A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z | Encyclopedia Home
M letter viruses. Scroll down the page to view or choose from the names below:
MTX |
Music
MTX
README.TXT.pif
Music
Testing to send file
and the body of the email reads:
Hi, just testing email using Merry Christmas music file, not bad music.
If executed, the worm copies itself to C:\Windows\System as SYSMCM.EXE. It also modifies the registry to run on startup. While doing so, the worm displays Christmas pictures accompanied by a musical tune. It then connects to two Inet sites, downloads and saves two additional components named SYSDRV.EXE and SYSTMP.DLL. These files are saved to the C:\Windows directory. A second downloaded component of the worm is copied to Windows\System and, in turn, it sends a copy of the original worm to all recipients in the infected user's Address Book. The worm is self-updating, that is it is able to upgrade its components via the Internet. Thus, functionality of the worm may change over time.
If you are unable to find a description for a particular virus, please contact me or post a message in the forum.
Aliases: MTX
Type: Virus, Worm, and Backdoor Access Trojan
Systems Affected: Windows 95, 98, NT and 2000
Payload: Backdoor component can download additional viruses; blocks certain antivirus software sites from being accessed
ITW: Yes
Origin:
Description:I-Worm.MTX is a combination virus (worm, Trojan, and virus). It is generally received as one of the following attachments to an email:
I_wanna_see_YOU.TXT.pif
MATRiX_Screen_Saver.SCR
LOVE_LETTER_FOR_YOU.TXT.pif
NEW_playboy_Screen_saver.SCR
BILL_GATES_PIECE.JPG.pif
TIAZINHA.JPG.pif
FEITICEIRA_NUA.JPG.pif
Geocities_Free_sites.TXT.pif
NEW_NAPSTER_site.TXT.pif
METALLICA_SONG.MP3.pif
ANTI_CIH.EXE
INTERNET_SECURITY_FORUM.DOC.pif
ALANIS_Screen_Saver.SCR
READER_DIGEST_LETTER.TXT.pif
WIN_$100_NOW.DOC.pif
IS_LINUX_GOOD_ENOUGH!.TXT.pif
QI_TEST.EXE
AVP_Updates.EXE
SEICHO-NO-IE.EXE
YOU_are_FAT!.TXT.pif
FREE_xxx_sites.TXT.pif
I_am_sorry.DOC.pif
Me_nude.AVI.pif
Sorry_about_yesterday.DOC.pif
Protect_your_credit.HTML.pif
JIMI_HMNDRIX.MP3.pif
HANSON.SCR
FUCKING_WITH_DOGS.SCR
MATRiX_2_is_OUT.SCR
zipped_files.EXE
BLINK_182.MP3.pif
How to prevent it: Avoid executing any of the above named attachments. Do not open attachments that are not expected - regardless of the source.
Aliases: I-Worm.Music
Type: VBScript Worm
Systems Affected: Windows 32-bit systems
Payload: Worm is self-updating, so functionality could vary
ITW: Yes
Origin:
Description: Music is a VBScript worm received as an email attachment, named MUSIC.EXE. The subject line of the message reads:
What to look for: Search for the filenames listed in the above description. Also search the HKey_Local_Machine\Software\Microsoft\Windows\CurrentVersion\Run registry key for the following value: SysDrv = path\sysmcm.exe (where path is the Windows\System directory). Also in HKey_Local_Machine\Software\Microsoft look for the value MCM containing:
FirstRun
LastRun
RunMCM
Status
SMTP
Version = 001111
How to prevent it: Do not open attachments received unexpectedly, even from known sources. Keep your antivirus software up-to-date, save and scan any attachments before opening.
Aliases:
Type:
Systems Affected:
Payload:
ITW:
Origin:
Description:
What to look for:
How to prevent it:
Aliases:
Type:
Systems Affected:
Payload:
ITW:
Origin:
Description:
What to look for:
How to prevent it:
Aliases:
Type:
Systems Affected:
Payload:
ITW:
Origin:
Description:
What to look for:
How to prevent it:
