mgs
[Top] [All Lists]

BEWARE of MY transmitted virus, DAMMIT !!!

To: mgs@autox.team.net
Subject: BEWARE of MY transmitted virus, DAMMIT !!!
From: Barney Gaylord <barneymg@ntsource.com>
Date: Thu, 03 Feb 2000 02:42:21 -0600
Dear listers,

There is a real and verified virus that IS (or was) emminating from my
computer.  I appologize in the most profound way if I and/or my computer
have caused you any problem(s).  My old computer had sufferd a crash from
multiple hardware contusions, and I have just purchased a new computer,
right out of the box up and running for only a few days.  In the process of
setup and configuration I did a tape data restore from the old system onto
the new system, so I do not know if this virus is old or new.  The system
is a Systemax SYS-PJM-C400NM with a Intel Celeron 400 PPGA CPU (Pentium-II
processor).

This virus comes in the form of an executable program file called <Pretty
Park.exe> or possibly <prettypa.exe>, and it has been found attached to a
couple of test e-mail messages from my address of origin addressed to at
least two of my acquaintances from the mgs list.  Those would be the ones
reporting back to me, but I have no idea how many more of you may have
received similar messages.  The respondents reported that their equpment
identified this attachment as a virus.  I had no knowledge that these
messages had been sent from my machine, and there is no residual record of
these messages anywhere on my machine.  And it gets worse.  PLEASE DO NOT
RUN THIS PROGRAM.

I was doing a general data house cleaning on my new computer when I ran
across a cute little icon (don't recall which folder it was in), a
cheerfully colored smiley face on a diamond background if I recall
correctly, with the title PRETTYPA underneath.  Wondering what this was on
my new computer, I casually poked the icon to see what it would do.  There
was a short blip for a second or so, and then back to normal like nothing
had happened, so I deleted the program icon and went on.  PLEASE DO NOT DO
THIS.

Only a little while later I noticed my machine trying to dial out to
connect to my local ISP for no known reason, and when I tried CANCEL it
didn't work, and when I tried to close the application (the dialer) it
didn't work, and when I hit the power button on the cabinet it didn't shut
down either.  The dialer showed data being transmitted in a continuous
stream, so I finally killed the line power from the wall socket (UPS in
this case).  I have no idea how much unaccounted for data escaped in the
interrim, but I presume that this was when the virus escaped from my
machine into the internet.  And it still gets worse.  Please, please,
PLEASE do not run this program.
 
Upon rebooting my machine it went through the normal ScanDisk routine that
Windows_98 performs after an abnormal shutdown, with no reported problems.
Shortly thereafter I noticed the dialer come up again, so I immediately
disabled automatic dialing.  Even with no applications running, opened, or
even minimized, it was still trying to dial out.  Checking in the Startup
program folder I was horrified to find several hunderd items, many of them
multiple sequentially numbered copies of of the application programs
showing on the desktop.  With due dilligence I managed to delete everything
from the Startup folder and reboot the machine, and still it was trying to
dial out.  YIKES!

I have since deleted all folders and contents under the folders for
Programs, Favorites and Documents, and this seems to have stopped the
problem at the moment, but I'm still not sure.  At the very least there is
now no file anywhere on my hard drive with the name pretty*.* anything (no
derivative of the word PRETTY).  So now I think I get to restore the
original operating system from the CD-ROM, as I have severely decimated and
deneutered my machine in the fury of the moment.

One thing that does remain, but shall be promptly deleted, is a failed task
in MS Outlook Express labeled "Check for new messages on 'ntsource....",
with ntsource being my local ISP.  This appearantly causes Outlook Express
to call up the dialer to attempt to complete the unfinished task, even
though MSOE is not called up to run and not on the task bar, looking like
it would always try to do this in the background no matter what.  There was
a period of about 48 hours when I was using MSOE for reading mail, as it
was the default mailer on the new machine.  I have installed Eudora Light
(downloaded new copy for Win-98 from tucows.com) to use as my mail
application (long tradition), and will not be using MSOE for mail.

This is the first time in 20 or more years of computering I have ever
experienced a virus on my own equipment, and I would be very happy never to
see it again.  If anyone has any knowledge of this particular virus or its
consequences or treatment, may they speak now on behalf of the entire mgs
list and anyone else who may have been involved with the transmission.
Once again, I am very sorry for any inconvenience I may have caused.  I
stand here naked in your presence (perish the thought) ready to be stoned
if it would help in any way.

Humbly yours,

Barney Gaylord
1958 MGA with an attitude (and no connection to this incident whatsoever)
    http://www.ntsource.com/~barneymg


<Prev in Thread] Current Thread [Next in Thread>