MTX virus won't let you get help

It's been hanging around for a while, but the bug that blocks you from notifying antivirus Web sites has been gaining momentum

A computer virus that's smart enough to block its victims from getting help is steadily spreading around the Internet. The bug, called MTX, was discovered in August and initially labeled a low risk.

But in recent weeks, infections have been growing and last week it was the most prevalent virus in the world, according to one antivirus firm. The bug has one very sinister feature: once it infects a user, it's programmed to stop the victim from visiting antivirus Web sites and sending "mayday" emails to antivirus companies.

The first thing most computer users do when they think they've contracted a digital virus is head for the nearest antivirus Web site and look for software that will help. Usually, downloading the latest antivirus product does the trick -- it not only removes the offending files but often cleans up the damage left by the bug and restores corrupted files.

The programmer who authored "MTX" knew this, and set out to make his program a particular pain in the behind.

"It is pretty sinister. It blocks people from self-help," said Vincent Weafer, director of antivirus research for security-software maker Symantec. "This writer was absolutely out to disrupt people."

MTX arrives in the typical way, as an email attachment. The bug propels itself around networks in Melissa style, raiding the victim's Outlook email address book and sending copies to every address it finds there. The bug's arrival is deceptive -- subject line and attachment name, and even attachment type are randomly chosen. Examples are: I_am_sorry_doc.pif or zipped_files.exe.

It did not sweep across the globe immediately upon release 23 August, and was judged a low risk at the time. But by September, many antivirus firms raised their risk assessment. According to Trend Micro's World Virus Tracking Centre, the bug was the most prevalent virus during the past seven days, having infected 3,000 computers worldwide.

Mary Landesman, the antivirus expert at, said she started getting lots of inquiries about the virus during the week before Thanksgiving. She said the bug doesn't launch its payload on an infected user unless it discovers the victim doesn't have any antivirus software on their machine. "Those who don't are infected, and then when they try to get software to help, they can't," she said. Both Landesman and Weafer said removal of the virus is particularly difficult and some files may be permanently damaged.

Because Command Software Systems is not in the bug's list of blocked sites, Landesman suggests infected users visit that firms's Web site for help. She also said users of Symantec's Norton Utilities can also download software updates and fixes from, which is not blocked by the MTX virus.

Take me to the Virus Workshop

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the ZDNet News forum.

Let the editors know what you think in the Mailroom. And read what others have said.