Virus Alert About the w32.Myparty@mm "My Party" Worm Virus (317235)


The information in this article applies to:

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Professional
  • Microsoft Windows 2000 Datacenter Server
  • Microsoft Windows 95
  • Microsoft Windows 98
  • Microsoft Windows 98 Second Edition
  • Microsoft Windows Millennium Edition
  • Microsoft Windows NT Workstation 3.51
  • Microsoft Windows NT Workstation 4.0
  • Microsoft Windows NT Server 3.51
  • Microsoft Windows NT Server 4.0
  • Microsoft Windows NT Server, Enterprise Edition 4.0
  • Microsoft Small Business Server 2000
  • Microsoft BackOffice Server 2000
  • Microsoft BackOffice Server 4.0
  • Microsoft BackOffice Server 4.5
  • Microsoft BackOffice Small Business Server 4.0
  • Microsoft BackOffice Small Business Server 4.5
This article was previously published under Q317235
This article discusses the w32.Myparty@mm virus that may affect the operation of your computer. The information in this article is provided as-is without warranty of any kind. Microsoft does not provide software to stop virus infections or to cure infected computers. You may want to contact an antivirus software manufacturer for more information about how to remove a virus from your computer and about how to prevent future infections. If your computer has been infected, it may be open to additional forms of attack. Microsoft recommends that you rebuild infected Internet-facing servers (servers that function without a firewall or other protection) by following the guidelines that are published on the CERT Web site. Microsoft also recommends that you rebuild any other computers that are at risk because of their proximity to infected computers before you place them back in service.

SUMMARY

The w32.Myparty@mm virus is a mass-mailing e-mail worm that sends e-mail messages to everyone in the Windows Address Book and by searching for e-mail addresses in Microsoft Outlook Express Inboxes and folders.

MORE INFORMATION

The w32.Myparty@mm virus arrives in an e-mail message with the following characteristics:

Subject: new photos from my party!
Body: Hello!

My party... It was absolutely amazing!
I have attached my web page with new photos!
If you can please make color prints of my photos. Thanks!

Attachment name: www.myparty.yahoo.com

Technical Details

When it runs, the worm checks the date. If the computer date is not between January 25 through 29, 2002, or if the keyboard settings are set for Russian, the worm copies itself to the following file, and then quits:

C:\Recycled-F-random digits-random digits-random digits

Otherwise, the worm continues.

The worm then checks its own file name. If the file name is Access, the worm tries to start your Web browser to connect to the http://www.disney.com site, and then quits.
On Windows NT 4.0-based, Windows 2000-based, and Windows XP-based computers, the worm also tries to copy itself to the following file, which runs when Windows starts:

%Windows%\Start Menu\Programs\Startup\Msstask.exe

Finally, the worm sends a message to napster@gala.net, to allow the author to track how far the worm has spread.

Recovery

If your computer is infected with this virus, update your virus signatures to detect and remove the virus, and then follow your antivirus manufacturer's instructions for virus removal.

REFERENCES

Related Security Information

http://securityresponse.symantec.com/avcenter/venc/data/w32.myparty@mm.html

http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYPARTY.A

http://vil.nai.com/vil/content/v_99332.htm

Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.
For additional security-related information about Microsoft products, please visit the following Microsoft Web site:

http://www.microsoft.com/security/default.asp

Modification Type:MajorLast Reviewed:9/20/2006
Keywords:kbinfo kbSECAntiVirus kbSecurity kbvirus KB317235
©2004 Microsoft Corporation. All rights reserved.