WIN32.MTX

Information about the Win32.MTX:

This virus is found under 32-bit environment (Windows 95, Windows98, Windows NT based systems). This virus has trojan and worm characterstics. This virus spreads through email.

The following are the infected files received as an attachment:

ALANIS_Screen_Saver.SCR
ANTI_CIH.EXE
AVP_Updates.EXE
BILL_GATES_PIECE.JPG.pif
BLINK_182.MP3.pif
FEITICEIRA_NUA.JPG.pif
FREE_xxx_sites.TXT.pif
FUCKING_WITH_DOGS.SCR
Geocities_Free_sites.TXT.pif
HANSON.SCR
I_am_sorry.DOC.pif
I_wanna_see_YOU.TXT.pif
INTERNET_SECURITY_FORUM.DOC.pif
IS_LINUX_GOOD_ENOUGH!.TXT.pif
JIMI_HMNDRIX.MP3.pif
LOVE_LETTER_FOR_YOU.TXT.pif
MATRiX_2_is_OUT.SCR
MATRiX_Screen_Saver.SCR
Me_nude.AVI.pif
METALLICA_SONG.MP3.pif
NEW_NAPSTER_site.TXT.pif
NEW_playboy_Screen_saver.SCR
Protect_your_credit.HTML.pif
QI_TEST.EXE
READER_DIGEST_LETTER.TXT.pif
SEICHO-NO-IE.EXE
Sorry_about_yesterday.DOC.pif
TIAZINHA.JPG.pif
WIN_$100_NOW.DOC.pif
YOU_are_FAT!.TXT.pif
zipped_files.EXE


Opening the infected attachment launches the worm by dropping the files. Restarting the MTX virus infected computer would rename the dropped WSOCK32.MTX to original WSOCK32.DLL at the startup. The virus gains access to the SMTP and spread through the shared network folders. Apart from that, the following files are also dropped :

IE_PACK.EXE
MTX_.EXE
WIN32.DLL

It modifies registry at the following locations

HKLM\SoftwareHKLM\Software\Microsoft\Windows\CurrentVersion\Run

This worm then infects the window files having extensions EXE, SCR and DLL.

Win32.MTX virus first appeared in September 2000.


Other names of Win32.Mtx:
This virus is also known as Win32.MTX, I-Worm.MTX