Techguy
November 30, 2000, 10:30 am
PE_MTX.A
Risk rating: MEDIUM
Virus type: File Infector
Destructive: N
Aliases:
MTX.A, W32/MTX, I-Worm.MTX
Description:
This PE Trojan is sent as an email attachment from systems infected with TROJ_MTX.A. PE_MTX.A creates a modified copy of WSOCK32.DLL in order to intercept SMTP. When an infected user sends an email, a new email is also created with a copy of the virus as an attachment. When the recipient opens the mail and double clicks on the attachment, the virus is executed. It drops hidden files IE_PACK.EXE, WIN32.DLL and MTX_.EXE in the windows folder and creates a registry entry to execute MTX_.EXE on the next system boot up. Then it directly infects PE files in the windows and system directory. These files may have the extension EXE, SCR and DLL.
Solution:
Click START|RUN
Type REGEDIT and hit ENTER key
In the left panel, click the "+" to the left of any of the f following:
HKEY_LOCAL_MACHINE
Software
Microsoft
Windows
CurrentVersion
Run
If this contains the value
SystemBackup = "c:\windows\mtx_.exe" delete the entire key by pressing the DELETE key. Answer YES when asked to confirm.
Next, look for the following registry entry:
HKEY_LOCAL_MACHINE
Software
(MATRIX)
Delete this key too and close regedit.
Click START|Find
Type "wininit.ini". On the list box "Look in" indicate the Drive C and hit the ENTER key.
If it returns a file matching our search, highlight on it and press the DELETE key.
Click START|Find
Type "wsock32.mtx". On the list box "Look in" indicate the Drive c:\ and hit the ENTER key.
If it returns a file matching our search, highlight on it and press the DELETE key.
Click START|SHUTDOWN. Choose "Restart" and click OK.
Scan your system with your antivirus and delete all files detected as TROJ_MTX.A
------------------
Thank you for using Help From Techs Support Forums!
Please come again and remember to refer a friend to our site.
Risk rating: MEDIUM
Virus type: File Infector
Destructive: N
Aliases:
MTX.A, W32/MTX, I-Worm.MTX
Description:
This PE Trojan is sent as an email attachment from systems infected with TROJ_MTX.A. PE_MTX.A creates a modified copy of WSOCK32.DLL in order to intercept SMTP. When an infected user sends an email, a new email is also created with a copy of the virus as an attachment. When the recipient opens the mail and double clicks on the attachment, the virus is executed. It drops hidden files IE_PACK.EXE, WIN32.DLL and MTX_.EXE in the windows folder and creates a registry entry to execute MTX_.EXE on the next system boot up. Then it directly infects PE files in the windows and system directory. These files may have the extension EXE, SCR and DLL.
Solution:
Click START|RUN
Type REGEDIT and hit ENTER key
In the left panel, click the "+" to the left of any of the f following:
HKEY_LOCAL_MACHINE
Software
Microsoft
Windows
CurrentVersion
Run
If this contains the value
SystemBackup = "c:\windows\mtx_.exe" delete the entire key by pressing the DELETE key. Answer YES when asked to confirm.
Next, look for the following registry entry:
HKEY_LOCAL_MACHINE
Software
(MATRIX)
Delete this key too and close regedit.
Click START|Find
Type "wininit.ini". On the list box "Look in" indicate the Drive C and hit the ENTER key.
If it returns a file matching our search, highlight on it and press the DELETE key.
Click START|Find
Type "wsock32.mtx". On the list box "Look in" indicate the Drive c:\ and hit the ENTER key.
If it returns a file matching our search, highlight on it and press the DELETE key.
Click START|SHUTDOWN. Choose "Restart" and click OK.
Scan your system with your antivirus and delete all files detected as TROJ_MTX.A
------------------
Thank you for using Help From Techs Support Forums!
Please come again and remember to refer a friend to our site.