Precisa de ajuda? Peça à comunidade ou contrate um perito.
Acesse a Avira Answers
Alias:Trojan Horse, W32.PrettyPark, Trojan.PSW.CHV, CHV, W32/Pretty.worm.unp, I-Worm.PrettyPark [Kaspersky], W32/Pretty.gen@MM [McAfee], W32/Pretty [Sophos], WORM_PRETTYPARK [Trend]
Size:37,376 Bytes 
Damage:Sent by email. 
VDF Version:  

DistributionSubject: C:\CoolProgs\Pretty Park.exe
Attachment: PrettyPark.EXE

Technical DetailsWhen activated, W32/PrettyPark starts Windows 3D Pipes screen saver.
It creates a file named Files32.vxd in C:\WinDIR\SystemDIR

It modifies the registry entry:
HKEY_LOCAL_MACHINE\Software\Classes\exefile\shell\open\command "%1" %*
into FILES32.VXD "%1" %*
and the worm sends itself per email to addresses from Internet Address Book, every 30 minutes.
It also tries to connect to IRC server and enters an IRC port, which enables the attacker to find out information on the system:
computer name
product name
product ID
product registration key
registered user
registered company
system directory
version number
ICQ ID number
ICQ name
email address
dial-up network username and passsword
Descrição enviada por Crony Walker em terça-feira, 15 de junho de 2004

Voltar . . . .