Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Threats » PrettyPark.Worm

Overview

Threat Risk MEDIUM MEDIUM
Destructivity MEDIUM MEDIUM
Payload
Detection files published
Description created 29 Apr 2011 03:00:00
Description updated 19 Jan 2011 02:27:00
Malware type WORM
Alias
Spreading mechanism EMAIL
Summary None

PrettyPark.Worm

Spreading

When the e-mail attachment is launched, this action takes place:
It creates the file FILES32.VXD to Windows System directory default is C:\WINDOWS\SYSTEM) It changes a registry setting so that the file FILES32.VXD is run each time an EXE file is run. It may display a screensaver. It tries to e-mail itself to all entries in the address book every 30 minutes. It tries to connect to a IRC server and join a specific IRC channel. While connected the user is in danger of being compromised, as information about his/her computer environment may be revealed.

Payload Details

n/a

Analysis

n/a

Removal

The removal of the worm has to be done semi-manually by performing these steps in this order: Download the file PARKFIX.REG by right clicking on it.,   Run the file PARKFIX.REG from "My Computer" by double clicking on it.   Verify the message that appears on the screen about adding information to the registry with OK   Reboot the computer.   Delete the files 'windir'\SYSTEM\FILES32.VXD (default is c:\windows\system) and PrettyPark.exe


Last Updated: 12 Nov 2015 11:06:15