FYI Here is a description of this little bastard of a virus.
http://www.datafellows.com/v-descs/prettyp.htm
Larry
BTW Barney - you really should get a computer condom - the one we use is
VirusScan after evaluting most of the commercial ones.
At this exact moment in time 2/3/00 3:42 AM, barneymg@ntsource.com made
the profound statement:
>Dear listers,
>
>There is a real and verified virus that IS (or was) emminating from my
>computer. I appologize in the most profound way if I and/or my computer
>have caused you any problem(s). My old computer had sufferd a crash from
>multiple hardware contusions, and I have just purchased a new computer,
>right out of the box up and running for only a few days. In the process of
>setup and configuration I did a tape data restore from the old system onto
>the new system, so I do not know if this virus is old or new. The system
>is a Systemax SYS-PJM-C400NM with a Intel Celeron 400 PPGA CPU (Pentium-II
>processor).
>
>This virus comes in the form of an executable program file called <Pretty
>Park.exe> or possibly <prettypa.exe>, and it has been found attached to a
>couple of test e-mail messages from my address of origin addressed to at
>least two of my acquaintances from the mgs list. Those would be the ones
>reporting back to me, but I have no idea how many more of you may have
>received similar messages. The respondents reported that their equpment
>identified this attachment as a virus. I had no knowledge that these
>messages had been sent from my machine, and there is no residual record of
>these messages anywhere on my machine. And it gets worse. PLEASE DO NOT
>RUN THIS PROGRAM.
>
>I was doing a general data house cleaning on my new computer when I ran
>across a cute little icon (don't recall which folder it was in), a
>cheerfully colored smiley face on a diamond background if I recall
>correctly, with the title PRETTYPA underneath. Wondering what this was on
>my new computer, I casually poked the icon to see what it would do. There
>was a short blip for a second or so, and then back to normal like nothing
>had happened, so I deleted the program icon and went on. PLEASE DO NOT DO
>THIS.
>
>Only a little while later I noticed my machine trying to dial out to
>connect to my local ISP for no known reason, and when I tried CANCEL it
>didn't work, and when I tried to close the application (the dialer) it
>didn't work, and when I hit the power button on the cabinet it didn't shut
>down either. The dialer showed data being transmitted in a continuous
>stream, so I finally killed the line power from the wall socket (UPS in
>this case). I have no idea how much unaccounted for data escaped in the
>interrim, but I presume that this was when the virus escaped from my
>machine into the internet. And it still gets worse. Please, please,
>PLEASE do not run this program.
>
>Upon rebooting my machine it went through the normal ScanDisk routine that
>Windows_98 performs after an abnormal shutdown, with no reported problems.
>Shortly thereafter I noticed the dialer come up again, so I immediately
>disabled automatic dialing. Even with no applications running, opened, or
>even minimized, it was still trying to dial out. Checking in the Startup
>program folder I was horrified to find several hunderd items, many of them
>multiple sequentially numbered copies of of the application programs
>showing on the desktop. With due dilligence I managed to delete everything
>from the Startup folder and reboot the machine, and still it was trying to
>dial out. YIKES!
>
>I have since deleted all folders and contents under the folders for
>Programs, Favorites and Documents, and this seems to have stopped the
>problem at the moment, but I'm still not sure. At the very least there is
>now no file anywhere on my hard drive with the name pretty*.* anything (no
>derivative of the word PRETTY). So now I think I get to restore the
>original operating system from the CD-ROM, as I have severely decimated and
>deneutered my machine in the fury of the moment.
>
>One thing that does remain, but shall be promptly deleted, is a failed task
>in MS Outlook Express labeled "Check for new messages on 'ntsource....",
>with ntsource being my local ISP. This appearantly causes Outlook Express
>to call up the dialer to attempt to complete the unfinished task, even
>though MSOE is not called up to run and not on the task bar, looking like
>it would always try to do this in the background no matter what. There was
>a period of about 48 hours when I was using MSOE for reading mail, as it
>was the default mailer on the new machine. I have installed Eudora Light
>(downloaded new copy for Win-98 from tucows.com) to use as my mail
>application (long tradition), and will not be using MSOE for mail.
>
>This is the first time in 20 or more years of computering I have ever
>experienced a virus on my own equipment, and I would be very happy never to
>see it again. If anyone has any knowledge of this particular virus or its
>consequences or treatment, may they speak now on behalf of the entire mgs
>list and anyone else who may have been involved with the transmission.
>Once again, I am very sorry for any inconvenience I may have caused. I
>stand here naked in your presence (perish the thought) ready to be stoned
>if it would help in any way.
>
>Humbly yours,
>
>Barney Gaylord
>1958 MGA with an attitude (and no connection to this incident whatsoever)
> http://www.ntsource.com/~barneymg
Larry B. Macy, Ph.D.
macy@bblmail.psycha.upenn.edu
System Administrator/Manager
Neuropsychiatry Section
Department of Psychiatry
University of Pennsylvania
3400 Spruce St. - 1015 Gates
Philadelphia, PA 19104
Ask a question and you're a fool for three minutes; do not ask a
question and you're a fool for the rest of your life.
|