Manual Removal instructions for W95.MTX 

 

    4Help provides these instructions to assist you in the removal of this computer virus.  If these instructions do not remove the virus from your system, then 4Help recommends that you contact your computer vendor.  The use of up-to-date anti-virus software will help prevent your computer from becoming infected with viruses.

 

What you need to complete these instructions:

  • Your Windows 95/98 CD.

  • A Windows 98 Startup disk (instructions for creating one are in the steps below).

  • 3 blank floppy disks.

  • Norton AntiVirus installed on the infected computer.

    If you don't have Norton AntiVirus installed, click the following link to download and it:

                            http://antivirus.vt.edu/download/index.php 

 

Time to complete:     60 minutes - 3 hours

  • Time to complete depends on how long it takes Norton AntiVirus to scan your computer.

Virus removal:

 

Overview:

  • Update your virus definitions.
  • Scan your computer with Norton Antivirus.
  • Extract damaged system files.
  • Repair the Windows registry.

 

  1. You MUST print these instructions before you proceed with the virus removal. You will need the printed instructions because your computer may not boot into Windows during parts of the repair process.
    • Select 'Print...' from the 'File' menu.
  2. Obtain a Windows 98 Startup disk. If you don't have one, you can create one by:
    1. On a virus free Windows 98 computer, double click 'My Computer'.
    2. Double click on 'Control Panel'.
    3. Double click on 'Add/Remove Programs'.
    4. Select the 'Startup Disk' tab.
    5. Insert a blank floppy disk into the floppy drive.
    6. Click on the 'Create Disk...' button.
    7. Follow the prompts to create the disk.
  3. Ensure that you have recent virus definitions that will detect the MTX virus:
    1. Click the link below to download the virus definitions (the link will open in a new window):

      http://antivirus.vt.edu/download/definitions.php

    2. Follow the instructions listed on the page.

Scan for infected files:

  1. Insert the Windows 98 Startup Disk and turn on the computer.
  2. A menu will appear titled 'Microsoft Windows 98 Startup menu':
    • Select '1. Start computer with CD-ROM support'.
    • Press 'Enter'.
  3. The computer should start to 'A:>'.
  4. Type c: and press 'Enter':
  5. Type each of the following commands and press 'Enter' after each one:
    • set path=c:\windows\command;%path%
    • cd \windows
    • attrib -r -s -h *.*
    • del ie_pack.exe
    • del win32.dll
    • del mtx_.exe
    • NOTE: If after entering any of these commands, you see messages such as 'File not found,' type the command again to make sure that it was typed exactly as shown. For example, ie_pack.exe is 'ie' then an underscore then 'pack.exe'

  6. Type the following command and then press 'Enter':
    • dir /s navdx.exe
    • This will search the hard drive for the location of the Norton AntiVirus DOS scanner. If you have NAV installed to a different drive, changed to the root of that drive first.
  7. Write down the location that follows 'Directory of,' for example, C:\Progra~1\Norton~1.
  8. Change to the directory whose location you wrote down in the previous step by typing cd followed by the path. 
    • For example, to change to the default location shown in step 3, type the following command and then press Enter: cd progra~1\norton~1
  9. Type the following command and then press 'Enter':
    • navdx /a /doallfiles /repair /delete
    • This will scan all hard drives and files. NAV will attempt to repair any infected files; if it cannot repair an infected file, the file will be deleted.
    • NOTE: This scan may take several hours to complete.
  10. After the scan is complete, leave the computer on and proceed to the Manual System File Repair section below.

Manual System File Repair

  1. Type dir /s precopy1.cab then press 'Enter'.
    • This will search the hard drive for the location of the Cab files.
  2. Write down the location that follows ‘Directory of’ for example, 'C:\Windows\Options\Cabs'.
    • If you see the message 'File not found' then your CAB files are located on your Windows CD. Insert your Windows CD into the computer to complete the repair process.
  3. Change to the directory whose location you wrote down in the previous step by typing ‘cd’ followed by the path:
    • For example, to change to the location shown in Step 8, type cd windows\options\cabs and then press 'Enter'.
    • If your CAB files are located on the Windows 98 CD, type:
      • d: then press 'Enter'.
      • cd win98 then press 'Enter'.
    • If your CAB files are located on the Windows 95 CD, type:
      • d: then press 'Enter'.
      • cd win95 then press 'Enter'.
    • If you receive an error message while trying to switch to your Windows CD, try using a different drive letter until you no longer get an error message.  For example: e: or f:
  4. What you do next depends on which operating system you are using:

    NOTES:

    • If after entering any of these commands, you see a message such as ‘File not found,’ type the command again to make sure that it was typed exactly as shown.
    • If you see the error message 'Overwrite filename, (Yes/No/All)' type Y and then press ‘Enter’.
    • If you have Windows installed to a different location, please make the appropriate substitutions.
  5. If you are using Windows 98, type the following commands and press ‘Enter’ after each one:
    • extract /a precopy1.cab wsock32.dll /L c:\windows\system
    • extract /a win98_40.cab explorer.exe /L c:\windows
    • extract /a win98_40.cab rundll32.exe /L c:\windows
  6. If you are using Windows 95, type the following commands and press ‘Enter’ after each one:
    • extract /a win95_10.cab wsock32.dll /L c:\windows\system
    • extract /a win95_10.cab explorer.exe /L c:\windows
    • extract /a win95_10.cab rundll32.exe /L c:\windows
  7. After you follow these steps, remove all disks (CD-ROM and Floppy) from your computer.
  8. Restart the computer by pressing 'Ctrl-Alt-Del'.
 

Fix the Registry:

  1. Click 'Start/Run' to open the Run dialog box.
  2. Type regedit
  3. Click OK to open the Registry Editor.
  4. Select 'Export Registry File...' from the 'Registry' menu.
  5. In the 'File Name:' window type backup.
  6. In the 'Export Range' area select 'All'.
  7. Click 'Save'.
  8. Click on the + next to 'HKey_Local_Machine'.
  9. Click on the + next to 'Software'.
  10. Click on the + next to 'Microsoft'.
  11. Click on the + next to 'Windows'.
  12. Click on the + next to 'CurrentVersion'.
  13. Select the 'Run' folder.
  14. In the right pane, right click on 'SystemBackup C:\WINDOWS\MTX_.EXE' and select 'Delete'.
  15. Click Yes to confirm.
  16. Delete the following subkey:

    HKey_Local_Machine\Software\[Matrix]
  17. Click Yes to confirm.
  18. In the left pane, click the My Computer key to highlight it.
  19. Select 'Find...' from the 'Edit' pull-down menu.
  20. In the 'Find what' box, type mtx and then click 'Find Next'.
  21. What you do will depend on whether any entries are found.
    • If no entries are found that contain the string 'mtx', go on to the next step.
    • If any entries are found, and they refer to 'MTX_.EXE', you should delete the entry. Because this is a string search, it could find entries for legitimate programs that happen to contain this string. Make sure that the references is to 'MTX_.EXE' before you delete it. 
    • To continue the search if an entry is found, press F3. Keep doing this until no more entries are found.
  22. Select 'Find...' from the 'Edit' pull-down menu.
  23. In the 'Find what' box, type [MATRIX] and then click 'Find Next'.
  24. What you do will depend on whether any entries are found.
    • If no entries are found that contain the string '[MATRIX]' go on to the next step.
    • If any entries are found, and they refer to 'MTX_.EXE', you should delete the entry. Because this is a string search, it could find entries for legitimate programs that happen to contain this string. Make sure that the references is to 'MTX_.EXE' before you delete it. 
    • To continue the search if an entry is found, press F3. Keep doing this until no more entries are found.
  25. Click the 'Registry' menu, and then click 'Exit' to save the changes and close the Registry Editor.
  26. Shut down your computer.

Make sure Norton AntiVirus has the most current virus definitions

  1. Run LiveUpdate at least every two weeks to ensure that Norton AntiVirus can detect new computer viruses.
 

Known Issues:

  • If these instructions did not repair your system, then 4Help recommends you contact a computer vendor for further assistance.