Virus.DOS.MTZ.Overkill is a parasitic encrypted virus on DOS.

There are 3 variants:

  • Virus.DOS.MTZ.Overkill.1191
  • Virus.DOS.MTZ.Overkill.1308
  • Virus.DOS.MTZ.Overkill.1385


MTZ.Overkill.1191 and 1308

When the virus is run, it infects a number of executable files.

MTZ.Overkill.1191 targets COM format, it infects first 2 uninfected files in current directory by writing itself to the beginning of the host's binaries. If the size is less than 1,300 bytes the virus ignores it.

MTZ.Overkill.1308 targets EXE format, it infects 1 file located in C:\DOS on each run. The virus contains bugs that might cause divide overflow or even crash the system during infection.


This is the memory resident variant, it hooks INT 21h to infect any EXE executable file that is run by writing itself to the beginning of the file. It does not infect files that are smaller than 1,450 bytes.

Advanced details

The following table shows the memory usage of the variants.

Variant Memory usage in bytes
MTZ.Overkill.1191 Non-TSR
MTZ.Overkill.1308 Non-TSR
MTZ.Overkill.1385 3,120

MD5 hashes:

Variant Hash
MTZ.Overkill.1191 3aae254c4e87c6bd737ad09507f664fe
MTZ.Overkill.1308 6ba5d90168bcba6b7a8a329acc45f625
MTZ.Overkill.1385 cb6a09b90b40641cd672b0284f503739



This variant activates randomly on 7th day in odd months, it display the following:

Overkill Virus - By MTZ - From Italy - Are You ready (y/n) ?

If the user inputs "N", the virus returns to DOS. For other keys, the system would crash instead.


This variant does not manifest itself.


This variant activates randomly on January, June and July 30th, it displays the following:

Overkill III Virus - By MTZ - From Italy - Are You ready (y/n) ?

It seems to wait for the input from user, but hangs the system instead.

See also