Prettypark is a worm. Delete if not opened.
- If you opened Pretty park I apologize:
Here is the solution to get rid of it.
PrettyPark (Also known as Win32.PrettyPark.Worm)
PrettyPark is a worm that propagates by sending its copies through the
Internet by means of the electronic mail system. The worm usually arrives in
one's mailbox as an attachment to the message with the following Subject:
C:\CoolProgs\Pretty Park.exe The attached program - PrettyPark.exe uses the
icon picturing one of the characters from the South Park movie. When a user
runs the attached file, PrettyPark copies itself to the Windows System
directory under the name FILES32.VXD. Next the worm modifies the registry
key: HKEY_CLASSES_ROOT\exefile\shell\open\command changing it to FILES32.VXD
"%1" %*. When PrettyPark park is executed, a user may see the screensaver
activated (from files: sspipes.scr or canalisation3d.scr). Every half an
hour the worm will try to send itself (as an email attachment) to Internet
addresses listed in the user's Windows Address Book. Much more often - every
half a minute, PrettyPark will try to connect to selected IRC channels. It
appears that the use of the IRC channels is intended to inform the author
(of the worm) of another successful installation. Through the use of IRC,
PrettyPark can potentially transfer a lot of sensitive data from an affected
system to the outside world.
The manual removal of the worm from an infected system is relatively easy.
After deleting of the original PrettyPark.exe attachment, a user should
modify the registry key HKEY_CLASSES_ROOT\exefile\shell\open\command back to
"%1" %* or you can delete
HKEY_LOCAL_MACHINE\Software\Classes\exefile\shell\open\command. Then the
file FILES32.VXD must be deleted and the machine re-started.