Techguy
November 30, 2000, 10:32 am
TROJ_MTX.A
Risk rating: MEDIUM
Virus type: Trojan
Destructive: N
Aliases:
MTX.A, W32/APOLOGY, W32/MTX, W32/APOLOGY-B, I-Worm.MTX
Description:
This backdoor Trojan infects EXE, SCR, CPL, and DLL files in the current and windows directory. When an infected user sends an email to an address, the Trojan sends another email to the same address with itself as an attachment. This attachment is detected as PE_MTX.A. The Trojan also installs a backdoor application in the system and prevents the infected user from accessing any antivirus vendor websites or sending email to specific email servers.
Solution:
Click START | Find
Search and delete the file WININIT.INI.
If you found WININIT.INI it means that the Trojan is not yet done patching WSOCK32.DLL. In this case, search and delete the file WSOCK32.MTX. Otherwise, restore the original WSOCK32.DLL by extracting the file from the Windows installation file or by getting a copy of this file from another machine (make sure this machine is virus free). Take note of the major and minor version.
Reboot the system in MS-DOS mode.
Go to the Windows directory and run the following commands:
attrib mtx_.exe –h
attrib Ie_pack.exe –h
attrib Win32.dll -h
You need to do this to remove the hidden attribute of the dropped files.
Restart Windows.
Remove any reference to the Trojan file in the system registry.
HKEY_LOCAL_MACHINE\Software\[MATRIX] (remove the whole key)
HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\Run SytemBackup = “%windir%\mtx_.exe”
Scan your system with your antivirus and delete all files detected as TROJ_MTX.A.
------------------
Thank you for using Help From Techs Support Forums!
Please come again and remember to refer a friend to our site.
Risk rating: MEDIUM
Virus type: Trojan
Destructive: N
Aliases:
MTX.A, W32/APOLOGY, W32/MTX, W32/APOLOGY-B, I-Worm.MTX
Description:
This backdoor Trojan infects EXE, SCR, CPL, and DLL files in the current and windows directory. When an infected user sends an email to an address, the Trojan sends another email to the same address with itself as an attachment. This attachment is detected as PE_MTX.A. The Trojan also installs a backdoor application in the system and prevents the infected user from accessing any antivirus vendor websites or sending email to specific email servers.
Solution:
Click START | Find
Search and delete the file WININIT.INI.
If you found WININIT.INI it means that the Trojan is not yet done patching WSOCK32.DLL. In this case, search and delete the file WSOCK32.MTX. Otherwise, restore the original WSOCK32.DLL by extracting the file from the Windows installation file or by getting a copy of this file from another machine (make sure this machine is virus free). Take note of the major and minor version.
Reboot the system in MS-DOS mode.
Go to the Windows directory and run the following commands:
attrib mtx_.exe –h
attrib Ie_pack.exe –h
attrib Win32.dll -h
You need to do this to remove the hidden attribute of the dropped files.
Restart Windows.
Remove any reference to the Trojan file in the system registry.
HKEY_LOCAL_MACHINE\Software\[MATRIX] (remove the whole key)
HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\Run SytemBackup = “%windir%\mtx_.exe”
Scan your system with your antivirus and delete all files detected as TROJ_MTX.A.
------------------
Thank you for using Help From Techs Support Forums!
Please come again and remember to refer a friend to our site.