Loading ...
Sorry, an error occurred while loading the content.

Prettypark is a worm. Delete if not opened.

Expand Messages
  • Hugh Wayne Morris
    If you opened Pretty park I apologize: Here is the solution to get rid of it. http://www.cai.com/virusinfo/encyclopedia/ PrettyPark (Also known as
    Message 1 of 1 , Feb 27, 2000
    • 0 Attachment
      If you opened Pretty park I apologize:
      Here is the solution to get rid of it.
      http://www.cai.com/virusinfo/encyclopedia/

      PrettyPark (Also known as Win32.PrettyPark.Worm)

      PrettyPark is a worm that propagates by sending its copies through the
      Internet by means of the electronic mail system. The worm usually arrives in
      one's mailbox as an attachment to the message with the following Subject:
      C:\CoolProgs\Pretty Park.exe The attached program - PrettyPark.exe uses the
      icon picturing one of the characters from the South Park movie. When a user
      runs the attached file, PrettyPark copies itself to the Windows System
      directory under the name FILES32.VXD. Next the worm modifies the registry
      key: HKEY_CLASSES_ROOT\exefile\shell\open\command changing it to FILES32.VXD
      "%1" %*. When PrettyPark park is executed, a user may see the screensaver
      activated (from files: sspipes.scr or canalisation3d.scr). Every half an
      hour the worm will try to send itself (as an email attachment) to Internet
      addresses listed in the user's Windows Address Book. Much more often - every
      half a minute, PrettyPark will try to connect to selected IRC channels. It
      appears that the use of the IRC channels is intended to inform the author
      (of the worm) of another successful installation. Through the use of IRC,
      PrettyPark can potentially transfer a lot of sensitive data from an affected
      system to the outside world.
      The manual removal of the worm from an infected system is relatively easy.
      After deleting of the original PrettyPark.exe attachment, a user should
      modify the registry key HKEY_CLASSES_ROOT\exefile\shell\open\command back to
      "%1" %* or you can delete
      HKEY_LOCAL_MACHINE\Software\Classes\exefile\shell\open\command. Then the
      file FILES32.VXD must be deleted and the machine re-started.
    Your message has been successfully submitted and would be delivered to recipients shortly.