My apologies for this off topic post, but this worm is REALLY NASTY (kills the CMOS too) and seems to be quite sucessful in propagating itself. Practice safe HEX. NEVER open ANY attachment that has a .COM, .EXE, .PIF, .BAT .VBS, because that executes the contents, and people normally don't send executables. I have AV software & Zonealarm on all my machines, and yet it STILL managed to get executed by some really dumb users. I wish I could leave their machines broken as an object lesson on why you DO NOT OPEN attachments. R ============ From: http://www.zdnet.com/products/stories/reviews/0,4161,2810225,00.html Magistr.B is a dangerous variation Designed to bypass current antivirus scanners, this variation can spread via Eudora, Outlook, Netscape and other Internet e-mail clients. By Robert Vamosi, ZDNet Reviews September 6, 2001 A new version of the polymorphic worm Magistr is lurking on the Internet. This new variation, Magistr.B (w32.Magistr.39921), has been reworked to evade most current antivirus software scanners. Like the original worm, Magistr.B features a payload that overwrites hard drives with garbage, erases CMOS and flashes the BIOS on the infected system, rendering the computer unusable. Unlike the original worm, Magistr.B can also infect Eudora address books and disable the user interface to the popular ZoneAlarm firewall before connecting to the Internet (ZoneAlarm will continue to work, however the user will not see any of its alerts until the interface is restarted). At this time, Magistr.B ranks as a 6 on the ZDNet Virus Meter. How it works Magistr. B arrives as an e-mail with the following information: Subject: [random] Body: [random] Attached: [random file with an exe, bat, pif, com extension] When executed, Magistr.B displays the following message from the original Magistr worm. Another haughty bloodsucker . YOU THINK YOU ARE GOD , BUT YOU ARE ONLY A CHUNK OF SH-- Magistr.B then searches for all sent e-mail addresses from Eudora, Outlook, Netscape Messenger and other Internet e-mail clients, and sends randomly constructed messages to up to 100 people. Magistr.B contains its own SMTP e-mail to send copies, bypassing Microsoft's Outlook Security Patch. Magistr.B also searches network resources, searching for Windows installations such as Windows 95, 98, Me, NT, and 2000, and infects all portable executable files found on remote systems. Magistr.B will destroy the contents of the computer's hard drive and CMOS/BIOS information on Windows 95, 98, Me, NT, and 2000 systems. Removal Almost all the antivirus software companies have updated their signature files to include Magistr.B. For more information on removing Magistr.B from your system, see McAfee, Symantec, and Trend Micro. Prevention Here are the basic steps for containing the latest worm: 1."Don't open attachments!" One of the best ways to prevent virus infections is not to open attachments, especially when viruses such as this polymorphic worm are being actively circulated. Even if the e-mail is from a known source, be careful. A few viruses take the mailing lists from an infected computer and send out new messages with its destructive payload attached. Always scan the attached files first for viruses. Unless it's a file or an image you are expecting, delete it. 2.Get protected. If you don't already have virus protection software on your machine, you should. If you're a home or individual user, it's as easy as downloading any of these top-rated programs then following the installation instructions. If you're on a network, check with your network administrator first. 3.Scan your system regularly. If you're just loading anti-virus software for the first time, it's a good idea to let it scan your entire system. It's better to start with your PC clean and free of virus problems. Often the antivirus program can be set to scan each time the computer is rebooted or on a periodic schedule. Some will scan in the background while you are connected to the Internet. Make it a regular habit to scan for viruses. 4.Update your anti-virus software. Now that you have virus protection software installed, make sure it's up-to-date. Some antivirus protection programs have a feature that will automatically link to the Internet and add new virus detection code whenever the software vendor discovers a new threat. You can also scan your system for the latest security updates here. -- http://www.piclist.com hint: To leave the PICList mailto:piclist-unsubscribe-request@mitvma.mit.edu