Find a Partner
This window is encrypted for your security.
Need help? Ask the community or hire an expert.
Go to Avira Answers
A: 29.696 Bytes; B: 28.160 Byt
Sent by email, Backdoor component.
The email sent by the worm contains:
Subject: new photos from my party!
Body: Hello! My party… It was absolutely amazing! I have attached my web page with new photos! If you can please make color prints of my photpos. Thanks!
Worm/Myparty (29.696 Bytes) spreads by email, using its own SMTP engine. It installs a backdoor in the Autostart directory of the infected folder, named MSSTASK.EXE.
When the attachment is opened, Worm/Myparty is copied as REGCTRL.EXE in C:\RECEYCLED\ or C:\RECEYCLER\.
It searches for email addresses in Windows Address Book and in *.DBX files. It sends itself to these addresses, using its own SMTP engine. So, the worm does not need any email program for spreading.
Then, the worm checks if the Russian keyboard feature is active. If not, the worm installs a backdoor in the Start Menu's Autostart directory (\Windows\Startmenu\Programs\Autostart\ for Win9x and \Documents and Settings\%user%\ Startmenu\Programs\Autostart\ for Windows NT/XP) as MSSTASK.EXE (6.144 Bytes).
This will be automatically opened when Windows starts and run by a CGI script, from a website with the IP address 220.127.116.110.
Version B: the difference consists in the file size: 28.160 Bytes.
Description inserted by Crony Walker on Tuesday, June 15, 2004