daveleau
11-06-2000, 01:57 PM
Our lab mgr got a Matrix screensaver from a father in his scout troop. Thought it would be cool and install it. It didn;t work. After that he got an error when MTX_.EXE would fail and crash.
We didn't know what it was and could not find anything related to MTX. Well we decided to run our virus scanner and lo and behold, there was the I-WORM MTX virus in two different strains.
After reading, it is a self-propogating virus released in September that uses your Outlook mail to spread. It will not execute if a virus scanner is running. The three integral files are not visible under any search options. It installs a backdoor compliment called MTX.exe which has a bug that crashes whenever it tries to connect with its home server to DL other virii and trojans to make the system more vulnerable. and it has a dropper element, so if you delete the main files but do not completely disinfect, it will reform itself and reinfect the system.
The integral files are
IE_PACK.EXE
WIN32.DLL
MTX.EXE
These are installed into the system folder. You can delete these in DOS and disinfect, but it installs into explorer and taskmon and will reinstall if not disinfected properly.
The way I disinfected our systems was this:
--make a boot disk including XCOPY, KILLMTX, and WSOCK32.DLL
--(you can DL KILLMTX here: http://www.quickheal.com/mtx.htm )
--boot infected system with boot disk
--A:\killmtx c: /repair
--xcopy a:\wsock32.dll c:\windows\system /v
--reboot
--scan with AV and you should be clean.
One thing to note that is clever is that the virus blocks access to the major antivirus URLs. It crashed the web browser on one system and gave inability to connect errors on the second.
Anyway, should you receive a Matrix screen saver, don't install it unless you want to go through this. I am glad these guys made this fix, b/c otherwise it was a reformat and reinstall after a low level format. I didn't want to do this since we did not back up data before this. http://sysopt.earthweb.com/forum/redface.gif
Stay clean
Dave
[dcl]
We didn't know what it was and could not find anything related to MTX. Well we decided to run our virus scanner and lo and behold, there was the I-WORM MTX virus in two different strains.
After reading, it is a self-propogating virus released in September that uses your Outlook mail to spread. It will not execute if a virus scanner is running. The three integral files are not visible under any search options. It installs a backdoor compliment called MTX.exe which has a bug that crashes whenever it tries to connect with its home server to DL other virii and trojans to make the system more vulnerable. and it has a dropper element, so if you delete the main files but do not completely disinfect, it will reform itself and reinfect the system.
The integral files are
IE_PACK.EXE
WIN32.DLL
MTX.EXE
These are installed into the system folder. You can delete these in DOS and disinfect, but it installs into explorer and taskmon and will reinstall if not disinfected properly.
The way I disinfected our systems was this:
--make a boot disk including XCOPY, KILLMTX, and WSOCK32.DLL
--(you can DL KILLMTX here: http://www.quickheal.com/mtx.htm )
--boot infected system with boot disk
--A:\killmtx c: /repair
--xcopy a:\wsock32.dll c:\windows\system /v
--reboot
--scan with AV and you should be clean.
One thing to note that is clever is that the virus blocks access to the major antivirus URLs. It crashed the web browser on one system and gave inability to connect errors on the second.
Anyway, should you receive a Matrix screen saver, don't install it unless you want to go through this. I am glad these guys made this fix, b/c otherwise it was a reformat and reinstall after a low level format. I didn't want to do this since we did not back up data before this. http://sysopt.earthweb.com/forum/redface.gif
Stay clean
Dave
[dcl]