this is a link to the info on the virus in question at symantec--
apparently it screws up about everything *except* .dll files, so i
interpreted what i saw of it wrong.
 
[log in to unmask]" target="_blank">http:[log in to unmask]
(if the URL wraps, copy and paste)
 
"If an active Internet connection exists, the virus searches for up to
five .doc and .txt files and chooses a random number of words from one of
these files.  These words are used to construct the subject and message
body of the email message.  Then the virus searches for up to 20 .exe
and .scr files smaller than 128 KB, infects one of these files, attaches
the infected file to the new message, and sends this message to up to 100
people from the address books.  In addition there is a 20-percent chance
that it will attach the file from which the subject and message body was
taken, and an 80-percent chance that it will add the number 1 to the
second character of the sender address.  This last change prevents replies
from being returned to you and possibly alerting you to the infection."
 
To remove this worm:
 
1. Run LiveUpdate to make sure that you have the most recent virus
   definitions.
2. Start Norton AntiVirus (NAV), and run a full system scan, making sure
   that NAV is set to scan all files.
3. If any files are detected as infected by W32.Magistr.24876@mm, choose
   Repair.
 
so, [log in to unmask], whoever you are, you've got this worm, and i'd
get rid of it asap, becaue from what i read, it doesn't look like it's
got much to recommend it.
 
-kat
[Posted in FML issue 3467]