Donate SIGN UP

Can anyone give me some information on the My Party virus

00:00 Mon 04th Feb 2002 |

Asks esmeharrison

A. The My Party virus is believed to have started on 26 January 2002, and is spreading rapidly via mass mailing of email addresses.

Q. How do I know if I have received an infected email containing the virus

A. If you receive an email with the subject line "New photos from my party" you have been sent the virus. The text within the email reads "My party was absolutely amazing, I have attached my web page with the new photos" and then gives a web address that appears as a URL i.e. www.myparty.yahoo.com, but instead of being a genuine web page it is in fact a .com file that sends a copy of the worm to everybody in your Windows address book (and Outlook Express Database) using a SMTP engine – so it looks like you’ve had the party and the photos.

The .com extension is not a web page but rather a MS-DOS application extension that is recognized by Windows. In addition on Windows NT/2000/XP the worm drops a copy of the Trojan Troj/Msstake-A in the user's start-up directory. The Trojan is contained in a file named msstask.exe.

Q. Is there anything unusual about the virus

A. Not in the virus itself, it does no real harm to your PC – but this is the first time that a .com address has been used to tag a virus, so people will genuinely believe that it is a web page they are clicking onto. Recently, viruses have been more likely to have the .exe file extension and people have been made aware of this and look for it as a tell-tale sign of a virus, although many .exe files are genuine files. My Party also sends an email to [email protected], a free email account based in Russia, to track its spread.

Q. What type of virus is My Party

A. It is a worm. A worm virus is self replicating, so that it copies itself continuously on your PC and uses up the memory, and can attach itself to email, and automatically mail your entire address book.

Q. How can I protect my PC against the virus

A. If you have not opened the attachment already, then delete the email. Alternatively, anti-virus company Sophos has speedily created a patch, which is available from http://www.sophos.com/virusinfo/analyses/w32mypartya.html. It will also be incorporated into the March 2002 (3.55) edition of Sophos Anti-Virus software. Most other anti-virus software companies have updated their software to cope with this virus. The main ones can be contacted at the following addresses:

Command Software Systems

http://www.commandsoftware.com/virus/myparty.html

McAfee

http://vil.mcafee.com/dispVirus.asp virus_k=99332&

Symantec

http://securityresponse.symantec.com/avcenter/venc/data/pf/[email protected]

Trend Micro

http://www.antivirus.com/vinfo/virusencyclo/default5.asp VName=WORM_MYPARTY.A

Q. How do I get rid of the virus

A. Update the copy of your virus protection software and ensure that it is configured to scan all files, run a full system scan and delete all files that are detected as W.32.myparty@mm or backdoor.myparty.

If you have any other Internet & Technology related questions, please click here

By Karen Anderson

Do you have a question about Technology?