Search Solo Products, Services and others Overview of the Site Design and Build a Career Contact us for customer service and other feedback info SRN Micro Privacy Statement

 


I-WORM/MTX SPREADS USING E-MAIL ATTACHMENTS

Virus Name  : Win32/MTX

Alias             : I-Worm/MTX, W32.MTX@mm, TROJ_MTX, PE_MTX

Virus type    : Internet worm, File Infector

Threat level : Medium

Virus details :

                     MTX is a complex encrypted worm spreads via email and carries a virus to infect local machine files. It is discovered in September 2000 and frequently reported in the wild. When executed, the worm patches WSOCK32.DLL to email automatically. When it detects an Internet connection, it attempts to connect to a web site hosted by a virus authoring group, and if successful, it downloads additional components to the host PC.

                     The system registry is modified to load this at system startup "HKLM\Software\Microsoft\Windows\CurrentVersion\Run SystemBackup=%WinDir%\MTX_.EXE". The virus infects .EXE and .DLL files in the current directory and temp directory. Win32/MTX virus component uses EPO ( Entry Point Obscuring ) technology to infect files. It makes the virus disinfection procedures more complex. We have incorporated perfect solution to Win32/MTX virus in our Solo Anti-virus Kit.

The MTX worm attachment name will be one of the following

README.TXT.pif, I_wanna_see_YOU.TXT.pif, MATRiX_Screen_Saver.SCR LOVE_LETTER_FOR_YOU.TXT.pif, NEW_playboy_Screen_saver.SCR, BILL_GATES_PIECE.JPG.pif, TIAZINHA.JPG.pif, FEITICEIRA_NUA.JPG.pif, Geocities_Free_sites.TXT.pif, NEW_NAPSTER_site.TXT.pif, METALLICA_SONG.MP3.pif ANTI_CIH.EXE, INTERNET_SECURITY_FORUM.DOC.pif, ALANIS_Screen_Saver.SCR, READER_DIGEST_LETTER.TXT.pif, WIN_$100_NOW.DOC.pif, IS_LINUX_GOOD_ENOUGH!.TXT.pif, QI_TEST.EXE, AVP_Updates.EXE, SEICHO-NO-IE.EXE, YOU_are_FAT!.TXT.pif, FREE_xxx_sites.TXT.pif, I_am_sorry.DOC.pif, Me_nude.AVI.pif, Sorry_about_yesterday.DOC.pif, Protect_your_credit.HTML.pif, JIMI_HMNDRIX.MP3.pif, HANSON.SCR FUCKING_WITH_DOGS.SCR, MATRiX_2_is_OUT.SCR, zipped_files.EXE, BLINK_182.MP3.pif

                     The message body and subject line of the e-mail will be empty. When the attachment is opened MTX worm patches the WSOCK32.DLL and forced to use this file on next startup using WININIT.INI. MTX worm blocks access to several anti-virus sites and also disables e-mails messages of several anti-virus related domains.

The worm code contains the following text strings

"Software provide by [MATRiX] VX team:
Ultras, Mort, Nbk, LOrd DArk, Del_Armg0, Anaktos
Greetz:
All VX guy on #virus channel and Vecna
Visit us: www.coderz.net/matrix"

How can I protect my system?

                   Solo has incorporated  Win32/MTX in its signature file to protect users from this virus attack. Solo antivirus registered users are already protected from this virus. Make sure that you have installed registered version of Solo Antivirus to protect your system from all virus threats.

How to remove Win32/MTX virus?

                     You can check the system manually. This worm creates the file "IE_PACK.EXE", "MTX_.EXE" in the windows folder. If the files are present, your PC is infected with this worm.

                   If you are already infected with this virus, you can remove it from your computer using Solo Antivirus software. Solo antivirus can detect and remove  Win32/MTX safely. Use the following link to Download 30 day trial version of Solo antivirus to remove viruses from your computer.

                   After cleaning the virus, Solo recovers patched WSOCK32.DLL file also. So Solo users need not search for pure copy of WSOCK32.DLL file.

                   Solo anti-virus not only scans for all viruses, it contains a unique System Integrity Checker to protect you from New Internet Worms, Backdoors and malicious VB, Java Scripts. It also effectively removes all existing Internet Worms, File viruses, malicious VB, Java scripts, Trojans, Backdoors, boot sector, partition table and macro viruses.

You can purchase Solo antivirus using the link