|
Profile
To Download DAT update
click here . To Download Fix click here . |
|||||||||||||||||||||
|
Name Aliases Variants Date Added Information
Characteristics
-------------
Test: Pretty Park.exe :)
Attached is the file "Pretty park.exe" and in some cases "Pretty~1.exe".
This worm will try to email itself automatically every 30 minutes to all email addresses listed in the Windows address book associated with Outlook Express.
A second function of this worm is that it will also try to connect to an IRC server and join a specific IRC channel. While connected, this worm tries to stay connected by sending information to the IRC server, and will also retrieve any commands from the IRC channel. While on the determined IRC server, the author of this worm could use the connection as a remote access trojan in order to get information such as the computer name, registered owner, registered organization, system root path, and Dial Up Networking username and passwords.
Symptoms
-------------
Test: Pretty Park.exe :)
This program, when run will copy itself to FILES32.VXD in WINDOWS\SYSTEM folder. It then modifies the registry key value "command" located in the location:
HKEY_LOCAL_MACHINE\Software\CLASSES\exefile\shell\open
from "%1" %* to FILES32.VXD "%1" %*. This in essence will cause the FILES32.VXD to run during the execution of any exe file.
Click her to see more info about W32/Pretty.worm virus. |
