Help with Windows Startup Programs

[bgreenhouse]

Hi All.

I seem to have been infected with the MTX virus. No virus checker can pick it up, but my computer is crashing quite often, and often, if I sense it's going wonky, I can hit ctrl+alt+del and see that MTX is one of the applications running. Also, when I go to shutdown, there is always an unknown program (no name) that is hung up, so I can rarely shut down properly. I am going to have to eventually just reformat and reinstall (I think), but I just took the drastic step of deleting all the .dlls that had mtx in their name. So far this hasn't seemed to cause any problems with legit programs (knock on wood). However, when I start up, and unknown program has a problem, and a required dll - "mtxclu.dll" can't be found (because I deleted it). What I need to know is how to disable the loading of this "Unknown Program" upon startup so that I don't get this error message. Is it somewhere in the registry? I don't know much about the underbelly of Win98, so any help woul dbe appreciated.

Ben

 

[Comtech]

Just run regedit, and search for mtxclu and delete any reference to it.
Do the same in win.ini and system.ini
MAKE BACKUPS before you mess with this stuff!!!!
To backup the registry, you can open regedit, select Registry, Export registry.
To backup the .ini files, use Explorer, hilight the file(s) and copy them to a safe location.

The following .bat file does it all for you automatically, including a restore function as well.

REM-------begin cut here--------->
@echo off
cls
echo Jim (reboot) Delong's backup.bat, a Win9x/ME backup tool.
echo ---------------------------------------------------------
echo Copyright (c) 2000 Jim Delong
echo

http://members.cnx.net/reboot

echo version 1.2 October 4/2000
rem Version 1.2 Now backs up Netscape bookmarks
echo ---------------------------------------------------------
echo !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
echo Important!!!!!!!!!
echo !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
echo You MUST run this from the root directory of your
echo hard drive. If this file is NOT saved in root C:echo you MUST hit ctrl-c now and save it there!
echo DO NOT run this from any other folder or the desktop,
echo it will not work correctly!
echo !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
echo.
echo If you have NOT saved this file in the root C:\ folder,
echo hit ctrl-c now, otherwise
pause
echo Use Notepad to view this file's contents before running!
echo Who knows, you may learn a little about DOS.
echo Only you can determine if the file contents and
echo structure are OK to run on *your specific* setup.
echo -----------
:: This file is offered as-is and without warranty of any kind.
:: This file may redistributed as long as all header information
:: is retained in the final file.
echo This file assumes your Windows folder is at c:\Windows
echo If it isn't, you must change the path below to your Windows folder.
echo This file backs up the c:\windows\favorites folder, the
echo c:\my documents folder, Netscape bookmarks, and the two
echo files that make up the Windows registry.
echo (user.dat and system.dat)
echo.
echo Bonus! You may now run this file within windows!
echo No need to restart in DOS mode.
echo ---------------------------------------------------------
echo Hit ctrl-c to abort or
pause
cls
echo.
echo Making a backup folder. This folder is called "backups".
echo Please stop now and edit this .bat file
echo if you wish to change the path or name.
echo Hit ctrl-c to abort or
pause
rem --------------------------------------------
echo Making backup folders
echo.
rem --------------------------------------------
md backups
cd backups
md faves
md mydocs
md registry
rem add any other subdirectories here.
rem Be sure to use the correct syntax, eg. md foldername
rem ---------------------------------------------
echo Add as many subdirectories as you like above.
echo This file only makes backups of your favorites folder
echo your My Documents folder, and the two registry files.
echo.
rem ---------------------------------------------
cdecho.
echo Now backing up your favorites and other folders.
echo.
rem --------------------------------------------------
echo This only backs up IE favorites. If you use Netscape or any other browser
echo you must edit this file and specify the path to the bookmarks below.
echo.
pause
rem ----------------------------------------------------------------------------
rem If you added more folders above, you MUST add the appropriate path below.
rem ----------------------------------------------------------------------------
rem Add any subsequent backup pathnames here. Be sure to use the syntax:
rem echo Backing up Favorites.
rem xcopy32 c:folderpath\foldername\*.* c:\backups\foldername /y /s
rem echo.
rem echo Successfully backed up your Favorites folder.
rem ---------------------------------------------------------------------------------
echo Backing up Favorites.
xcopy32 c:windows\favori~1\*.* c:\backups\faves /y /s
echo If you do not have Internet Explorer this may give an error. Ignore it.
echo.
echo Successfully backed up your Favorites folder.
echo.
echo Now backing up Netscape bookmarks.
echo If you don't have Netscape, this will give an error. Ignore it.
xcopy32 C:\Progra~1\Netscape\Commun~1\Program\defaults\bookmark.htm c:\backups\faves /y /s
echo Successfully backed up your Netscape bookmarks.
echo.
echo I will now back up your My Documents folder.
echo Hit ctrl-c if you wish to quit now, otherwise
pause
echo Backing up My Documents
xcopy32 c:\mydocu~1\*.* c:\backups\mydocs /y /s
echo.
echo Successfully backed up your My Documents folder.
echo I will now backup your registry files.
echo Hit ctrl-c if you wish to quit now, otherwise
pause
echo.
echo Backing up the registry.
cd windows
attrib -h -r -s -a user.dat
attrib -h -r -s -a system.dat
attrib -h -r -s -a win.ini
attrib -h -r -s -a system.ini
xcopy32 c:\windows\user.dat c:\backups\registry\ /y /s
xcopy32 c:\windows\system.dat c:\backups\registry\ /y /s
xcopy32 c:\windows\win.ini c:\backups\registry\ /y /s
xcopy32 c:\windows\system.ini c:\backups\registry\ /y /s
echo.
echo Successfully backed up your Registry.
rem Don't worry about resetting the attributes of the registry files.
rem Windows will do that automatically upon your next restart.
pause
echo.
echo Successful backup!
echo.
echo It is recommended you copy the contents of the c:\backups folder somewhere
echo for safe keeping.
echo You may close this window now.
REM ----------end cut here--------->

The following is the restore.bat
REM ----------begin cut here-------->
@echo off
cls
echo Jim (reboot) Delong's restore.bat, a Win9x/ME restore tool.
echo ---------------------------------------------------------
echo Copyright (c) 2000 Jim Delong
echo

http://members.cnx.net/reboot

echo version 1.2 October 5/2000
echo V1.2 now restores the registry files.
echo ---------------------------------------------------------
pause
echo !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
echo Important!!!!!!!!!
echo !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
echo This program ONLY restores the backups made with my
echo backups.bat program.
echo You MUST have all your backups, made with my backups.bat
echo in c:\backups\ on your hard drive. If the c:\backups\ folder
echo does not exist, has been renamed or moved this will NOT work!
echo you MUST hit ctrl-c now and save it there!
echo The path and filenames used are the defaults for
echo Windows and Netscape. If you have changed the path(s),
echo to anything else, you must edit this file, and replace
echo the path(s) with your own.
echo !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
pause
echo Use Notepad to view file contents before running!
echo Only you can determine if the file contents and
echo structure are OK to run on *your specific* setup.
echo ------------------------------------------------
:: This file is offered as-is and without warranty of any kind.
:: This file may redistributed as long as all header information
:: is retained in the final file.
echo This file assumes your Windows folder is at c:\Windows
echo If it isn't, you must change the path below to your Windows folder.
echo This file restores ONLY the backups you made with my
echo backups.bat file.
echo The last option is to restore the Windows registry files!
echo (user.dat and system.dat)
echo.
echo Bonus! You may now run this file within windows!
echo No need to restart in DOS mode.
echo ---------------------------------------------------------
echo.
echo Now restoring the My Documents folder and contents.
echo This portion restores the contents of the
echo My documents folder, and adds your backups.
echo It does NOT delete anything.
echo Hit ctrl-c if you wish to quit now, otherwise
pause
xcopy32 /y c:\backups\mydocs\*.* c:\mydocu~1\*.* /y /s
echo.
echo My Documents folder successfully restored.
rem ----------------------------------------------
echo.
echo Now restoring Windows Favorites.
echo This portions restores the contents of the
echo c:\windows\favorites folder (IE Favorites)
echo It does NOT delete anything.
echo Hit ctrl-c if you wish to quit now, otherwise
pause
xcopy32 /y c:\backups\faves\*.* c:\windows\favori~1\*.* /y /s
echo.
echo Windows Favorites successfully restored.
rem ----------------------------------------------
echo.
echo Now restoring Netscape bookmarks.
echo This portion restores the bookmark.htm file used by
echo Netscape to contain it's bookmarks.
echo Your current bookmark.htm file WILL be backed up,
echo as oldbmarks.htm in the
echo root C:\ folder.
echo You must manually merge the two files to retain all bookmarks.
echo Don't blame me, it's the way Netscape does things.
echo.
echo Hit ctrl-c if you wish to quit now, otherwise
pause
xcopy32 /y C:\Progra~1\Netscape\Commun~1\Program\defaults\bookmark.htm c:\ /y /s
ren bookmark.htm oldbmarks.htm
xcopy32 C:\backups\faves\bookmark.htm /y C:\Progra~1\Netscape\Commun~1\Program\defaults\ /y /s
echo.
echo Successfully restored Netscape bookmarks.
echo.
echo I will now restore your Windows registry.
echo !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
echo This portion will reset your system to the
echo way it was the last time you ran backups.bat
echo !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
echo Caution!!!! If you have made significant changes to
echo your system since you last ran backups.bat,
echo this may cause a severe Windows crash,
echo and you may NOT be able to start your computer
echo in windows.
echo This is NOT recommended, unless you KNOW you want to
echo restore the system registry.
echo This will not harm your hardware in any way, but
echo could cause your system to stop responding.
echo Proceed at your own risk!
echo !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
echo.
echo To bypass this step, hit ctrl-c NOW, otherwise
pause
cd windows
attrib -h -r -s -a user.dat
attrib -h -r -s -a system.dat
attrib -h -f -s -a win.ini
attrib -h -r -s -a system.ini
del system.dat
del user.dat
del win.ini
del system.ini
xcopy32 c:\backups\registry\*.* c:\windows /y /s
echo.
echo Successful restore!
echo.
echo It is recommended you rerun the backups.bat file to
echo backup your current configuration after testing
echo to see if all backups were correctly restored,
echo and that windows will boot (if you restored the registry).
echo.
echo It is also recommended you run the backups.bat file
echo any time you make a major change to your system
echo or software.
echo.
echo Done!
echo.
echo You may close this window now.
REM ----------end cut here-----------> Cheers,
Jim
reboot@pcmech.com

http://members.cnx.net/reboot/

Moderator at

http://www.56k.com

Staff at

http://www.pcmech.com

Windows 9x/ME instructor.
Jim's Modems:

http://members.cnx.net/reboot/modems/

 

[Alt255]

It appears that the MTX virus loads from the
HKLM\Software\Microsoft\Windows\CurrentVersion\Run SystemBackup=C:\Windows\MTX_.EXE registry entry.
Supposedly you can delete then viruses three main components (IE_PACK.EXE, WIN32.DLL and MTX_.EXE) after booting to DOS and fixing the reg key. You can obtain a reg fix from ftp://ftp.Europe.F-Secure.com/anti-virus/tools/mtxdisin.reg

The virus overwrites WSOCK32.DLL, so this file must be replaced.

You can fiddle with this if you want but I would advise running a good commercial AV package and then reinstalling Windows.

Alt255@Vorpalcom.Intranets.com
​