Fandom

Malware Wiki

MTZ

1,321pages on
this wiki
Add New Page
Comments0 Share

Virus.DOS.MTZ or MTZ is a memory resident parasitic polymorphic stealth virus that runs on MS-DOS.

There are 9 variants in 5 versions, represented by the following:

  • Virus.DOS.MTZ.971
  • Virus.DOS.MTZ.1907
  • Virus.DOS.MTZ.2501
  • VIrus.DOS.MTZ.Overkill
  • Virus.DOS.MTZ.Pink

BehaviorEdit

When the virus is executed it first checks the DOS version and installs itself as memory resident if the version is 5.0 or above. If there is free block of upper memory, this virus copies itself into UMB. This virus infects files on FindFirst/FindNext DOS calls. On opening an infected file the virus disinfects it.

The virus hooks INT 3, 15h, 21h. INT 3 is used as decryption routine, INT 15h handler calls trigger routine, INT 21h handler calls infection routine, and writes itself to the end of the file that are executed.

MTZ.971 and 1907 Edit

These variants infect DOS executable.

MTZ.2501 and 2624 Edit

These variants infect EXE executable.

Payload Edit

Not every variant that would activate.

MTZ.971 Edit

This variant does not manifest itself at anyway.

MTZ.1907 Edit

This variant activates when the user issues CTRL-ALT-DEL, it displays a graphical effect with noises and the message:

Y.K.K. - (c) M T Z - Italy!

Good Luck Today

Variants Edit

The complete list of variants of the MTZ family:

  • Virus.DOS.MTZ.971
  • Virus.DOS.MTZ.1907
  • Virus.DOS.MTZ.2501
  • Virus.DOS.MTZ.2624
  • VIrus.DOS.MTZ.Overkill.1191
  • VIrus.DOS.MTZ.Overkill.1308
  • VIrus.DOS.MTZ.Overkill.1385
  • Virus.DOS.MTZ.Pink.4510
  • Virus.DOS.MTZ.Pink.5081

VideosEdit

Virus.DOS.MTZ00:46

Virus.DOS.MTZ.1907

MTZ DOS Virus00:29

MTZ DOS Virus

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.