¿Necesita ayuda? Pregunte a la comunidad o contrate a un experto.
Ir a Avira Answers
Alias:W32/Myparty.a@MM
Type:Worm 
Size:A: 29.696 Bytes; B: 28.160 Byt 
Origin: 
Date:01-20-2002 
Damage:Sent by email, Backdoor component. 
VDF Version:6.23.00.00 
Danger:Low 
Distribution:Low 

DistributionThe email sent by the worm contains:

Subject: new photos from my party!

Body: Hello! My party… It was absolutely amazing! I have attached my web page with new photos! If you can please make color prints of my photpos. Thanks!

Attachment: www.myparty.yahoo.com

Technical DetailsVersion A:
Worm/Myparty (29.696 Bytes) spreads by email, using its own SMTP engine. It installs a backdoor in the Autostart directory of the infected folder, named MSSTASK.EXE.
When the attachment is opened, Worm/Myparty is copied as REGCTRL.EXE in C:\RECEYCLED\ or C:\RECEYCLER\.

It searches for email addresses in Windows Address Book and in *.DBX files. It sends itself to these addresses, using its own SMTP engine. So, the worm does not need any email program for spreading.

Then, the worm checks if the Russian keyboard feature is active. If not, the worm installs a backdoor in the Start Menu's Autostart directory (\Windows\Startmenu\Programs\Autostart\ for Win9x and \Documents and Settings\%user%\ Startmenu\Programs\Autostart\ for Windows NT/XP) as MSSTASK.EXE (6.144 Bytes).

This will be automatically opened when Windows starts and run by a CGI script, from a website with the IP address 209.252.250.270.


Version B: the difference consists in the file size: 28.160 Bytes.
Descripción insertada por Crony Walker el martes 15 de junio de 2004

Volver . . . .
https:// Esta ventana está cifrada para su seguridad.