There are 3 variants:
MTZ.Overkill.1191 and 1308Edit
When the virus is run, it infects a number of executable files.
MTZ.Overkill.1191 targets COM format, it infects first 2 uninfected files in current directory by writing itself to the beginning of the host's binaries. If the size is less than 1,300 bytes the virus ignores it.
MTZ.Overkill.1308 targets EXE format, it infects 1 file located in C:\DOS on each run. The virus contains bugs that might cause divide overflow or even crash the system during infection.
This is the memory resident variant, it hooks INT 21h to infect any EXE executable that is run by writing itself to the beginning of the file. It does not infect files that are smaller than 1,450 bytes.
The following table shows the memory usage of the variants.
|Variant||Memory usage in bytes|
This variant activates randomly on 7th day in odd months, it display the following:
Overkill Virus - By MTZ - From Italy - Are You ready (y/n) ?
If the user inputs "N", the virus returns to DOS. For other keys, the system would crash instead.
This variant does not manifest itself.
This variant activates randomly on January, June and July 30th, it displays the following:
Overkill III Virus - By MTZ - From Italy - Are You ready (y/n) ?
It seems to wait for the input from user, but hangs the system instead.