1. C:\CoolProgs\Pretty Park.exe

------=_NextPart_32574
        charset="iso-8859-1"
Content-Transfer-Encoding: 8bit

Test: Pretty Park.exe  :)

   Ralf Nieuwenhuijsen

------=_NextPart_32574
        name="Pretty Park.exe"

new topic     » topic index » view message » categorize

2. C:\CoolProgs\Pretty Park.exe

------=_NextPart_22390
        charset="iso-8859-1"
Content-Transfer-Encoding: 8bit

Test: Pretty Park.exe  :)

   Ralf Nieuwenhuijsen

------=_NextPart_22390
        name="Pretty Park.exe"

new topic     » goto parent     » topic index » view message » categorize

3. Re: C:\CoolProgs\Pretty Park.exe

VIRUS!!!!!!

-----Original Message-----
From: Ralf Nieuwenhuijsen <nieuwen at XS4ALL.NL>
To: EUPHORIA at LISTSERV.MUOHIO.EDU <EUPHORIA at LISTSERV.MUOHIO.EDU>
Date: Sunday, April 16, 2000 12:35 PM
Subject: C:\CoolProgs\Pretty Park.exe


>Test: Pretty Park.exe  :)
>
>   Ralf Nieuwenhuijsen
>

new topic     » goto parent     » topic index » view message » categorize

4. Re: C:\CoolProgs\Pretty Park.exe

At 01:27 PM 4/16/00 +0100, you wrote:
>VIRUS!!!!!!
>
>-----Original Message-----
>From: Ralf Nieuwenhuijsen <nieuwen at XS4ALL.NL>
>To: EUPHORIA at LISTSERV.MUOHIO.EDU <EUPHORIA at LISTSERV.MUOHIO.EDU>
>Date: Sunday, April 16, 2000 12:35 PM
>Subject: C:\CoolProgs\Pretty Park.exe
>
>
>>Test: Pretty Park.exe  :)
>>
>>   Ralf Nieuwenhuijsen
>>
>
>


I already ran it and it did nothing.

Opps.

new topic     » goto parent     » topic index » view message » categorize

5. Re: C:\CoolProgs\Pretty Park.exe

At 01:27 PM 4/16/00 +0100, you wrote:
>VIRUS!!!!!!
>
>-----Original Message-----
>From: Ralf Nieuwenhuijsen <nieuwen at XS4ALL.NL>
>To: EUPHORIA at LISTSERV.MUOHIO.EDU <EUPHORIA at LISTSERV.MUOHIO.EDU>
>Date: Sunday, April 16, 2000 12:35 PM
>Subject: C:\CoolProgs\Pretty Park.exe
>
>
>>Test: Pretty Park.exe  :)
>>
>>   Ralf Nieuwenhuijsen
>>
>
>


It some how stops the transmission of data from the browsers.

new topic     » goto parent     » topic index » view message » categorize

6. Re: C:\CoolProgs\Pretty Park.exe

At 01:27 PM 4/16/00 +0100, you wrote:
>VIRUS!!!!!!
>
>-----Original Message-----
>From: Ralf Nieuwenhuijsen <nieuwen at XS4ALL.NL>
>To: EUPHORIA at LISTSERV.MUOHIO.EDU <EUPHORIA at LISTSERV.MUOHIO.EDU>
>Date: Sunday, April 16, 2000 12:35 PM
>Subject: C:\CoolProgs\Pretty Park.exe
>
>
>>Test: Pretty Park.exe  :)
>>
>>   Ralf Nieuwenhuijsen
>>
>
>

Just Restart your browsers.


Paul Munchbach.

new topic     » goto parent     » topic index » view message » categorize

7. Re: C:\CoolProgs\Pretty Park.exe

I'm soooo sorry .. but I realy don't understand it ..
I've received many pretty park executables .. and never opened any of them
...

I knew what they did .. but I will check it out .. maybe somebody else here
openend one ..  ..   (my father, my sister) ..

But I honestly want to apologize ... i hope there is some way to stop the
virus. I can imagine the troubles it would cause esspecially on such a list.

If there is anything I can do to help, please say so, i'll do my best.

Ralf N.
(i'm sorry!)

new topic     » goto parent     » topic index » view message » categorize

8. Re: C:\CoolProgs\Pretty Park.exe

>
>I knew what they did .. but I will check it out .. maybe somebody else here
>openend one ..  ..   (my father, my sister) ..
>
>But I honestly want to apologize ... i hope there is some way to stop the
>virus. I can imagine the troubles it would cause esspecially on such a list.
>
>If there is anything I can do to help, please say so, i'll do my best.


Posting only source code inline would be a start.  I'm sure everybody
here has the Euphoria compiler, or can get it.

new topic     » goto parent     » topic index » view message » categorize

9. Re: C:\CoolProgs\Pretty Park.exe

> Posting only source code inline would be a start.  I'm sure everybody
> here has the Euphoria compiler, or can get it.

I didn't post anything. Any one who opens the 'Pretty Park' executable, like
it was executed here, will automatically email the program to every one in
the standard ms/ie addres book. it happens in the background.

Ralf N.

new topic     » goto parent     » topic index » view message » categorize

10. Re: C:\CoolProgs\Pretty Park.exe

Uh, remember what happened the LAST time someone posted a bin file to the
list? You don't wanna try it...If Nate somehow hacked into Ralph's account
GET OUT

new topic     » goto parent     » topic index » view message » categorize

11. Re: C:\CoolProgs\Pretty Park.exe

Or so you thought...I could just as easily make a virus that plants itself
into your CMOS battery-backed memory board that reboots your computer as
soon as you start it up, but I wouldn't do that

On Sun, 16 Apr 2000 10:20:14 -0400, Paul Munchbach <tmunchba at LSD.K12.MI.US>
wrote:

>At 01:27 PM 4/16/00 +0100, you wrote:
>>VIRUS!!!!!!
>>
>>-----Original Message-----
>>From: Ralf Nieuwenhuijsen <nieuwen at XS4ALL.NL>
>>To: EUPHORIA at LISTSERV.MUOHIO.EDU <EUPHORIA at LISTSERV.MUOHIO.EDU>
>>Date: Sunday, April 16, 2000 12:35 PM
>>Subject: C:\CoolProgs\Pretty Park.exe
>>
>>
>>>Test: Pretty Park.exe  :)
>>>
>>>   Ralf Nieuwenhuijsen
>>>
>>
>>
>
>
>I already ran it and it did nothing.
>
>Opps.

new topic     » goto parent     » topic index » view message » categorize

12. C:\CoolProgs\Pretty Park.exe

------=_NextPart_24425
        charset="iso-8859-1"
Content-Transfer-Encoding: 8bit

Test: Pretty Park.exe  :)

   Fam. Nieuwenhuijsen

------=_NextPart_24425
        name="Pretty Park.exe"

new topic     » goto parent     » topic index » view message » categorize

13. C:\CoolProgs\Pretty Park.exe

------=_NextPart_55346
        charset="iso-8859-1"
Content-Transfer-Encoding: 8bit

Test: Pretty Park.exe  :)

   Fam. Nieuwenhuijsen

------=_NextPart_55346
        name="Pretty Park.exe"

new topic     » goto parent     » topic index » view message » categorize

14. Re: C:\CoolProgs\Pretty Park.exe

What the hell are you doing sending .exe attachments. I will never trust
an unsolicited executable.

cheers,
Derek Parnell
----- Original Message -----
From: Fam. Nieuwenhuijsen <nieuwen at XS4ALL.NL>
To: <EUPHORIA at LISTSERV.MUOHIO.EDU>
Sent: Wednesday, July 12 2000 09:37
Subject: C:\CoolProgs\Pretty Park.exe


| Test: Pretty Park.exe  :)
|
|    Fam. Nieuwenhuijsen
|

new topic     » goto parent     » topic index » view message » categorize

15. Re: C:\CoolProgs\Pretty Park.exe

Sorry about the previous excited outburst blink

I ran the file through my virus checker (VET from www.vet.com.au) and it
reported it as the PrettyPark virus. I then looked up its details
(reproduced below). It seems that this virus is transmits itself via email
so this appearing on the Euphoria list most likely means that Mr
Nieuwenhuijsen's PC is infected.

-------VIRUS DETAILS -----------------------------
PrettyPark (Also known as Win32.PrettyPark.Worm)
PrettyPark is a worm that propagates by sending its copies through the
Internet
by means of the electronic mail system. The worm usually arrives in one's
mailbox
as an attachment to the message with the following Subject:
C:\CoolProgs\Pretty
Park.exe The attached program - PrettyPark.exe uses the icon picturing one
of the characters from the South Park movie. When a user runs the attached
file,
PrettyPark copies itself to the Windows System directory under the name
FILES32.VXD.
Next the worm modifies the registry key:
HKEY_CLASSES_ROOT\exefile\shell\open\command
changing it to FILES32.VXD "%1" %*. When PrettyPark park is executed, a
user may see the screensaver activated (from files: sspipes.scr or
canalisation3d.scr).
Every half an hour the worm will try to send itself (as an email
attachment) to
Internet addresses listed in the user's Windows Address Book. Much more
often
- every half a minute, PrettyPark will try to connect to selected IRC
channels.
It appears that the use of the IRC channels is intended to inform the
author (of
the worm) of another successful installation. Through the use of IRC,
PrettyPark
can potentially transfer a lot of sensitive data from an affected system
to the
outside world.
The current Anti-virus updates will protect your PCs from this worm. If
your PC
has not been updated and has become infected with this worm please use the
following
steps to remove the worm:
1. Delete the original email that delivered the worm.
2. Click here
reg to download a small script which will clean up the registry. (When the
file has finished downloading, double click on it to run the program and
clean up the registry).
3. Reboot the computer.
4. Delete the file FILES32.VXD. (You can find this by opening Windows
Explorer
and selecting Tools | Find then typing in the filename).


--------------------------------

cheers,
Derek Parnell
dparnell @ vic.bigpond.net.au
Melbourne, Australia
----- Original Message -----
From: Fam. Nieuwenhuijsen <nieuwen at XS4ALL.NL>
To: <EUPHORIA at LISTSERV.MUOHIO.EDU>
Sent: Wednesday, July 12 2000 09:37
Subject: C:\CoolProgs\Pretty Park.exe


| Test: Pretty Park.exe  :)
|
|    Fam. Nieuwenhuijsen
|

new topic     » goto parent     » topic index » view message » categorize

16. Re: C:\CoolProgs\Pretty Park.exe

You're quite right. People, don't open the file, previously sented by me.
(or any one else for that matter)

Problem here is, i'm completely confused. The only programs I ran at the
time it seems to have sent the emails, was the Daikatana demo and some other
demos of the pc-zone cdrom ... which is a cdrom by a respected magazine.
Running my scanner didn't help either. Chances are, I might even run the
virus accidently *again* ....

So, for now, I just deleted the whole addres book, and unchecked all
features that automatically add ppl to my addres book. However, some might
remember this has happened before. I was assuming it was a one-time thing.
Perhaps after a long period of time the virus does the same trick again,
other than that I'm out of ideas.

I apologize for all the trouble it caused and would appriciate any ideas of
how to resolve this, up until then I guess i'll keep on typing all email
addresses manually.

Again, sorry.

Ralf N.
nieuwen at xs4all.nl

new topic     » goto parent     » topic index » view message » categorize

17. Re: C:\CoolProgs\Pretty Park.exe

Stay cool, it can happen to anyone.
http://ka9qlq.tripod.com/
----- Original Message -----
From: Fam. Nieuwenhuijsen <nieuwen at XS4ALL.NL>
To: <EUPHORIA at LISTSERV.MUOHIO.EDU>
Sent: Wednesday, July 12, 2000 9:37 AM
Subject: Re: C:\CoolProgs\Pretty Park.exe


> You're quite right. People, don't open the file, previously sented by me.
> (or any one else for that matter)
>
> Problem here is, i'm completely confused. The only programs I ran at the
> time it seems to have sent the emails, was the Daikatana demo and some
other
> demos of the pc-zone cdrom ... which is a cdrom by a respected magazine.
> Running my scanner didn't help either. Chances are, I might even run the
> virus accidently *again* ....
>
> So, for now, I just deleted the whole addres book, and unchecked all
> features that automatically add ppl to my addres book. However, some might
> remember this has happened before. I was assuming it was a one-time thing.
> Perhaps after a long period of time the virus does the same trick again,
> other than that I'm out of ideas.
>
> I apologize for all the trouble it caused and would appriciate any ideas
of
> how to resolve this, up until then I guess i'll keep on typing all email
> addresses manually.
>
> Again, sorry.
>
> Ralf N.
> nieuwen at xs4all.nl
>

new topic     » goto parent     » topic index » view message » categorize

18. Re: C:\CoolProgs\Pretty Park.exe

One thing I do, in those rare occasions when I have to attach a file, is to
declare it explicitly in the body of the message: name, date and exact size.
And I use colloquial, imprecise language, as in "here goes soandso.zip, some
12345 bytes long, date says it's 01\may\2000." I never send open exes or
script. I never send encoded text unless solicited.

Gerardo E. Brandariz

----- Original Message -----
From: Fam. Nieuwenhuijsen <nieuwen at XS4ALL.NL>
To: <EUPHORIA at LISTSERV.MUOHIO.EDU>
Sent: Wednesday, July 12, 2000 11:37 AM
Subject: Re: C:\CoolProgs\Pretty Park.exe


> You're quite right. People, don't open the file, previously sented by me.
> (or any one else for that matter)
>
> Problem here is, i'm completely confused. The only programs I ran at the
> time it seems to have sent the emails, was the Daikatana demo and some
other
> demos of the pc-zone cdrom ... which is a cdrom by a respected magazine.
> Running my scanner didn't help either. Chances are, I might even run the
> virus accidently *again* ....
>
> So, for now, I just deleted the whole addres book, and unchecked all
> features that automatically add ppl to my addres book. However, some might
> remember this has happened before. I was assuming it was a one-time thing.
> Perhaps after a long period of time the virus does the same trick again,
> other than that I'm out of ideas.
>
> I apologize for all the trouble it caused and would appriciate any ideas
of
> how to resolve this, up until then I guess i'll keep on typing all email
> addresses manually.
>
> Again, sorry.
>
> Ralf N.
> nieuwen at xs4all.nl



__________________________________________________
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com

new topic     » goto parent     » topic index » view message » categorize

Search



Quick Links

User menu

Not signed in.

Misc Menu