FANDOM


Virus.DOS.MTZ.Overkill is a parasitic encrypted virus on DOS.

There are 3 variants:

  • Virus.DOS.MTZ.Overkill.1191
  • Virus.DOS.MTZ.Overkill.1308
  • Virus.DOS.MTZ.Overkill.1385

BehaviorEdit

MTZ.Overkill.1191 and 1308Edit

When the virus is run, it infects a number of executable files.

MTZ.Overkill.1191 targets COM format, it infects first 2 uninfected files in current directory by writing itself to the beginning of the host's binaries. If the size is less than 1,300 bytes the virus ignores it.

MTZ.Overkill.1308 targets EXE format, it infects 1 file located in C:\DOS on each run. The virus contains bugs that might cause divide overflow or even crash the system during infection.

MTZ.Overkill.1385Edit

This is the memory resident variant, it hooks INT 21h to infect any EXE executable that is run by writing itself to the beginning of the file. It does not infect files that are smaller than 1,450 bytes.

Memory usageEdit

The following table shows the memory usage of the variants.

Variant Memory usage in bytes
MTZ.Overkill.1191 Non-TSR
MTZ.Overkill.1308 Non-TSR
MTZ.Overkill.1385 3,120

PayloadEdit

MTZ.Overkill.1191Edit

This variant activates randomly on 7th day in odd months, it display the following:

Overkill Virus - By MTZ - From Italy - Are You ready (y/n) ?

If the user inputs "N", the virus returns to DOS. For other keys, the system would crash instead.

MTZ.Overkill.1308Edit

This variant does not manifest itself.

MTZ.Overkill.1385Edit

This variant activates randomly on January, June and July 30th, it displays the following:

Overkill III Virus - By MTZ - From Italy - Are You ready (y/n) ?

It seems to wait for the input from user, but hangs the system instead.

See alsoEdit

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.