Some "Pictures" from MyPics

05 Dec 1999
Virus News

New Melissa-style Internet-worm

Cambridge, UK, December 6, 1999 - Kaspersky Lab Int., an international anti-virus software vendor warns computer uses against a danger of infection with recently discovered Melissa-style Internet-worm I-Worm.MyPics. The worm has been reported "in-the-wild."

General Characteristics

I-Worm.MyPics is an Internet-worm with an ability of spreading via the Internet using e-mail messages. The worm itself is an executable Windows EXE file, 34,304 bytes length, created using VisualBasic programming language. The worm carries extremely dangerous payload that may seriously affect data stored on the infected computers.

Infection Indication

"Manual" detection of the worm's presence on a computer can be performed in one of the following ways:

  1. look up the list of active tasks by simultaneously pressing keys ALT and TAB. The worm's task should be named "MYPICS"
  2. check out the key HKEY_CURRENT_USER \Software \Microsoft \Office \ "jpgs2?" in the Windows system registry. In case of infection this key should be equal to "... by sfkwnty"
  3. check out the following keys in the Windows system registry:
  4. SOFTWARE \Microsoft \Windows \CurrentVersion \Run "Creative" = "C:\Pics4You.exe" SOFTWARE \Microsoft \WindowsNT \CurrentVersion \Windows \Run "Creative" = "C:\Pics4You.exe"
  5. check out start page of Internet Explorer. In case of infection it should be changed to /SiliconValley /Vista /8279 /index.html
Prevention and removal

In no case do not open the file "PICS4YOU.EXE" if it arrive on your computer. Simply delete it. Remember, that messages even from trusted sources can contain the worm, because it spreads without user's knowledge.

Please, update your AntiViral Toolkit Pro (AVP) anti-virus databases. Routines for detection and removal of I-Worm.MyPics have been added in the regular weekly update.

More Technical Details