Re: C:\CoolProgs\Pretty Park.exe
Sorry about the previous excited outburst 
I ran the file through my virus checker (VET from www.vet.com.au) and it
reported it as the PrettyPark virus. I then looked up its details
(reproduced below). It seems that this virus is transmits itself via email
so this appearing on the Euphoria list most likely means that Mr
Nieuwenhuijsen's PC is infected.
-------VIRUS DETAILS -----------------------------
PrettyPark (Also known as Win32.PrettyPark.Worm)
PrettyPark is a worm that propagates by sending its copies through the
Internet
by means of the electronic mail system. The worm usually arrives in one's
mailbox
as an attachment to the message with the following Subject:
C:\CoolProgs\Pretty
Park.exe The attached program - PrettyPark.exe uses the icon picturing one
of the characters from the South Park movie. When a user runs the attached
file,
PrettyPark copies itself to the Windows System directory under the name
FILES32.VXD.
Next the worm modifies the registry key:
HKEY_CLASSES_ROOT\exefile\shell\open\command
changing it to FILES32.VXD "%1" %*. When PrettyPark park is executed, a
user may see the screensaver activated (from files: sspipes.scr or
canalisation3d.scr).
Every half an hour the worm will try to send itself (as an email
attachment) to
Internet addresses listed in the user's Windows Address Book. Much more
often
- every half a minute, PrettyPark will try to connect to selected IRC
channels.
It appears that the use of the IRC channels is intended to inform the
author (of
the worm) of another successful installation. Through the use of IRC,
PrettyPark
can potentially transfer a lot of sensitive data from an affected system
to the
outside world.
The current Anti-virus updates will protect your PCs from this worm. If
your PC
has not been updated and has become infected with this worm please use the
following
steps to remove the worm:
1. Delete the original email that delivered the worm.
2. Click here
reg to download a small script which will clean up the registry. (When the
file has finished downloading, double click on it to run the program and
clean up the registry).
3. Reboot the computer.
4. Delete the file FILES32.VXD. (You can find this by opening Windows
Explorer
and selecting Tools | Find then typing in the filename).
--------------------------------
cheers,
Derek Parnell
dparnell @ vic.bigpond.net.au
Melbourne, Australia
----- Original Message -----
From: Fam. Nieuwenhuijsen <nieuwen at XS4ALL.NL>
To: <EUPHORIA at LISTSERV.MUOHIO.EDU>
Sent: Wednesday, July 12 2000 09:37
Subject: C:\CoolProgs\Pretty Park.exe
| Test: Pretty Park.exe :)
|
| Fam. Nieuwenhuijsen
|
|
Not Categorized, Please Help
|
|
