Computing

W95.MTX


I was infected by a virus that made my life Hell for few days. Now you may laugh saying that you advise us on steps to protect ourselves against viruses and how in the world can you commit such a blunder. I again make a point, no one's perfect. And man always does and should learn from his own mistakes. And I do.

All said and done, lets move our focus to the virus. One of the best species you will ever come across (at least for the time being). What the name MTX means, I got no idea, but according to me it should be Most Terrifying Xtremity. I call it due to the shear versatility of the creature. It is not fair to call it a virus. Because it has three components: A worm, a virus and a backdoor. The virus is the component that infects all system files (exe and dll) on your hard disk. The worm helps the virus facilitate its spread. The backdoor contacts the virus website and downloads plug-ins and updates so as to avoid detection. Comprehensive, isn't it?

I am including the list of file names that you can receive as the infected file. This have been obtained from a reliable Anti-virus site. Sorry for the foul language.

README.TXT.pif
I_wanna_see_YOU.TXT.pif
MATRiX_Screen_Saver.SCR
LOVE_LETTER_FOR_YOU.TXT.pif
NEW_playboy_Screen_saver.SCR
BILL_GATES_PIECE.JPG.pif
TIAZINHA.JPG.pif
FEITICEIRA_NUA.JPG.pif
Geocities_Free_sites.TXT.pif
NEW_NAPSTER_site.TXT.pif
METALLICA_SONG.MP3.pif
ANTI_CIH.EXE
INTERNET_SECURITY_FORUM.DOC.pif
ALANIS_Screen_Saver.SCR
READER_DIGEST_LETTER.TXT.pif
WIN_$100_NOW.DOC.pif
IS_LINUX_GOOD_ENOUGH!.TXT.pif
QI_TEST.EXE
AVP_Updates.EXE
SEICHO-NO-IE.EXE
YOU_are_FAT!.TXT.pif
FREE_xxx_sites.TXT.pif
I_am_sorry.DOC.pif
Me_nude.AVI.pif
Sorry_about_yesterday.DOC.pif
Protect_your_credit.HTML.pif
JIMI_HMNDRIX.MP3.pif
HANSON.SCR
FUCKING_WITH_DOGS.SCR
MATRiX_2_is_OUT.SCR
zipped_files.EXE
BLINK_182.MP3.pif

Remember, these are not the only names. The virus is quite intelligent to create subject oriented names so as to fool many (I was, ha ha). Let me now list the virus components

  • Mtx_.exe: The Worm
  • Win32.dll: The Backdoor
  • IE_pack.exe: The  Virus

The virus component searches the computer for specific antivirus programs running. If the virus finds one, then the virus does not run. If the virus continues to run, it decompresses the worm component, drops a copy of it into the user's Windows folder, (typically C:Windows), and runs it.

What is special about the virus is the fact that it prevents the infected PC from accessing almost any antivirus site. So if you go to www.symantec.com, your browser will hang and will be closed down. This is what makes the virus very difficult to detect and repair because you don't know what to do.

There are still many aspects to this virus. Why I am writing about this virus and any other to follow because Bella Online won't be on the list of these viruses. So even on an infected PC, help is not far away. What is the solution, you may ask. Symantec has given step-by-step solution but that is not advisable. Reason is that it involves replacing core window files like kernel32.dll, explorer.exe, wsock32.dll, rundll32.dll, etc. After replacing, there is no guarantee that the system will work. Trust me, the best solution is hard disk format. Backup all important data onto another partition and format C: and re-install windows. May seem like hell of a job, but truly worth it. You may surely notice the increased performance of your PC and also that you have said a final bye to W95.MTX.   


29-Jul-2001

More by :  Mayur Kamat

Top | Computing

Views: 3419      Comments: 1



Comment Hi,
Nice one really intresting, but one question is that after restoring windows without scanning the data will the virus will affect the Pc any more.

Sufiyan Shaikh
14-Dec-2010 00:38 AM




Name *

Email ID

Comment *
 
 Characters
Verification Code*

Can't read? Reload

Please fill the above code for verification.