDIT

In the Win.ini file, look under

[windows]
load=
run=

Is there anything there, after the =

Also, have a look at the system.ini.

[boot]
shell=explorer.exe

Is there anything else there after the explorer.exe?

Regards

eddie
 

·
Registered
Joined
·
45,855 Posts
Startuplog won't work with XP as I just discovered yesterday on the Web forum. However you can list most of your startups by running msinfo32 and clicking on "software environment" and "startup programs". Then click edit>select all>edit>copy and paste the copied text here.

Magistr does have a habit of placing things in the startup group that do not belong there, but scan clean because they are legitimate windows files that may have been renamed.

msconfig is also available in XP and is evidently similar to the ME version.
 

·
Registered
Joined
·
276 Posts
Discussion Starter · #20 ·
desktop desktop.ini NT AUTHORITY\SYSTEM Startup
desktop desktop.ini JOECOMP\joe Startup
desktop desktop.ini .DEFAULT Startup
desktop desktop.ini All Users Common Startup
Encoder Agent c:\progra~1\window~4\encoder\wmencagt.exe All Users Common Startup
iamapp c:\program files\norton personal firewall\iamapp.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Microsoft Office c:\progra~1\mi1933~1\office\osa9.exe -b -l All Users Common Startup
Microsoft Works Portfolio c:\program files\microsoft works\wkssb.exe /allusers All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Microsoft Works Update Detection c:\program files\microsoft works\wkdetect.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
MoneyAgent "c:\program files\microsoft money\system\money express.exe" NT AUTHORITY\SYSTEM HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
MoneyAgent "c:\program files\microsoft money\system\money express.exe" NT AUTHORITY\LOCAL SERVICE HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
MoneyAgent "c:\program files\microsoft money\system\money express.exe" NT AUTHORITY\NETWORK SERVICE HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
MoneyAgent "c:\program files\microsoft money\system\money express.exe" JOECOMP\joe HKU\S-1-5-21-854245398-746137067-2145993379-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
MoneyAgent "c:\program files\microsoft money\system\money express.exe" .DEFAULT HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NAV Agent c:\progra~1\norton~1\navapw32.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NeroCheck c:\windows\system32\nerocheck.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
RealTray c:\program files\real\realplayer\realplay.exe systemboothideplayer All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SystemTray systray.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Update Service c:\progra~1\common~1\teknum~1\update.exe /startup JOECOMP\joe HKU\S-1-5-21-854245398-746137067-2145993379-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run


OK that's what came out. Hopefully you can make sense of some of this stuff.
 
1 - 20 of 23 Posts
Status
Not open for further replies.
Top