MTX

[Andrew]

Hi,

I hope that someone can help. Had win 95.mtx , NAV picked it up and repaired
some of the files but the rest had to be done manually. Followed the
guidelines from Symantec and now when I boot up it tells me that the O/S is
missing. Ran Fdisk and it says that there are no partitions.
TIA
Andrew

[Phil Lee]

Got matrix MTX virus bad...Win98 computer booted up to a blank screen with
wallpaper, no icons, no menu / task bar. Had mouse action. No response to
Windows key or Ctrl-Alt-Delete. I tried McAfee Virus Scan v4.0.2 and latest
definition files and Norton's AV FixMTX.exe and they did not work.

Used InVIRcible.com's free download CleanMTX.exe from their homepage. It is
a real small DOS executable. It deleted over 1800 MTX infected files, mainly
Windows ME DLLs and video drivers. It also cleans the registry. Also ID the
Trojan file as "f_cking_with_dogs.scr". If you see ie_pack.exe....you are in
for a MTX treat! Watch for welcome.x, glu32.x, msimg32.x and opengl32.x
files as telltales for MTX!

Then reinstalled Win ME over existing Windows directory and poof, everything
was OK again. Did not have to reinstall apps or reformat HD. Some
reconfiguration for some device drivers was needed. InVircible.com's
CleanMTX.exe is a great fix.

Regards, Phil, SysE, Minneapolis, MN, Silicon Tundra, USA

=============

"Andrew" <andc...@hotmail.com> wrote in message
news:94h7os$8c...@news.emirates.net.ae...

[Axel Pettinger]

Phil Lee schrieb:

>
> Got matrix MTX virus bad...Win98 computer booted up to a blank screen
> with wallpaper, no icons, no menu / task bar. Had mouse action. No
> response to Windows key or Ctrl-Alt-Delete. I tried McAfee Virus Scan
> v4.0.2 and latest definition files and Norton's AV FixMTX.exe and they
> did not work.
>
> Used InVIRcible.com's free download CleanMTX.exe from their homepage.
> It is a real small DOS executable. It deleted over 1800 MTX infected
> files, mainly Windows ME DLLs and video drivers. It also cleans the
> registry. Also ID the Trojan file as "f_cking_with_dogs.scr". If you
> see ie_pack.exe....you are in for a MTX treat! Watch for welcome.x,
> glu32.x, msimg32.x and opengl32.x files as telltales for MTX!
>
> Then reinstalled Win ME over existing Windows directory and poof,
> everything was OK again. Did not have to reinstall apps or reformat
> HD. Some reconfiguration for some device drivers was needed.
> InVircible.com's CleanMTX.exe is a great fix.

Sorry, but deleting infected files is certainly not what I'd call "great
fix" as it often means that you'd have to reinstall your OS because some
important files are missing. Just for your information ... anti virus
scanners like Norton AntiVirus or McAfee VirusScan are able to remove
W95/MTX@m from infected files. If necessary then you can still use the
log file of your av scanner to replace cleaned infected files ...

Regards,
Axel Pettinger

[Axel Pettinger]

Axel Pettinger schrieb:

>
> If necessary then you can still use the log file of your av scanner to
> replace cleaned infected files ...

Oops, should mean "...replace cleaned files ..."

Regards,
Axel Pettinger

[Zvi Netiv]

Axel Pettinger <a...@epost.de> wrote:

I agree that cleaning infected files is more convenient than replacing but
experience shows that disinfected files sometimes cause more trouble than
reinstalling Windows and applications.

Replacing cleaned files on base of the disinfector log is impractical for
several reasons: First, not all disinfectors create a log/report file by
default (e.g. F-Prot). Secondly, you can't always tell which file was corrupted
in the course of disinfection. Can you tell which file(s) should be replaced
when an 'illegal opperation' error occurs every time you try accessing your
network settings? There are a dozen of files, at least, involved in the process
and anyone of them could be the cause!

Regards, Zvi
--
NetZ Computing Ltd. ISRAEL http://invircible.com sup...@resq.co.il
InVircible Anti-Virus Software, ResQdisk and Data Recovery Utilities
E-mail sent in reply to this post will not be considered private and
may be answered in the newsgroup.

[Phil Lee]

Hi Axel, actually re-installing WinME Upgrade was effortless as it re-used
the existing registry. Trying to replace or deal with "sanitized" files with
1800 Windows DLL files individually would be more trouble and possibly
riskier.

The only applications that needed to be re-installed are Adobe Photoshop
5.5, Adobe Type Mgr v3, and MS Outlook Express v5. Probably some of the
app's DLLs got the virus. This was minimal effort, in my opinion, as there
were many more DTP applications and data files on the hard drive.

----------------

All that McAfee VirusScan v4.0.3 with the latest definitions file did was
put the contaminated files in a different folder and rename them with a .VXX
extension. It did NOT clean the virus infected files. And it would hang in
the middle of the scan many times. When restarted it would find more virus
infected files in the areas that were already scanned. I would rate its
viral detection scheme as D- . Ever since Network Assoc Inc acquired McAfee,
IMHO, McAfee products have gone downhill.

The Norton Anti Virus MTX app, FixMTX.exe , did not work. Gave an error
message, "This is a Windows NT character mode executable." I had Symantec's
NAV 2001 in an unopened box, just in case. I decided not to use it and
returned it. Ever since Symantec acquired Norton, IMHO, Norton products have
gone downhill.

All that these software conglomerates are interested in are revenues and
market share. To damn whether if they are any good, or if they work.

----------------

IMHO, InVIRcible.com's free download CleanMTX.exe is a great fix, I rate it
an A- !

Regards, Phil, Minneapolis, MN, Silicon Tundra, USA

=============

"Axel Pettinger" <a...@epost.de> wrote in message
news:3A732FA0...@epost.de...

[cqu...@iafrica.com]

On Mon, 29 Jan 2001 05:10:33 +0200, Zvi Netiv <z...@invircible.com>

>Axel Pettinger <a...@epost.de> wrote:
>> Phil Lee schrieb:

>> > Got matrix MTX virus bad...

>> > Used InVIRcible.com's free download CleanMTX.exe from their homepage.

>> > It is a real small DOS executable. It deleted over 1800 MTX infected
>> > files, mainly Windows ME DLLs and video drivers.

>> > Then reinstalled Win ME over existing Windows directory and poof,
>> > everything was OK again.

Meaning you hadn't had any newer-than-CD MSware updates or installs.
For the rest of the readers here; YMMV.

>> Sorry, but deleting infected files is certainly not what I'd call "great fix"

Agreed. There's a thing called "rename", y'know.

>> scanners like Norton AntiVirus or McAfee VirusScan are able to remove
>> W95/MTX@m from infected files. If necessary then you can still use the
>> log file of your av scanner to replace cleaned infected files ...

You will need both, with MTX.
Cleaning is not always the same as repair

>I agree that cleaning infected files is more convenient than replacing but
>experience shows that disinfected files sometimes cause more trouble than
>reinstalling Windows and applications.

In the case of MTX, if you do an FC /B of cleaned vs. pre-infected,
you will see differences. This is inevitable as the infection method
MTX uses is "lossy", from an infotheory perspective; it overwrites, so
what was overwritten cannot be restored.

Perhaps an integrity-management approach will allow repair via an
automated restore-from-backup fix, but with only the infected file to
work from, you cannot be sure of "fixing" it, only neutralising the
infection (i.e. "cleaning" it).

MTX also infects at arbitrary points within executable code, not at
entry - so the effects can be non-obvious. For example, an app may
work perfectly unless you go into a particulat "Settings" dialog box,
and then crash because that's where MTX has infected.

>--------------- ----- ---- --- -- - - -
Error Messages Are Your Friends
>--------------- ----- ---- --- -- - - -