PACAMERO-L Archives

Archiver > PACAMERO > 2000-03 > 0951960474


From: "Mike" <>
Subject: [PA-CAMERON] PRETTY PARK.EXE IS A VIRUS!!!
Date: Wed, 1 Mar 2000 20:27:54 -0500


I do not know why we have not seen more warnings of this, but I have
received this worm several times in the past week. Below is information and
directions to remove it.

Mike Wennin
Come Visit the Cameron County Genealogy Project!
http://www.pa-roots.com/cameron


The PrettyPark Worm

- --------------------------------------------------------------------------
----

What is PrettyPark?
"PrettyPark" is a worm, which is a program that is similar to a virus. It
spreads from one computer to another in the form of an attachment to email
messages and newsgroup posts. Usually what happens is that somebody sends
you a legitimate e-mail message, and without the sender's knowledge, the
worm generates a second e-mail message that is also sent to you. The second
message has the title C:\CoolProgs\Pretty Park.exe. A file is attached named
PrettyPark.EXE.
Your computer can't get infected with the worm simply from downloading that
email. It will get infected with the worm if you double-click on the
PrettyPark.EXE attachment to open it. If you do this, you may see the
Windows 3D Pipe screen saver displayed.

Once your computer is infected with PrettyPark, the emails you send and the
news articles you post will all generate a second email to the recipient(s)
with the worm program attached.


What can I do?
You have two possible courses of action:

If you are a registered owner of a commercial antivirus program, you may
want to see if there's an update available which addresses Pretty Park.

You can try removing PrettyPark from your system manually. You can find
instructions on Symantec's site:

http://www.symantec.com/avcenter/venc/data/prettypark.worm.html
The manual fix involves editing the registry, and is therefore only
recommended if you're an advanced user of Windows.

Edit your registry at your own risk! If you make a mistake when editing your
registry, you might not be able to boot back into Windows. Together Networks
assumes no responsibility for errors made while editing your registry!

In addition, you MUST FOLLOW THE INSTRUCTIONS IN THE CORRECT ORDER for them
to work properly. If you delete files32.vxd before editing the registry as
described on Symantec's site, you will not be able to run any programs in
Windows once you restart your computer, including the Registry Editor.

If you are uncomfortable with ANY part of the procedure, we recommend
contacting your ISP, computer manufacturer, or computer consultant for help,
or purchasing an up-to-date antivirus software package capable of
disinfecting your machine for you.


If your computer was infected and you suspect you may have sent PrettyPark
to anyone via email, you should write to them and let them know, so they can
disinfect their machines as well and stop the spread of the worm.



- --------------------------------------------------------------------------
----
Copyright © 1998, 1999 Together Networks
Send Me Info!
Information and Sales (802) 846-4070 or 800-846-0542

Technical Support (802) 846-4036 or 800-592-1281
Or contact our helpdesk via E-mail

This thread: