Virus.DOS.MTZ is a memory resident parasitic polymorphic encrypted virus on DOS.

There are 4 variants:

  • Virus.DOS.MTZ.971
  • Virus.DOS.MTZ.1907
  • Virus.DOS.MTZ.2501
  • Virus.DOS.MTZ.2624

There are additional 5 variants which also belong to this family.


When the virus is executed it first checks the DOS version and installs itself as memory resident if the version is 5.0 or above. If there is free block of upper memory, this virus copies itself into UMB. This virus infects files on FindFirst/FindNext DOS calls. On opening an infected file the virus disinfects it.

The virus hooks INT 3, 15h, 21h. INT 3 is used as decryption routine, INT 15h handler calls trigger routine, INT 21h handler calls infection routine, and writes itself to the end of the file that are executed.

MTZ.971 and 1907Edit

These variants target DOS executable and they do not infect files smaller than 2,048 bytes.

MTZ.2501 and 2624Edit

These variants target EXE executable.


These are stealthy variants. They infect EXE files, and they do not infect files that are smaller than 5,120 bytes.

Memory usageEdit

The following table shows the memory usage of the variants.

Variant Memory usage in bytes
MTZ.971 ?
MTZ.1907 4,064
MTZ.2501 5,040
MTZ.2624 5,344
MTZ.Pink.4510 9,184
MTZ.Pink.5081 10,256



This variant does not manifest itself at anyway.


This variant activates when the user issues CTRL-ALT-DEL, it displays a graphical effect with noises and beeps, having the message at the top:

Y.K.K. - (c) M T Z - Italy!

Good Luck Today


This variant activates randomly on January 26th, on running an infected program it displays the following before the host program:

The Ridge Projekt is here..


This variant activates randomly on 30th day in any month, it displays the following before the host program:

Overkill IV Virus - By MTZ - From Italy - <Hit any key to continue>
(Cazzo! Anche oggi un altro 2 di picche, ma si puo' andare avanti cosi' ?)


This family has 9 variants in total:


  1. List of variants of the MTZ virus on VX Heaven




MTZ DOS Virus00:29


Ad blocker interference detected!

Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.