Email-Worm.Win32.MTX (Kaspersky Lab) is also known as: I-Worm.MTX (Kaspersky Lab), W95/[email protected]
(McAfee), W95.MTX (Symantec), Win95.Matrix.9245 (Doctor Web), W32/Apology-B (Sophos), Win32/[email protected]
PE_Mtx.A, W95/MTX, W32/MTX.9244.A, Win32:MTX-B, I-Worm/MTX.E
Category: Computer Worm
Active & Spreading
Asia, North and South America, and some parts of Europe and Australia
17 Aug 2000
The W95.MTX program has a component of a virus and also a component of a worm. It spreads the email and also infects particular files that are executable.
W95.MTX Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W95.MTX from your computer.
More details about W95.MTX
The W95.MTX makes a replicate of the Wsock32.dll and then rename it as Wsock32.mtx. The function of the send export of the file .mtx will then changed to its own code. This permits the virus to send a replicate of the worm that is infected by the virus to the similar person where the user launches the email message by using similar program. The file names might be used in case it launches the infected worm to other clients. For the files having .pif extension, this might be invisible to pthe program of the mail. The list of the file names are the Love_letter_for_you.txt.pif, Feiticeira_nua.jpg.pif, I_wanna_see_you.txt.pif, Internet_security_forum.doc.pif, Reader_digest_letter.txt.pif, You_are_fat!.txt.pif, Alanis_screen_saver.scr, Geocities_free_sites.txt.pif, New_playboy_screen_saver.scr, Seicho_no_ie.exe, Bill_gates_piece.jpg.pif, Free_xxx_sites.txt.pif, Matrix_screen_saver.scr, Sorry_about_yesterday.doc.pif, F___ing_with_dogs.scr, I_am_sorry.doc.pif, New_napster_site.txt.pif, Protect_your_credit.html.pif, Win_$100_now.doc.pif, Jimi_hendrix.mp3.pif, Tiazinha.jpg.pif, and Zipped_files.exe.
Additional to the file names that it uses to send mails are the Metallica_song.mp3.pif, Matrix_2_is_out.scr, Is_linux_good_enough!.txt.pif, Me_nude.avi.pif, Blink_182.mp3.pif, Anti_cih.exe, Hanson.scr, Avp_updates.exe, and Qi_test.exe.The Wininit.ini is generated that will cause Wsock32.dll be eliminated and then the Wsock32.mtx will be renamed into Wsock32.dll. The Wininit.ini performs as the computer will be restarted. Sfter the Wininit.ini was generated, the component will then run the components of the virus. The component of the virus finds for the particular antivirus program that is running. If the virus found one of these, then the virus will not run. If it continues running, the component will be decompressed.