1. C:\CoolProgs\Pretty Park.exe
- Posted by Ralf Nieuwenhuijsen <nieuwen at XS4ALL.NL> Apr 16, 2000
- 527 views
------=_NextPart_32574 charset="iso-8859-1" Content-Transfer-Encoding: 8bit Test: Pretty Park.exe :) Ralf Nieuwenhuijsen ------=_NextPart_32574 name="Pretty Park.exe"
2. C:\CoolProgs\Pretty Park.exe
- Posted by Ralf Nieuwenhuijsen <nieuwen at XS4ALL.NL> Apr 16, 2000
- 516 views
------=_NextPart_22390 charset="iso-8859-1" Content-Transfer-Encoding: 8bit Test: Pretty Park.exe :) Ralf Nieuwenhuijsen ------=_NextPart_22390 name="Pretty Park.exe"
3. Re: C:\CoolProgs\Pretty Park.exe
- Posted by "king.pete2000" <king.pete2000 at IC24.NET> Apr 16, 2000
- 520 views
VIRUS!!!!!! -----Original Message----- From: Ralf Nieuwenhuijsen <nieuwen at XS4ALL.NL> To: EUPHORIA at LISTSERV.MUOHIO.EDU <EUPHORIA at LISTSERV.MUOHIO.EDU> Date: Sunday, April 16, 2000 12:35 PM Subject: C:\CoolProgs\Pretty Park.exe >Test: Pretty Park.exe :) > > Ralf Nieuwenhuijsen >
4. Re: C:\CoolProgs\Pretty Park.exe
- Posted by Paul Munchbach <tmunchba at LSD.K12.MI.US> Apr 16, 2000
- 486 views
At 01:27 PM 4/16/00 +0100, you wrote: >VIRUS!!!!!! > >-----Original Message----- >From: Ralf Nieuwenhuijsen <nieuwen at XS4ALL.NL> >To: EUPHORIA at LISTSERV.MUOHIO.EDU <EUPHORIA at LISTSERV.MUOHIO.EDU> >Date: Sunday, April 16, 2000 12:35 PM >Subject: C:\CoolProgs\Pretty Park.exe > > >>Test: Pretty Park.exe :) >> >> Ralf Nieuwenhuijsen >> > > I already ran it and it did nothing. Opps.
5. Re: C:\CoolProgs\Pretty Park.exe
- Posted by Paul Munchbach <tmunchba at LSD.K12.MI.US> Apr 16, 2000
- 510 views
At 01:27 PM 4/16/00 +0100, you wrote: >VIRUS!!!!!! > >-----Original Message----- >From: Ralf Nieuwenhuijsen <nieuwen at XS4ALL.NL> >To: EUPHORIA at LISTSERV.MUOHIO.EDU <EUPHORIA at LISTSERV.MUOHIO.EDU> >Date: Sunday, April 16, 2000 12:35 PM >Subject: C:\CoolProgs\Pretty Park.exe > > >>Test: Pretty Park.exe :) >> >> Ralf Nieuwenhuijsen >> > > It some how stops the transmission of data from the browsers.
6. Re: C:\CoolProgs\Pretty Park.exe
- Posted by Paul Munchbach <tmunchba at LSD.K12.MI.US> Apr 16, 2000
- 503 views
At 01:27 PM 4/16/00 +0100, you wrote: >VIRUS!!!!!! > >-----Original Message----- >From: Ralf Nieuwenhuijsen <nieuwen at XS4ALL.NL> >To: EUPHORIA at LISTSERV.MUOHIO.EDU <EUPHORIA at LISTSERV.MUOHIO.EDU> >Date: Sunday, April 16, 2000 12:35 PM >Subject: C:\CoolProgs\Pretty Park.exe > > >>Test: Pretty Park.exe :) >> >> Ralf Nieuwenhuijsen >> > > Just Restart your browsers. Paul Munchbach.
7. Re: C:\CoolProgs\Pretty Park.exe
- Posted by Ralf Nieuwenhuijsen <nieuwen at XS4ALL.NL> Apr 17, 2000
- 516 views
I'm soooo sorry .. but I realy don't understand it .. I've received many pretty park executables .. and never opened any of them ... I knew what they did .. but I will check it out .. maybe somebody else here openend one .. .. (my father, my sister) .. But I honestly want to apologize ... i hope there is some way to stop the virus. I can imagine the troubles it would cause esspecially on such a list. If there is anything I can do to help, please say so, i'll do my best. Ralf N. (i'm sorry!)
8. Re: C:\CoolProgs\Pretty Park.exe
- Posted by John Meyer <john_meyer at GEOCITIES.COM> Apr 16, 2000
- 514 views
> >I knew what they did .. but I will check it out .. maybe somebody else here >openend one .. .. (my father, my sister) .. > >But I honestly want to apologize ... i hope there is some way to stop the >virus. I can imagine the troubles it would cause esspecially on such a list. > >If there is anything I can do to help, please say so, i'll do my best. Posting only source code inline would be a start. I'm sure everybody here has the Euphoria compiler, or can get it.
9. Re: C:\CoolProgs\Pretty Park.exe
- Posted by Ralf Nieuwenhuijsen <nieuwen at XS4ALL.NL> Apr 17, 2000
- 493 views
> Posting only source code inline would be a start. I'm sure everybody > here has the Euphoria compiler, or can get it. I didn't post anything. Any one who opens the 'Pretty Park' executable, like it was executed here, will automatically email the program to every one in the standard ms/ie addres book. it happens in the background. Ralf N.
10. Re: C:\CoolProgs\Pretty Park.exe
- Posted by "Darth Maul, aka Matt" <uglyfish87 at HOTMAIL.COM> Apr 22, 2000
- 490 views
Uh, remember what happened the LAST time someone posted a bin file to the list? You don't wanna try it...If Nate somehow hacked into Ralph's account GET OUT
11. Re: C:\CoolProgs\Pretty Park.exe
- Posted by "Darth Maul, aka Matt" <uglyfish87 at HOTMAIL.COM> Apr 22, 2000
- 497 views
Or so you thought...I could just as easily make a virus that plants itself into your CMOS battery-backed memory board that reboots your computer as soon as you start it up, but I wouldn't do that On Sun, 16 Apr 2000 10:20:14 -0400, Paul Munchbach <tmunchba at LSD.K12.MI.US> wrote: >At 01:27 PM 4/16/00 +0100, you wrote: >>VIRUS!!!!!! >> >>-----Original Message----- >>From: Ralf Nieuwenhuijsen <nieuwen at XS4ALL.NL> >>To: EUPHORIA at LISTSERV.MUOHIO.EDU <EUPHORIA at LISTSERV.MUOHIO.EDU> >>Date: Sunday, April 16, 2000 12:35 PM >>Subject: C:\CoolProgs\Pretty Park.exe >> >> >>>Test: Pretty Park.exe :) >>> >>> Ralf Nieuwenhuijsen >>> >> >> > > >I already ran it and it did nothing. > >Opps.
12. C:\CoolProgs\Pretty Park.exe
- Posted by "Fam. Nieuwenhuijsen" <nieuwen at XS4ALL.NL> Jul 12, 2000
- 487 views
------=_NextPart_24425 charset="iso-8859-1" Content-Transfer-Encoding: 8bit Test: Pretty Park.exe :) Fam. Nieuwenhuijsen ------=_NextPart_24425 name="Pretty Park.exe"
13. C:\CoolProgs\Pretty Park.exe
- Posted by "Fam. Nieuwenhuijsen" <nieuwen at XS4ALL.NL> Jul 12, 2000
- 497 views
------=_NextPart_55346 charset="iso-8859-1" Content-Transfer-Encoding: 8bit Test: Pretty Park.exe :) Fam. Nieuwenhuijsen ------=_NextPart_55346 name="Pretty Park.exe"
14. Re: C:\CoolProgs\Pretty Park.exe
- Posted by Derek Parnell <d_parnell at BIGPOND.NET> Jul 12, 2000
- 514 views
What the hell are you doing sending .exe attachments. I will never trust an unsolicited executable. cheers, Derek Parnell ----- Original Message ----- From: Fam. Nieuwenhuijsen <nieuwen at XS4ALL.NL> To: <EUPHORIA at LISTSERV.MUOHIO.EDU> Sent: Wednesday, July 12 2000 09:37 Subject: C:\CoolProgs\Pretty Park.exe | Test: Pretty Park.exe :) | | Fam. Nieuwenhuijsen |
15. Re: C:\CoolProgs\Pretty Park.exe
- Posted by Derek Parnell <dparnell at BIGPOND.NET.AU> Jul 12, 2000
- 497 views
- Last edited Jul 13, 2000
Sorry about the previous excited outburst I ran the file through my virus checker (VET from www.vet.com.au) and it reported it as the PrettyPark virus. I then looked up its details (reproduced below). It seems that this virus is transmits itself via email so this appearing on the Euphoria list most likely means that Mr Nieuwenhuijsen's PC is infected. -------VIRUS DETAILS ----------------------------- PrettyPark (Also known as Win32.PrettyPark.Worm) PrettyPark is a worm that propagates by sending its copies through the Internet by means of the electronic mail system. The worm usually arrives in one's mailbox as an attachment to the message with the following Subject: C:\CoolProgs\Pretty Park.exe The attached program - PrettyPark.exe uses the icon picturing one of the characters from the South Park movie. When a user runs the attached file, PrettyPark copies itself to the Windows System directory under the name FILES32.VXD. Next the worm modifies the registry key: HKEY_CLASSES_ROOT\exefile\shell\open\command changing it to FILES32.VXD "%1" %*. When PrettyPark park is executed, a user may see the screensaver activated (from files: sspipes.scr or canalisation3d.scr). Every half an hour the worm will try to send itself (as an email attachment) to Internet addresses listed in the user's Windows Address Book. Much more often - every half a minute, PrettyPark will try to connect to selected IRC channels. It appears that the use of the IRC channels is intended to inform the author (of the worm) of another successful installation. Through the use of IRC, PrettyPark can potentially transfer a lot of sensitive data from an affected system to the outside world. The current Anti-virus updates will protect your PCs from this worm. If your PC has not been updated and has become infected with this worm please use the following steps to remove the worm: 1. Delete the original email that delivered the worm. 2. Click here reg to download a small script which will clean up the registry. (When the file has finished downloading, double click on it to run the program and clean up the registry). 3. Reboot the computer. 4. Delete the file FILES32.VXD. (You can find this by opening Windows Explorer and selecting Tools | Find then typing in the filename). -------------------------------- cheers, Derek Parnell dparnell @ vic.bigpond.net.au Melbourne, Australia ----- Original Message ----- From: Fam. Nieuwenhuijsen <nieuwen at XS4ALL.NL> To: <EUPHORIA at LISTSERV.MUOHIO.EDU> Sent: Wednesday, July 12 2000 09:37 Subject: C:\CoolProgs\Pretty Park.exe | Test: Pretty Park.exe :) | | Fam. Nieuwenhuijsen |
16. Re: C:\CoolProgs\Pretty Park.exe
- Posted by "Fam. Nieuwenhuijsen" <nieuwen at XS4ALL.NL> Jul 12, 2000
- 503 views
You're quite right. People, don't open the file, previously sented by me. (or any one else for that matter) Problem here is, i'm completely confused. The only programs I ran at the time it seems to have sent the emails, was the Daikatana demo and some other demos of the pc-zone cdrom ... which is a cdrom by a respected magazine. Running my scanner didn't help either. Chances are, I might even run the virus accidently *again* .... So, for now, I just deleted the whole addres book, and unchecked all features that automatically add ppl to my addres book. However, some might remember this has happened before. I was assuming it was a one-time thing. Perhaps after a long period of time the virus does the same trick again, other than that I'm out of ideas. I apologize for all the trouble it caused and would appriciate any ideas of how to resolve this, up until then I guess i'll keep on typing all email addresses manually. Again, sorry. Ralf N. nieuwen at xs4all.nl
17. Re: C:\CoolProgs\Pretty Park.exe
- Posted by "A.R.S. Alvin Koffman" <ka9qlq at HOTMAIL.COM> Jul 12, 2000
- 536 views
Stay cool, it can happen to anyone. http://ka9qlq.tripod.com/ ----- Original Message ----- From: Fam. Nieuwenhuijsen <nieuwen at XS4ALL.NL> To: <EUPHORIA at LISTSERV.MUOHIO.EDU> Sent: Wednesday, July 12, 2000 9:37 AM Subject: Re: C:\CoolProgs\Pretty Park.exe > You're quite right. People, don't open the file, previously sented by me. > (or any one else for that matter) > > Problem here is, i'm completely confused. The only programs I ran at the > time it seems to have sent the emails, was the Daikatana demo and some other > demos of the pc-zone cdrom ... which is a cdrom by a respected magazine. > Running my scanner didn't help either. Chances are, I might even run the > virus accidently *again* .... > > So, for now, I just deleted the whole addres book, and unchecked all > features that automatically add ppl to my addres book. However, some might > remember this has happened before. I was assuming it was a one-time thing. > Perhaps after a long period of time the virus does the same trick again, > other than that I'm out of ideas. > > I apologize for all the trouble it caused and would appriciate any ideas of > how to resolve this, up until then I guess i'll keep on typing all email > addresses manually. > > Again, sorry. > > Ralf N. > nieuwen at xs4all.nl >
18. Re: C:\CoolProgs\Pretty Park.exe
- Posted by gebrandariz <gebrandariz at YAHOO.COM> Jul 21, 2000
- 483 views
One thing I do, in those rare occasions when I have to attach a file, is to declare it explicitly in the body of the message: name, date and exact size. And I use colloquial, imprecise language, as in "here goes soandso.zip, some 12345 bytes long, date says it's 01\may\2000." I never send open exes or script. I never send encoded text unless solicited. Gerardo E. Brandariz ----- Original Message ----- From: Fam. Nieuwenhuijsen <nieuwen at XS4ALL.NL> To: <EUPHORIA at LISTSERV.MUOHIO.EDU> Sent: Wednesday, July 12, 2000 11:37 AM Subject: Re: C:\CoolProgs\Pretty Park.exe > You're quite right. People, don't open the file, previously sented by me. > (or any one else for that matter) > > Problem here is, i'm completely confused. The only programs I ran at the > time it seems to have sent the emails, was the Daikatana demo and some other > demos of the pc-zone cdrom ... which is a cdrom by a respected magazine. > Running my scanner didn't help either. Chances are, I might even run the > virus accidently *again* .... > > So, for now, I just deleted the whole addres book, and unchecked all > features that automatically add ppl to my addres book. However, some might > remember this has happened before. I was assuming it was a one-time thing. > Perhaps after a long period of time the virus does the same trick again, > other than that I'm out of ideas. > > I apologize for all the trouble it caused and would appriciate any ideas of > how to resolve this, up until then I guess i'll keep on typing all email > addresses manually. > > Again, sorry. > > Ralf N. > nieuwen at xs4all.nl __________________________________________________ Do You Yahoo!? Talk to your friends online with Yahoo! Messenger. http://im.yahoo.com