On Sun, 16 Sep 2001 04:09:32 -0400 (EDT), Thomas Mueller wrote:
> I received a message of 147000 bytes from somebody unknown to me, with a
weird,
> unintelligible subject line, a weird unintelligible line of text, and a big
> SUCATREG.EXE attachment.
You received this file from a computer that is infected with a
W32/Magistr variant.
The person whose computer sent it to you probably has no clue that
his system is infected. Whoever's computer that sent it to you
probably sent the same file to hundreds of people. The computer's
owner doesn't even know that his computer is doing it. Don't be
surprised if you should continue to receive this file repeatedly,
especially from people you don't know who happen to know somebody
who knows somebody who knows somebody who knows you. Don't react
with anger at whoever sent it to you because the person is probably
a friend of a friend of yours and he doesn't know that his computer
is doing it.
It is a Magistr virus variant. It infects Windows and Windows CE
systems. You can find lots of information about SUCATREG.EXE simply
by doing a google search for the filename.
According to information I have read, SUCATREG.EXE might be a
a legitimate Windows systems file in some cases in some systems.
When it is overwritten with the infected version, a Windows system
is in for some big trouble. If your system does not have Windows
you don't have to worry about anything other than the annoyance of
continuing to receive this file in your emails.
You should write an email to the postmaster and to the tech support
department of the user's ISP to inform them of the infected computers.
If you write directly to the user, the user probably would never see
your email. The worm might just auto-reply to your email by sending
you another copy of the virus. A couple of weeks ago we had a
problem like that with an Arachne list subscriber named Oscar Diaz.
I haven't received any more emails from Oscar since September 6th.
Sam Heywood
-- See our Big Gizmotimetemp at
-- http://banners.wunderground.com/banner/gizmotimetempbig/US/VA/Mt_Jackson.gif
