My Party VIRUS

From: "Alan Galloway" alan_galloway at bellsouth.net> on 2002.01.29 at 03:49:44(8090) Folks, It appears that my laptop has received a new email virus earlier this afternoon. It also appears to have sent this virus onto everyone in my address book. I have my antivirus software to get updates once a week and apparently the timing was such that this virus hit me before I got the necessary updated virus definitions. Needless to say, I now have set my antivirus software to get daily updates. My apologies for any trouble this may have caused anyone. Brian Cook sent me the following info that may be helpful. Thanks Brian! Sorry, Alan +More ----- Original Message ----- To: Sent: Monday, January 28, 2002 5:45 PM Subject: RE: My Party VIRUS on Aroid L > > Alan, Please check your computer. > > Recently a message from you arrived here apparantly via Aroid-L > > It is my understanding that this message contains the worm/virus "My Party" > > Please advise others on the list > > http://www.sophos.com/virusinfo/analyses/w32mypartya.html > > http://europe.cnn.com/2002/TECH/internet/01/28/myparty.worm.reut/index.html > > http://reuters.com/news_article.jhtml;jsessionid=R4RXDDWCU0HJUCRBAE0CFFAKEEA > TGIWD?type=internetnews&StoryIDU0702 > > > If the attached file is executed between 25 January and 29 January 2002 > (inclusive) the worm sends a copy of itself to everybody in the Windows > Address book (except the current user) using a built in SMTP engine. > > It gets the SMTP server information from the registry key: > HKCU\Software\Microsoft\Internet Account Manager\Accounts\00000001 > > The worm also sends an email to napster@gala.net to track its spread. > > In addition the worm drops a copy of the Trojan Troj/Msstake-A in the user's > startup directory. The Trojan is contained in a file named msstask.exe. > > Good Luck, > Brian >

Note: this is a very old post, so no reply function is available.