This worm is not pretty as it’s sounded. This is a email worm like Happy99.exe. Pretty Park Worm is also known as prettypark.exe, files32.exe, or prettyorg.exe. The Windows system can get easily affected to this worm. Once pretty park is up and running it will try to automatically email itself every 30 minutes after it is loaded to every email addresses in your address book.
This not so pretty worm will also try to connect to an IRC server and will join a specific channel. To make itself connected and also to retrieve any IRC commands, it tries to sends information every 30 seconds. This is very dangerous because the author can get a hand and access to any information that includes computer name, product name, product identifier, product key, registered owner, registered organization, system root path, version, version number, ICQ identification numbers, ICQ nicknames, victim’s email address, and username and passwords. In addition, being connected to IRC opens a security hole in which the client can potentially be used to receive and execute files.
When Pretty Park is executed it creates a file called files32.vxd in the C:\Windows\System directory and modifies the following registry key located at
HKEY_LOCAL_MACHINE\Software\Classes\exefile\shell\open\command
from “%1″ %*
to
files32.vxd “%1″ %*
A new variant of the Pretty Park Worm also creates a similar change to the following registry key.
HKEY_CLASSES_ROOT\exefile\shell\open\command
Below is the steps on how you can manually remove this worm. The procedure below requires registry modification, I highly suggest that you make a backup of your registry before your proceed.
1. Click Start –> Run.
2. Type REGEDIT, then click OK.
3. Modify the following Registry value:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command
and change
files32.vxd “%1″ %*
to
“%1″ %*
4. Repeat the above step for the following Registry Key
HKEY_CLASSES_ROOT\exefile\shell\open\command
5. Find and Delete the PrettyPark.exe file.
6. Restart your computer.
7. Find and delete Files32.vxd located c:\Windows\System\Files32.vxd.
Want a more easier way to remove this worm? Download the pretty park remover below
source : http://pcremix.com/
No comments:
Post a Comment