Author: Eelco de Groot
Date: 16:33:19 03/21/00
Go up one level in this thread
On March 21, 2000 at 11:41:34, Eelco de Groot wrote: >On March 21, 2000 at 09:52:14, Eelco de Groot wrote: > >>On March 21, 2000 at 07:25:21, Tina Long wrote: >> >>>Hi guys, >>>We received the PrettyPark Virus (worm) from a CCC member today. >>> >>>It is a file called PrettyPark.exe If you receive it attached to an EMail, DO >>>NOT RUN THIS FILE, just delete it. >>> >>>Once we received it, & ran the file (I'm a trusting soul, & it did have a >>>Stan-Sth Park Icon), it aimed to send EMails to everybody in our Address Book, >>>spreading the virus to them. >>> >>>As far as we know we have nobody in our Address Book (where's our address >>>book?), and everytime our computer tried all by itself to log into the internet >>>we smacked it's wrist, so we think we didn't send it to anybody. >>> >>>But as we got it from a member of CCC, others here may have received it too. >>> >>>http://support.microsoft.com/support/kb/articles/Q249/9/21.ASP >>> >>>gives the method of removing the virus if you have received it. >>> >>>It doesn't delete anything, but it tricks your computer into not wanting to run >>>Applications. You can run applications by clicking on files (eg. a .txt will >>>open Notepad, .htm will open Navigator etc). >>> >>>If anybody wants help, feel free to EMail me. >>> >>>Thanks Guys, >>>Tina Long >> >>Thousand apologies, the virus came via me. Bruce Moreland, Jeroen van Dorp >>Stephen Boak and Tina were in my address book so if any of you received Pretty >>Park.exe do not open it. Problem is now that I followed the instructions in the >>article Tina posted but some applications still do not run directly, that is to >>say Internet Explorer I can open only by opening a file and when I start the >>computer I get an error message that says, in Dutch, the equivalent of: Access >>denied to C:\Program Files\MSWorks\Agenda\WKCALREM.EXE >>So I thought this may be a new variant of the virus? Anybody any ideas what to >>do? Any suggestions very much appreciated! Help please and sorry again! I post >>this here because I do not know if it is safe to use email at the moment. >> >>Eelco > >At the moment Outlook Expres is also down so I can't read any email. I am at a >bit of a loss here. Renaming MSIMN.EXE to MSIMN.COM was not allowed because >program is used by Windows. Found some additional info at >http://support.microsoft.com/support/kb/articles/Q250/9/31.ASP?LNG=ENG&SA=PER&FR=0 >but no luck. Anybody help? > >Eelco I did manage to get rid of the worm now with the help of information found on http://vil.nai.com/vil/vpe10175.asp I had already deleted the attachment and the unpacked file with the SouthPark logo, this apparently you should not do, for editing the registry by going down the first ten points mentioned on the McAfee page did not help anymore although I got none of the error messages mentioned. I could still open a .txt file which gave access to Wordpad,- it would not open otherwise because it is an .exe file -, I could use the emptied .txt file to paste REGEDIT4 [HKEY_CLASSES_ROOT\exefile\shell\open\command] @="\"%1\" %*" [HKEY_LOCAL_MACHINE\Software\CLASSES\exefile\shell\open\command] @="\"%1\" %*" into it, save the file as undo.reg in the Windows directory ( not undo.reg.txt )and execute it by going to "Start" and then "Run". I then discovered that I had to rename Regedit.com back to Regedit.exe (otherwise that file did not run before, I'm not really sure what Regedit did have to do with the process, maybe that was just the system geting going again)) but then it appeared everything was working again. After a reboot I could open all .exe files again. Once again my apologies to everybody who got the worm-attachment, I should have taken better care. Eelco
This page took 0 seconds to execute
Last modified: Thu, 15 Apr 21 08:11:13 -0700
Current Computer Chess Club Forums at Talkchess. This site by Sean Mintz.