Dharma,
Do you have help with that virus? The name of the virus is W95.MTX The Symantec AntiVirus Research Center (SARC) says it has a virus and a worm component. This is a bad one. It can corrupt files beyond repair. It has the capability to block access to certain Web sites. This may prevent you from downloading new virus definitions.
Immediately after a new e-mail message is sent, a second message is sent with no subject and the worm attached.
Worm component - The worm component makes a copy of Wsock32.dll and names it Wsock32.mtx. The Send export function of this .mtx file is then modified to point to its own code. This allows the virus to mail a copy of the worm infected with this virus to the same person to whom the user sends an email message (using the same program).
Virus component - The virus component searches for specific antivirus programs running. If the virus finds one, the virus does not run. If the virus continues to run, it decompresses the worm component, drops a copy of it into the user's Windows directory (typically C:\Windows), and runs it. The name of this dropped file is le_pack.exe. After le_pack.exe is executed, it is renamed to Win32.dll.
The virus also adds a registry enty that lets the downloader run automatically every time the system is started. The downloader is invisible in the Task List.
Revoval instructions:
Two ways:
Use the SARC W95.MTX Fix tool.
Manually remove the virus.
In most cases you should first try the W95.MTX Fix tool.
The tool is available at the following site: