Lumension® Endpoint Intelligence Center
Intelligence Center » Browse All Threats » PrettyPark.Worm
Overview |
|
| Threat Risk |  MEDIUM |
| Destructivity | MEDIUM |
| Payload | |
| Detection files published | |
| Description created | 30 Apr 2011 12:00:00 |
| Description updated | 19 Jan 2011 11:27:00 |
| Malware type | WORM |
| Alias | |
| Spreading mechanism | EMAIL |
| Summary | None |
PrettyPark.Worm
Spreading
When the e-mail attachment is launched, this action takes place:
It creates the file FILES32.VXD to Windows System directory default is C:\WINDOWS\SYSTEM) It changes a registry setting so that the file FILES32.VXD is run each time an EXE file is run. It may display a screensaver. It tries to e-mail itself to all entries in the address book every 30 minutes. It tries to connect to a IRC server and join a specific IRC channel. While connected the user is in danger of being compromised, as information about his/her computer environment may be revealed.
Payload Details
n/a
Analysis
n/a
Removal
The removal of the worm has to be done semi-manually by performing these steps in this order: Download the file PARKFIX.REG by right clicking on it., Run the file PARKFIX.REG from "My Computer" by double clicking on it. Verify the message that appears on the screen about adding information to the registry with OK Reboot the computer. Delete the files 'windir'\SYSTEM\FILES32.VXD (default is c:\windows\system) and PrettyPark.exe
IT Risk Posture:
Free Risk Assessment Tools
Application Scanner
Find vulnerabilities on your network.
Device Scanner
Find vulnerabilities on your network.
Vulnerability Scanner
Find vulnerabilities on your network.
Last Updated: 16 May 2012 10:01:44
