W32/MyParty-A

Please read the instructions for removing worms.

W32/MyParty-A is a Windows 32 email-aware worm which arrives as an email with the following characteristics:

Subject: new photos from my party!

Message text:

Hello!

My party... It was absolutely amazing!
I have attached my web page with new photos!
If you can please make color prints of my photos. Thanks!

Attached filename: www.myparty.yahoo.com

Some people may be fooled into believing the attached file is a link to a website.

If the attached file is executed between 25 January 2002 and 29 January 2002 (inclusive) the worm sends a copy of itself to everybody in the Windows Address book (except the current user) using a built in SMTP engine.

It gets the SMTP server information from the following registry key: HKCU\Software\Microsoft\Internet Account Manager\Accounts\00000001. Please note that W32/MyParty-A does not make any changes to the registry or any INI files. Furthermore, it does not attempt to run itself when the computer is restarted.

The worm also sends an email to napster@gala.net, a free email account based in Russia, to track its spread.

In addition on Windows NT/2000/XP the worm drops a copy of the Trojan Troj/Msstake-A in the user's startup directory. The Trojan is contained in a file named msstask.exe.