Symantec United States
global sites
products
purchase
service and support
security updates
downloads
about symantec
search
feedback


©1995-2014 Symantec Corporation.
All rights reserved.

Legal Notices
Privacy Policy

security updates

W95.MTX Fix Tool


Last Updated on: August 24, 2005 04:37:55 PM GDT
 

The W95.MTX Fix Tool repairs damage done by the W95.MTX virus. Due to the nature of this virus, some files will not be repairable. The unrepairable files must be restored from clean backup copies or from the original distribution disks.

What the tool does

  • After running the W95.MTX Fix Tool, all Web sites that were previously blocked will be accessible.
  • The tool scans for infected files and repairs them (where possible). If an infected file cannot be repaired (because it has been corrupted), the tool will display a message. You will need to restore the damaged files from a backup or from the original distribution disks. The worm files are deleted if they are found.
  • W95.MTX Fix Tool repairs the Wsock32.dll by removing the virus code. If Wsock32.dll is in use at that time, the tool makes a copy of Wsock32.dll and this copy is repaired. Then a Wininit.ini file will be created and the tool will request a restart after scanning is complete. When the computer is restarted, the Wsock32.dll will be replaced with the clean copy.

To obtain and run the Fixmtx.exe removal tool, follow these steps (detailed instructions follow):
  • Obtain a copy of the Fixmtx.exe tool, and save it to the Windows desktop.
  • Start the computer in Safe mode.
  • Run the Fixmtx.exe tool from an MS-DOS window.

NOTES:
  • If all files are not repaired, then you may need to restore system files from cabinet (.cab) files.
  • This virus can disable Windows and executable files and block access to certain Web sites, including Symantec Web sites. In some cases you must perform any needed downloads on an uninfected computer.

To download the tool:
The tool is available at:

http://www.symantec.com/avcenter/fixmtx.exe


To restart the computer in Safe mode:
  • Windows 95
    1. Exit all programs.
    2. Click Start, and click Shut Down. The Shut Down Windows dialog box appears.
    3. Click Shut Down, and then click OK.
    4. Click Yes to confirm the shutdown.
    5. Turn off the computer and wait 30 seconds.

      NOTE: You must turn off the power to remove the virus from memory. Do not use the reset button.
    6. Turn on the computer.
    7. When you see "Starting Windows 95...," press F8. The Windows 95 Startup Menu appears.
    8. Press the number that corresponds to Safe mode, and then press Enter. Windows will start in Safe mode.
  • Windows 98/Me
    1. Click Start, and click Run.
    2. Type msconfig and then click OK. The System Configuration Utility dialog box appears.
    3. Click the General tab, and click Advanced.
    4. Check Enable Startup Menu, click OK, and then click OK again. When you see the following message:

      "You must restart your computer....Do you want to restart your computer now."

      click No.
    5. Exit all programs.
    6. Click Start, and click Shut Down. The Shut Down Windows dialog box appears.
    7. Click Shut Down, and then click OK.
    8. Click Yes to confirm the shutdown.
    9. Turn off the computer and wait 30 seconds.

      NOTE: You must turn off the power to remove the virus from memory. Do not use the reset button.
    10. Turn on the computer, and wait for the Windows 98/MeStartup menu.
    11. Press the number that corresponds to Safe mode, and then press Enter. Windows will start in Safe mode.

    NOTE: (For Windows 98/Me users only) After you have completed the instructions in all sections of this document, you can disable the Startup menu. To do so, return to this section, and then follow these steps:
      1. Click Start, and click Run.
      2. Type msconfig and then click OK. The System Configuration Utility dialog box appears.
      3. Click the General tab, and click Advanced.
      4. Uncheck Enable Startup Menu, click OK, and then click OK again.
      5. Restart the computer.
To run the Fixmtx.exe tool:
  1. Click Start, and click Run.
  2. Type the following and then click OK:

    command

    An MS-DOS window will open to the C:\WINDOWS\Desktop prompt.
    • If you saved the Fixmtx file to the Windows desktop as recommended, go on to step 3.
    • If you saved it to a different location, change to that location before continuing with step 3.
  3. Type the following, and then press Enter:

    fixmtx /a >log.txt

    The scan will begin. It is finished when you see the C:\WINDOWS\Desktop> prompt followed by a blinking cursor.
  4. To close the MS-DOS window, type exit and then press Enter.
  5. Restart the computer. Do not go into Safe mode.
    • If the computer restarts successfully, start Norton AntiVirus, run LiveUpdate to make sure that you have the most recent definitions, and then run a full system scan. After all infected files have been repaired, quarantined, or deleted, the computer should free of the W95.MTX virus.
    • If the computer does not restart because of corruption caused by the virus, follow the instructions in the W95.MTX virus document.

(Optional) To verify the digital signature of Fixmtx.exe
To verify the digital signature of Fixmtx.exe using Chktrust.exe, follow these steps:
  1. Go here http://www.wmsoftware.com/free.htm
  2. Download and save chktrust.exe to the same location where Fixmtx.exe is located; for example, the Windows desktop.
  3. Click Start, and click Run.
  4. Type the following and then click OK:

    command

    An MS-DOS window will open to the C:\WINDOWS\Desktop prompt.
  5. To check the digital signature of Fixmtx.exe, type the following and then press Enter:

    chktrust -i fixmtx.exe

    If the digital signature is valid you will see the following message:

    "Do you want to install and run "FixMTX" signed on 4/18/2001 7:58 PM and distributed by Symantec Corporation."

    The date and time that appear in this message will be adjusted to your time zone if your computer is not set to the Pacific time zone. For example, if you live in the Eastern time zone, the date and time you see will be 4/18/2001 10:58 PM.

    NOTES:
    • If you are observing Daylight Saving Time, the time that appears will be exactly one hour earlier.
    • You might also see the message "Result:0" following the command line. If you do, then the test is positive and the file is confirmed as being from Symantec.
    • If this dialog box does not appear, there are two possible reasons:
        • The tool is not from Symantec. Unless you are sure that the tool is legitimate, and that you downloaded it from the legitimate Symantec Web site, you should not run it.
        • The tool is from Symantec, and is legitimate. However, your operating System was previously instructed to always trust content from Symantec. For information on this, and how to view the confirmation dialog again, read the document How to restore the Publisher Authenticity confirmation dialog box.
  6. Click Yes to close Chktrust dialog box.
  7. Type exit and then press Enter. This will close the MS-DOS window.