Cause of win32dll.Exe Not Responding (this is virus)

HOW TO REMOVE MTX VIRUS
Dear all, today i made some experiments with mtx virus...I found this virus is very dangerous virus.. this is a new type of worm and trojan combination found on aug 2k.
Once you infected, no antivirus can remove in windows mode, mtx virus infected windows components like wsock32.dll, explorer.exe , run32dll.exe that cannot deleted, remove or rename in windows mode. W95.MTX has a virus component and a worm component. It propagate using email. Also it infects some Win32 executables in specific directories.The virus also has the capability to block access to certain web sites. This may prevent users from downloading new virus definitions.

The best way how to remove mtx, is use rescue disk of antivirus ( you must have antivirus software like avp, nav, or mcafee ), then scan your hardisk in dos mode.... it's need 3 up to 5 hours depend on your hardisk volume and usages. If you don't have antivirus updated at least from october 2k , you can try this article from
symantec http://www.symantec.com/avcenter/venc/data/w95.mtx.html.

I suggest you to try both of way.. use rescue disk ( you will need 5 diskettes ) and manual removal, to check whether your antivirus already clean up all the files or not, hope will help note : for your safety, please don't ever open attachment contain one of those files :

I_wanna_see_you.txt.pif
Matrix_screen_saver.scr
Love_letter_for_you.txt.pif
New_playboy_screen_saver.scr
Bill_gates_piece.jpg.pif
Tiazinha.jpg.pif
Feiticeira_nua.jpg.pif
Geocities_free_sites.txt.pif
New_napster_site.txt.pif
Metallica_song.mp3.pif
Anti_cih.exe
Internet_security_forum.doc.pif
Alanis_screen_saver.scr
Reader_digest_letter.txt.pif
Win_$100_now.doc.pif
Is_linux_good_enough!.txt.pif
Qi_test.exe
Avp_updates.exe
Seicho_no_ie.exe
You_are_fat!.txt.pif
Free_xxx_sites.txt.pif
I_am_sorry.doc.pif
Me_nude.avi.pif
Sorry_about_yesterday.doc.pif
Protect_your_credit.html.pif
Jimi_hendrix.mp3.pif
Hanson.scr
F___ing_with_dogs.scr
Matrix_2_is_out.scr
Zipped_files.exe
Blink_182.mp3.pif
withlove - sophie
W32 / NAVIDAD (Worm Virus)

W32/Navidad@M is an Internet worm that spreads using the Windows email program Outlook. McAfee AVERT has given it a risk assessment of MEDIUM-ON WATCH, due to a significant increase in infection levels worldwide.

The email can come from addresses that you will recognize. Attached is a file named NAVIDAD.EXE and when it is run, it displays a dialog box entitled, "Error" which reads "UI". A blue eye icon then appears in the system tray next to the clock in the lower right corner of the screen, and a copy of the worm is saved to the file "winsvrc.vxd" in the WINDOWS SYSTEM directory. If your PC becomes infected with the W32/Navidad@M worm, all subsequent emails addressed to you will be responded to automatically with an email from your address with the W32/Navidad@M worm as an attachment.
What the tool does :
After running the W32.Navidad Fix Tool, you will be able to launch programs just as your were able before W32.Navidad infected your computer.

The value Win32BaseServiceMOD is removed from the following registry key :
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

* HKEY_USERS\DEFAULT\Software\Navidad on Windows 95 and Windows 98 systems or HKEY_CURRENT_USER\Software\Navidad on Windows NT and Windows 2000 systems.

* The value of
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\exefile\shell\open\command is restored to "%1" %*" on Windows 95 and Windows 98 systems or The value of HKEY_CLASSES_ROOT\exefile\shell\open\command is restored to "%1" %*" on windows NT and Windows 2000 systems.

* The file winsvrc.vxd is removed from the Windows system directory.
To verify the digital signature of fixnavid.com using chktrust.exe. Download Chktrust into the same folder where fixnavid.com is located. Launch the MS-DOS prompt via the Start/Programs/MS DOS prompt menu. Change to the folder where fixnavid.com and chktrust.exe are stored. If the files were saved to the desktop folder on a system running Windows 95 or Windows 98 the customary command to enter in the MS DOS prompt is: cd \windows\desktop

Type the following command to check the digital signature of fixnavid.com: chktrust -i fixnavid.com. If the digital signature is valid you will see a dialog asking the following question: "Do you want to install and run "navidadfix" signed on 11/11/00 2:10PM and distributed by Symantec Corporation."

The date and time that are displayed in this dialog will be adjusted to your timezone if your computer is not set to the Pacific time zone. For example, if you live in the Eastern time zone the date and time you will see will be 11/11/00 5:10PM. If you have the Daylight Savings feature activated on your computer's clock, the time displayed will be exactly one hour earlier.

You might also see the text message "Result:0" displayed following the command line. If you do, then the test is positive and the file is confirmed as being from Symantec. If this dialog or text message do not appear or the date and time are not properly adjusted for your timezone do not use your copy of fixnavid.com. It is not from Symantec. If this dialog appears and the text is correct for your timezone this copy of fixnavid.com is from Symantec. Click the "Yes" button to dismiss the chktrust dialog. Type exit and then press the enter key. This will terminate the MS DOS session. MCAFEE VIRUSSCAN USERS (notes on detection and removal using McAfee VirusScan): McAfee VirusScan 4.1.00 and above with DAT file 4105 and higher will

detect and remove W32/Navidad @M.
* Detection and Removal instructions.
*Activ eShield installed and/or updated, if you are not protected from infection from this worm.
* Instant Protection If you are not a subscriber to the McAfee.com Clinic.
* Complete Instructions on removal and repair.
* Help Center for going to the W32/Navidad @M.
* VirusScan Online become a McAfee.com Clinic subscriber and check your system online.
*Purchase the latest copy of VirusScan.
*Upgrade to the latest VirusScan. Purchase the VirusScan Maintenance Plan which entitles you to 12 months of upgrades.
*Download the latest DAT files.
* Find out how to detect and prevent viruses with these handy tips.
JUNE 1st VIRUS WARNING DECLARED A HOAX

Are you worried about all of your files being deleted if you don't take action fast? Supposedly, a little known file found on most Windows PCs can do some serious damage if you don't delete it. According to the latest virus hoax, you need to delete a file in Windows before June 1st or all of your files will be deleted. Well, before you start panicking, find out what Dr. D. Bunk has to say about SULFNBK.EXE.

A new virus, (W32/SirCam@MM) has made an appearance. This virus sends itself to everyone in your address book "and" reads from your CACHE folder for mailto address and sends to thes as well. Everyone should do a scan of their system to see if it's on your computer. Many of you will find it is. It's a bit of a pain to get rid of but it can be done.

Two things all Internet users can/should do to help prevent the spead of these viruses are: 1: Do Not select the option in Outlook/Outlook Express to automatically add senders to your adress book. If you have this option selected, go into your option folder and disable it. If you use an auto-responder, you should always have virus protection in place. If you don't, then you will be sending this virus to everyone you reply to. For more information on this virus, it's characteristics and how to kill it, please visit: http://vil.nai.com/vil/virusSummary.asp?virus_k=99141

WARNING No.1
Do not open Snow-white and the Seven Dwarfs, it is the Hybris virus which is a worm and will destroy all of your files and sends itself to everyone in your address book. It is being sent byHAHAHA@sex yfun.ne t and is sent as attachment, an executable file.

WARNING No. 2
If you receive any CELCOM Screen Saver, please do not install it! This screen saver is very cool. It shows a NOKIA hand phone, with time messages. After it is activated, the PC cannot boot up at all. It goes very slowly. It destroys your hard disk. The Filename is CELLSAVER.EXE

WARNING No. 3
Beware! If someone named SandMan asks you to check out his page. DO NOT! It is at http://www.geocities/. This page hacks into your C:/drive. DO NOT GO THERE...FORWARD THIS MAIL TO EVERYONE YOU KNOW.

WARNING No. 4
If you get a E-mail titled "Win A Holiday" DO NOT open it. Delete it immediately. Microsoft just announced it yesterday. It is a malicious virus that WILL ERASE YOUR HARD DRIVE. At this time there is no remedy.

Ok...........!