Your essential free software toolbox

SHARE
THIS ON

Win32.Myparty.A@mm

MEDIUM

LOW

29696 bytes

(W32/Myparty@mm)

Download removal tool

Symptoms

- Files F-x-x-x-x.exe in C:\Recycled (x is a random number)
- File: regctrl.exe in C:\ or in C:\Recycled
- File msstask.exe in \StartUp menu

Removal instructions:

Important: You will have to close all applications before running the
tool (including the antivirus shields) and to restart the computer afterwards.
Additionally you'll have to manually delete the infected files located in archives
and the infected messages from your mail client.

The BitDefender AntiMyparty tool does the following:
- it deletes the files created by Win32.Myparty.A@mm
- it kills the process from memory;
- it repairs the Windows registry.

Analyzed By

Sorin Victor Dudea BitDefender Virus Researcher

Technical Description:

It arrives in the following format:
Subject: New photos from my party!
Body:

Hello!

My party... It was absolutely amazing!
I have attached my web page with new photos!
If you can please make color prints of my photos. Thanks!

Attachment: www.myparty.yahoo.com

When the user executes the attachment the worm checks its own name for some string patterns. If its name contains ACCESS it will copies itself in C:\RECYCLED or in C:\ with the name regctrl.exe. If its name contains COM it will execute the regctrl.exe and if the name contains EXE it will start the e-mail spreading routine.

If something goes wrong or the date is not between 01-25-2002 and 01-29-2002 it will try to rename itself in C:\RECYCLED with a random name in the following format: F-x-x-x-x.exe where x is a random number.

If everything was ok it will drop a Trojan in StartUp folder with the name msstask.exe

The worm only works between 01-25-2002 and 01-29-2002.

The worm searches for e-mail addresses in Outlook Express e-mail box and in all .dbx files it finds in My Documents folder. Then it sends itself to all those addresses and for each infected e-mail it sends another one at the address: napster@gala.net