Didn't find much. Any chance the Tech meant this one.

Magistr.24876 (also known as Win32.Magistr.24876, W32/Magistr@MM, PE_MAGISTR.A, W32.Magistr.24876 and I-Worm.Magistr)
Magistr is a polymorphic binary virus/worm targeting Windows 9x/ME/2K systems. It has been observed in the field mainly in Europe.

When run, this virus will make a copy of an EXE or SCR file in the system directory, give it a slightly different name and infect the copy. The virus then adds a reference to this infected file to the following registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\

For example, under test conditions the virus copied "CFGWIZ32.EXE" to "CFGWIZ31.EXE" and added the key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\CFGWIZ31="C:\WINDOWS\SYST EM\CFGWZ31.EXE"

It may also add the filename to the "run=" line in WIN.INI.

On the next reboot, the infected copy will infect other .EXE and .SCR files in the System directory and its subdirectories.

The virus searches for e-mail addresses in Outlook Express and Netscape mailboxes, as well as the Windows address book (.WAB) files. It stores information about the location of these mailboxes in a hidden file in the Windows directory with the extension ".dat". The rest of the filename is randomly generated based on the computer name.

Using its own SMTP code (by connecting to the mailserver directly), the virus then sends an e-mail message to all of the addresses it has found. The subject and body of the e-mail are taken from files on the infected machine's hard drive, and therefore may be any collection of ASCII characters. An infected file is attached to the e-mail.

Besides using SMTP to spread, Magistr also tries to connect to shares in the network neighborhood. If it can connect to a network drive, it will try to copy itself to the following directories and add a "run=" line to the WIN.INI file on the remote machine to infect it on the next startup:

WIN95
WIN98
WINDOWS
WINNT

The virus code contains a procedure to overwrite files on the hard drive as well as the CMOS data and Flash BIOS code. Whilst the CMOS data is recoverable, the loss of the Flash BIOS code could potentially render a computer unbootable.

Detection for this virus/worm has been added to the following virus engine/virus signature combination. Install this update or later to ensure protection:

CA Anti-Virus Product Engine/Signature
InoculateIT 4.x 22.00
InoculateIT 6.0 23.40.00
InoculateIT Personal Edition 5.2/1161
VET 10.2/1161


------------------
I crash...therefore I am.