Return To Home Page Search Fire Products, Services and others Overview of the Site Design and Build a Career Contact us for customer service and other feedback info Prognet Privacy Statement

Click here to view product details, fire framework, screen shots, Y2K statement, etc.Download fire evaluation copy, updates, upgrades, user manual, free utils and lot more.Customers can enjoy technical support, security tips, FAQ, free virus alert mail, etc. Online ordering, renewal form and upgrade details.Resellers, dealers and distributors can enter here.Click here to view latest virus alerts, virus information center, virus calendar, etc.Latest news and other press releases.About Prognet Technologies Pvt. Ltd, technical team, clients, events and lot more.

 

MTX Virus

Information about Win32/MTX virus:

                     MTX is a complex encrypted worm spreads via email and carries a virus to infect local machine files. It is discovered in September 2000 and frequently reported in the wild. When executed, the worm patches WSOCK32.DLL to email automatically. When it detects an Internet connection, it attempts to connect to a web site hosted by a virus authoring group, and if successful, it downloads additional components to the host PC.

                     The system registry is modified to load this at system startup "HKLM\Software\Microsoft\Windows\CurrentVersion\Run SystemBackup=%WinDir%\MTX_.EXE". The virus infects .EXE and .DLL files in the current directory and temp directory. Win32/MTX virus component uses EPO ( Entry Point Obscuring ) technology to infect files. It makes the virus disinfection procedures more complex. We have incorporated perfect solution to Win32/MTX virus in our Fire Anti-virus Kit.

The MTX worm attachment name will be one of the following

README.TXT.pif, I_wanna_see_YOU.TXT.pif, MATRiX_Screen_Saver.SCR LOVE_LETTER_FOR_YOU.TXT.pif, NEW_playboy_Screen_saver.SCR, BILL_GATES_PIECE.JPG.pif, TIAZINHA.JPG.pif, FEITICEIRA_NUA.JPG.pif, Geocities_Free_sites.TXT.pif, NEW_NAPSTER_site.TXT.pif, METALLICA_SONG.MP3.pif ANTI_CIH.EXE, INTERNET_SECURITY_FORUM.DOC.pif, ALANIS_Screen_Saver.SCR, READER_DIGEST_LETTER.TXT.pif, WIN_$100_NOW.DOC.pif, IS_LINUX_GOOD_ENOUGH!.TXT.pif, QI_TEST.EXE, AVP_Updates.EXE, SEICHO-NO-IE.EXE, YOU_are_FAT!.TXT.pif, FREE_xxx_sites.TXT.pif, I_am_sorry.DOC.pif, Me_nude.AVI.pif, Sorry_about_yesterday.DOC.pif, Protect_your_credit.HTML.pif, JIMI_HMNDRIX.MP3.pif, HANSON.SCR FUCKING_WITH_DOGS.SCR, MATRiX_2_is_OUT.SCR, zipped_files.EXE, BLINK_182.MP3.pif

                     The message body and subject line of the e-mail will be empty. When the attachment is opened MTX worm patches the WSOCK32.DLL and forced to use this file on next startup using WININIT.INI. MTX worm blocks access to several anti-virus sites and also disables e-mails messages of several anti-virus related domains.

The worm code contains the following text strings

"Software provide by [MATRiX] VX team:
Ultras, Mort, Nbk, LOrd DArk, Del_Armg0, Anaktos
Greetz:
All VX guy on #virus channel and Vecna
Visit us: www.coderz.net/matrix"

Removing MTX virus from your system:

                     Fire has incorporated Win32/MTX into its virus signature file, with the aim of helping users affected by this Worm attack to detect and eliminate it from their systems. Fire anti-virus users can update this signature file by using online update facility. It is available with the registered version of Fire anti-virus Kit. After cleaning the virus, Fire recovers patched WSOCK32.DLL file also. So Fire users need not search for pure copy of WSOCK32.DLL file.

                     You can check the system manually. This worm creates the file "IE_PACK.EXE", "MTX_.EXE" in the windows folder. If the files are present, your PC is infected with this worm. A free download of FireLite [ 1100KB] version is also available to detect Win32/MTX virus. Fire anti-virus kit provides perfect cure for MTX worm and Win32/MTX virus. If you find this virus, use registered version of Fire to remove. To get the registered version of Fire call us at 044-28170440 or mail to service@fireav.com or purchase Fire online using

[Analysis: Mr.Ramesh, Mr.Stanley Rakesh, Prognet Technologies Pvt. Ltd, Sept. 2000]

Go to top of the page

Bottom image.