Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically

Win32/Myparty

Win32/Myparty is a worm spreading by means of email.  The message subject is: "new photos from my party!". The text of the message is:

Hello!

My party... It was absolutely amazing!
I have attached my web page with new photos!
If you can please make color prints of my photos. Thanks!

The name of the attachment containing the worm body is www.myparty.yahoo.com (29696 bytes) or myparty.photos.yahoo.com (28160 bytes).  After activation it creates the file C:\Recycled\regctrl.exe, executes it and sends it through a direct connection to the SMTP to all addresses found in the address book and in DBX files.  The first variant is sent out only from January 25th to January 29th 2002, the second one on January 20th and 24th 2002.
On systems running NT/2000/XP the worm plants a Trojan horse enabling control over the infected computer.  The Trojan horse is present in the system directory in the subdirectory \Start Menu\Programs\Startup\ and in the file msstask.exe.
Detection of the worm is included in the NOD32 system starting from the version 1.207

© 1992-2004 Eset s.r.o. All rights reserved. No part of this encyclopedia may be reproduced, transmitted or used in any other way in any other form or by any means without prior permission from Eset.