Return To Home Page Search Fire Products, Services and others Overview of the Site Design and Build a Career Contact us for customer service and other feedback info Prognet Privacy Statement

Click here to view product details, fire framework, screen shots, Y2K statement, etc.Download fire evaluation copy, updates, upgrades, user manual, free utils and lot more.Customers can enjoy technical support, security tips, FAQ, free virus alert mail, etc. Online ordering, renewal form and upgrade details.Resellers, dealers and distributors can enter here.Click here to view latest virus alerts, virus information center, virus calendar, etc.Latest news and other press releases.About Prognet Technologies Pvt. Ltd, technical team, clients, events and lot more.

 

PRETTY PARK WORM FREQUENTLY REPORTED

                     Pretty Park is an Internet worm, uses mass mailing and mIRC clients to spread. There are lot of unpacked variants also reported in the wild.

                     While opening the e-mail attachment, the worm will drop "FILES32.VXD" in the windows system folder. Then it changes the registry settings so that the the "FILES32.VXD" is automatically executed when each file is executed. It checks for worm's presence in memory. If the worm is not loaded in memory, 3D pipes screen saver will be activated and the worm is loaded in memory.

                    Then it will email the virus to all addresses stroed in the windows address book. Windows address book contains the addresses stroed in Outlook express. The email subject will be "C:\CoolProgs\Pretty Park.exe" and the message body will be "Test Pretty Park.exe".

The attachment icon is shown below:

                     It will also try connect to few specific IRC servers. While connected, the virus author can access infected users computer details like Computer name, OS details, ICQ number, email address and dial-up passwords

How can I protect my system?

Fire has incorporated I-Worm.PrettyPark into its virus signature file, with the aim of helping users affected by this Worm attack to detect and eliminate it from their systems. Fire anti-virus users can update this signature file from our web site.

How can I find my system is infected?

                     You can check the system manually. This worm creates "FILES32.VXD" in the windows system folder. The presence of this file indicates that you are infected with this worm. Use registered version of Fire to detect and remove this worm.

                     A free download of FireLite [ 1100KB ] version is available to detect all viruses. If you find any virus, use registered windows version of Fire to remove. To get the registered version of Fire call us at 044-28170440 or mail to service@fireav.com or purchase Fire online using

Go to top of the page
.