I-Worm.Mypart Viruses Definition - Viruses Spywares, Adwares, Viruses Reviews and Info

Main Menu

Categories

Adware
Adware Bundler
AOL Exploit
Backdoor
Browser Hijacker
Browser Plug-in
Commercial Key Logger
Commercial Remote Control
Cookie
Dialer
E-Mail Flooder
Hostile ActiveX Control
ICQ Exploit
Joke Program
Key Logger
Loader
Low Risk Adware
Misc
Nuker
P2P
Password Hijacker
Potential Privacy Risk
Potentially Dangerous Tools
RAT
Search Hijacker
Security Disabler
Spyware
Stealth Notifier
Surveillance
Toolbar
Trojan
Trojan Downloader
Trojan FTP
Trojan Telnet
Viruses
Worm

I-Worm.Mypart Viruses Information

Name:	I-Worm.Mypart
Category:	Viruses
Description:	Details I-Worm.Myparty This is a virus-worm that spreads via the Internet attached to infected e-mail. The worm itself is a Windows PE EXE file about 30Kb in length (compressed by UPX, 76K decompressed), and it is written in Microsoft Visual C++. Infected messages appear as follows: The worm activates from infected e-mail only when a user double-clicks on the attached file. The worm then installs itself to the system and runs a spreading routine. Installing While installing, the worm copies itself to: c:regctrl.exe - under Win9x/ME c:recycledregctrl.exe - under WinNT/2K/XP and spawns this copy. When the worm's file name is not ".com" (as in the attachment), but rather ".exe" (the worm is re-named), it also opens the Web page "http://www.disney.com". The original file (as it was run from an infected e-mail) is moved to the Recylced or Recycler directory with one of the following names: C:RECYCLERF-%1-%2-%3 C:RECYCLEDF-%1-%2-%3 where %1, %2, %3 are randomly selected numbers, for example: F-12158-19044-21300 F-27729-23255-31008 While installing, the worm checks the keyboard layouot set, and when there is Russian keyboard support, the worm copies itself to Recycled/Recycler in the same way and exits. This is the same on any date except for 25-29 January 2002. As a result, the worm works only from 25 until 29 January 2002, and only on machines without Russian keyboard support. Spreading To send infected messages, the worm uses a direct SMTP connection to an e-mail server. To obtain a victim's e-mail addresses, the worm scans WAB files (Windows Address Book) and *.DBX files (Outlook Express). The worm also sends one e-mail (without an attachment) to "napster@gala.net". Backdoor Under WinNT/2000/all the worm also creates a new file in a user's auto-run directory: %Userprofile%Start MenuProgramsStartupmsstask.exe and writes a backdoor program to there. This backdoor is run by data that are stored in a file at the Web site "http://209.151.250.170". Known Variants Myparty.b This one is a slightly modified 'a' version. The differences are: The attached file name is "myparty.photos.yahoo.com".

Top Viruses Visited Pages:

Invader. - 241 visits
not-a-virus:RiskWare.Tool.RegPatch. - 73 visits
Worm.P2P.Harex. - 67 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 60 visits
Small.58. - 56 visits
Coito.64 - 54 visits
I-Worm.Mapson. - 48 visits
Win32.Hidra - 43 visits
Win16.Klon.1177 - 42 visits
Marine.500 - 35 visits

Random Viruses Pages:

Win95.Ylang.102
Tiger.111
I-Worm.Poto
33.52
Linux.Rike.162
Prowler.154
Devastator.17
Delta.111
Olga.48
Win32.Sandman.409

� 2006-2008 spyware32.com - Privacy Policy