==================================================================== FixMagistr Version 1.50 Trend Micro, Inc. http://www.antivirus.com ==================================================================== DESCRIPTION: This tool is designed to clean a system infected by PE_MAGISTR.A. This program must be run under the DOS prompt window. This tool will scan the directory specified as the commandline parameter and will recurse all directories under it. It is also capable of detecting PE_MAGISTR.DAM (damage PE_MAGISTR.A), cleaning the registry and WIN.INI, and deleting the .DAT file created by this virus. WHAT'S NEW: V 1.5 Added /R option at command line to disable scanning of all PE files. V 1.4 Fixed bugs on memory leak. Detection for PE_MAGISTR.DAM Includes cleaning of system REGISTRY and WIN.INI. Includes deletion of .DAT file created by this virus. Supports scanning and cleaning of the new variants. FUNCTIONS: I. File Scanning This tool will scan all files on the directory specified and will recurse all subdirectories under it, skipping non-EXE files and .DLL files. It only scans files with the extensions .EXE, .SCR, and .CPL. II. File cleaning This tool will clean files infected by PE_MAGISTR.A and restore the modified original codes and headers. III. Registry Cleaning This tool will check each key in KLM\Software\Microsoft\Windows\CurrentVersion\Runkey for the files infected with PE_MAGISTR.A/PE_MAGISTR.DAM. If found, it will clean the file(s)and delete the corresponding registry value(s). IV. WIN.INI Cleaning This tool will check the WIN.INI file "run" key for the file infected with PE_MAGISTR.A/ PE_MAGISTR.DAM. If found it will clean those files and remove the entry in the key. V. .DAT Deletion This tool will also delete the .DAT files created by the virus. The name of the .DAT file is not fixed, but it can be decoded based on the computer name. PLATFORMS: This version supports the WinNT and Win9x/WinME platform. USAGE: 1. Since PE_MAGISTR.A resides in memory through EXPLORER.EXE it is recommended that you reboot your machine first before running this tool. 2. Close all running applications before using this tool. 3. Copy the file to your favorite directory or you may execute it in the diskette. 4. If you want to scan and clean all infected files in a particular folder, simply type "Fix_Magistr.EXE" (or "A:\Fix_Magistr.EXE" if in diskette) followed by the path that you want to scan/clean in the command prompt. example: To clean the C:\Windows, type: Fix_Magistr.EXE C:\Windows If you wish to clean the registry entries and remove the dropped files, simply type "Fix_Magistr.EXE" (or "A:\Fix_Magistr.EXE" if in diskette) followed by "/r" to disable all file scanning. example: To clean the registry and remove dropped files, type: Fix_Magistr.EXE /r REQUIREMENT: Under WinNT/Win2K, users must have administrative rights to clean the infected system files. Note: Please report any bugs found.