Microsoft KB Archive/317235

= Virus Alert About the w32.Myparty@mm &quot;My Party&quot; Worm Virus =

Article ID: 317235

Article Last Modified on 7/30/2007

-

APPLIES TO


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Professional Edition
 * Microsoft Windows 2000 Datacenter Server
 * Microsoft Windows 95
 * Microsoft Windows 98 Standard Edition
 * Microsoft Windows 98 Second Edition
 * Microsoft Windows Millennium Edition
 * Microsoft Windows NT Workstation 3.51
 * Microsoft Windows NT Workstation 4.0 Developer Edition
 * Microsoft Windows NT Server 3.51
 * Microsoft Windows NT Server 4.0 Standard Edition
 * Microsoft Windows NT Server 4.0 Enterprise Edition
 * Microsoft Small Business Server 2000 Standard Edition
 * Microsoft BackOffice Server 2000
 * Microsoft BackOffice Server 4.0
 * Microsoft BackOffice Server 4.5
 * Microsoft BackOffice Small Business Server 4.0
 * Microsoft BackOffice Small Business Server 4.5

-



This article was previously published under Q317235



This article discusses the w32.Myparty@mm virus that may affect the operation of your computer. The information in this article is provided as-is without warranty of any kind. Microsoft does not provide software to stop virus infections or to cure infected computers. You may want to contact an antivirus software manufacturer for more information about how to remove a virus from your computer and about how to prevent future infections. If your computer has been infected, it may be open to additional forms of attack. Microsoft recommends that you rebuild infected Internet-facing servers (servers that function without a firewall or other protection) by following the guidelines that are published on the CERT Web site. Microsoft also recommends that you rebuild any other computers that are at risk because of their proximity to infected computers before you place them back in service.



SUMMARY
The w32.Myparty@mm virus is a mass-mailing e-mail worm that sends e-mail messages to everyone in the Windows Address Book and by searching for e-mail addresses in Microsoft Outlook Express Inboxes and folders.



MORE INFORMATION
The w32.Myparty@mm virus arrives in an e-mail message with the following characteristics:

Subject: new photos from my party!

Body: Hello!

My party... It was absolutely amazing!

I have attached my web page with new photos!

If you can please make color prints of my photos. Thanks!

Attachment name: www.myparty.yahoo.com

Technical Details
When it runs, the worm checks the date. If the computer date is not between January 25 through 29, 2002, or if the keyboard settings are set for Russian, the worm copies itself to the following file, and then quits:

C:\Recycled-F- - -

Otherwise, the worm continues.

The worm then checks its own file name. If the file name is Access, the worm tries to start your Web browser to connect to the http://www.disney.com site, and then quits.

On Windows NT 4.0-based, Windows 2000-based, and Windows XP-based computers, the worm also tries to copy itself to the following file, which runs when Windows starts:

%Windows%\Start Menu\Programs\Startup\Msstask.exe

Finally, the worm sends a message to napster@gala.net, to allow the author to track how far the worm has spread.

Recovery
If your computer is infected with this virus, update your virus signatures to detect and remove the virus, and then follow your antivirus manufacturer's instructions for virus removal.



Related Security Information
http://securityresponse.symantec.com/avcenter/venc/data/w32.myparty@mm.html

http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYPARTY.A

http://vil.nai.com/vil/content/v_99332.htm

Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

For additional security-related information about Microsoft products, please visit the following Microsoft Web site:

http://www.microsoft.com/protect/default.mspx

Keywords: kbinfo kbsecantivirus kbsecurity kbvirus KB317235

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.