Home>Classic Viruses>File and Boot Viruses>

Virus.Win32.MTV.4608.a

Alert Level :	High
Discovered:	Sep 25 2000
Tag:	Executable   File   and   Boot   Viruses
Discoverer and Source:	http://www.kaspersky.com/

Malware Behavior and Technical Description

This is a very dangerous parasitic Win32 virus that stays in the Windows memory as a usual application, then looks for PE EXE files in all C: drive directories and infects them. The virus uses the "prepending" infection method: while infecting a file, the virus encrypts the file body, shifts it down and writes the virus code to the beginning of the file. To release control to the host program, the virus "disinfects" the host file to a temporary one and spawns it.

This is a "direct action" (find-and-infect) virus, but while searching for files, it "sleeps" for 5 seconds before processing each proceeding file. As a result of this, the virus may stay active in the Windows memory as long as all files on the C: drive are processed.

If any error occurs during the virus run, it displays the message "Sorry." and exits Windows.

On 13th of each month the virus deletes all files on C: drive.

The virus contains encrypted text strings:

LLLP.WIN32.MTV2
MTV-2

0

Removal Virus.Win32.MTV.4608.a instructions:

0

Need help? Live computer support via remote at SupportSpace.Help with printer problems, windows, hardware, software, spyware removal and more. - Go Now!

Great Anti-Virus Software : Kaspersky Internet Security 2009 Save 35% Buy Panda Global Protection 2009 and Panda Antiviru Download PandaLabs Reports Free AVG virus removel tools Hunting Down Spyware and Adware Adware and spyware, knowing the basics Adware Spyware Remover from CBAdvance Keeping Your Computer in Good Condition Using Free Spyware A Beware of Covert Online Spies Why the Need to Remove Adware and Spyware