Win32:Mylife

is a very simple worm which arrives in the form of an attachment to infected e-mails. This worm is  written in Visual Basic and is compressed by UPX. 

The infected message has the following characteristics: 

Subject:     my life ohhhhhhhhhhhhh
Body:        Hiiiii
             How are youuuuuuuu?
             look to the digital picture it's my love
             vvvery verrrry ffffunny :-)
             my life = my car
             my car = my house
Attachment:  My Life.scr

When activated, the worm installs itself into the system and runs its spreading routine. When the worm is launched for the first time it shows a window with a picture. Once this window is closed the worm runs its payload. 

The worm copies itself to the Windows System directory under the name My Life.scr and adds the following key into the registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ stmgr=%SYSTEM%\My Life.scr 

The worm then uses MS-Outlook to send out infected e-mail messages to all addresses found in the MS-Outlook Address Book.

The worm also checks the current time, and if the current minute value is more than 45 it deletes files with extensions .SYS and .COM in the root directory of disk C:, files with extensions .COM, .SYS, .INI and .EXE in the Windows directory and files with extensions .SYS, .VXD, .EXE and .DLL in the Windows system directory. 

Any avast! with VPS file dated on or after 8th March 2002 is able to detect this worm.