Fwd: DO not open any files on your email that are called......

January 17, 2001

----Original Message Follows----

" AVI Ginsberg " <aviginsberg

PMascarenaz, Amytsan, lisabury11,

Garden, ADSCHOR, davidson17, hartwell,

devilmaycare415, tatrd1, vegapril,

BOleary844, cpuello, oehlermarx,

ccomatos, Shamrck420, akahoback,

lee_chrystal, natanel_77096, LuvDumpstr,

sweetferret1133, donnasyd, gelfling,

slee294, Tippy272, jmakely1, elkin,

taiwanflower, hooter, thebigjesus,

keavan, makely_kevin, harmon500,

LAM317, irieliz, michellestellaci,

Ritaval, landr5, sarahfrancesca,

stuten, rsnegrin, Hotcomingqueen,

YMuccini

DO not open any files on your email that are called......

Tue, 16 Jan 2001 12:56:24 -0500

Fwd: Virus alert!!!>> DO NOT OPEN " PRETTY PARK " It is a virus that

>will erase your whole " C " drive. It will come to

>you in the form of an E-mail from a familiar person.>

>A friend sent it to me, but called & warned me

>before I opened it. He was not so lucky and now he

>cant even start his computer!>

>Forward this to everyone in your address book. I would

rather receive this 25 times than not at all.>

>Also Intel announced that a new and very destructive

virus was discovered recently. If you receive an email

called " An Internet Flower For You, " do not open it.>

>Delete it right away! This virus removes all dynamiclink

>libraries (.dll files) from your computer. Your computer

>will not be able to boot up.>> SEND THIS TO EVERYONE ON YOUR CONTACT LIST.

Also i was sent this today luckly virus scanner picked itup .SCARY STUFF!!

Name of File Virus Scan Result

midgets.scr W32/Hybris.gen@M Virus Found

_______________

Get your FREE download of MSN Explorer at http://explorer.msn.com

January 17, 2001

These virus warnings that ask to be passed around tend to be hoaxes, or

more accurately are the virus itself, though not much more damaging than

just an annoyance.

It is wise to find one of the better virus info pages on-line that serve

as a clearing house for information such as virus warnings. Get the news

from the horse's mouth and you can avoid a lot of false alarms.

--

Al Stone L.Ac.

<AlStone

http://www.BeyondWellBeing.com

Pain is inevitable, suffering is optional.

> Fwd: Virus alert!!!>> DO NOT OPEN " PRETTY PARK " It is a virus that

> >will erase your whole " C " drive. It will come to

> >you in the form of an E-mail from a familiar person.>

Attachment: vcard [not shown]

January 25, 2001

There is no "Good Times" virus. In fact, you should never, ever, ever forward any email containing any virus warning unless you first

confirm that virus exists through an actual site of an actual company that actually deals with viruses.

Try: http://www.symantec.com/avcenter/

Here is a copy of the web page search results for "Pretty Park"

PrettyPark.Worm

Discovered on: May 28, 1999

This worm program behaves similarly to Happy99 Worm. It was originally spread by email. When the attached program file, PrettyPark.exe, is executed, it may display the 3D pipe screen saver.

Once the worm program is executed, it tries to email itself automatically every 30 minutes (or 30 minutes after it is loaded) to email addresses registered in your Internet address book. It also tries to connect to an IRC server and join a specific IRC channel. The worm sends information to IRC every 30 seconds to keep itself connected, and to retrieve any commands from the IRC channel.

Also Known As: Trojan Horse, W32.PrettyPark, Trojan.PSW.CHV, CHV, W32/Pretty.worm.unp

Category: Worm

Infection Length: 37,376 bytes

Virus Definitions: June 4, 1999

Threat Assessment:

Wild: High

Damage: Low

Distribution: High

Wild:

Number of infections: More than 1000

Number of sites: More than 10

Geographical distribution: High

Threat containment: Moderate

Removal: Easy

Damage:

Payload: Dial-up Passwords, System Information, ICQ Information

Compromises security settings: Allows remote receipt, creation, deletion, and execution of files

Distribution:

Subject of email: C:\CoolProgs\Pretty Park.exe

Name of attachment: PrettyPark.EXE

Size of attachment: 37,376 bytes

Target of infection: Windows Registry

Technical description: By means of IRC, the worm can send personal information to the author or distributor of the worm. This information can include the computer name, product name, product identifier, product key, registered owner, registered organization, system root path, version, version number, ICQ identification numbers, ICQ nicknames, your email address, and Dial Up Networking username and passwords. In addition, being connected to IRC opens a security hole in which can potentially be used to copy files to the infected computer and execute files at the infected computer.The worm creates a file called files32.vxd in the Windows\System directory and modifies the following registry entry value from "%1" %* to files32.vxd "%1" %* without your knowledge: HKEY_LOCAL_MACHINE\Software\Classes\exefile\shell\open\command

Removal instructions: Automatic removal instructions:To automatically remove the worm, use Symantec's PrettyPark Worm Removal Tool.To use the tool: 1. Download the attached file Fixppark.zip: 2. Run an unzip utility to extract the files from Fixppark.zip:Use the unzip utility available at: http://www.winzip.com. This will extract the files Fixppark.com and Psapi.dll. Save these files to the same directory on your computer. NOTE: This tool works only on Windows 95/98 and Windows NT systems.

Windows NT: Both Fixppark.com and Psapi.dll are required for this tool to function properly on Windows NT. If you see the message "Missing psapi.dll error. Please make sure that psapi.dll is in the same directory as this tool." when you click Remove, then make sure that Psapi.dll is in the same directory as Fixppark.com. Windows 95/98: If running on Windows 95/98, only fixppark.com is required. 3. Run Fixppark.com from a floppy disk or hard disk. Fixppark.com searches for PrettyPark.Worm in memory and terminates all processes found that match it. It deletes the file Files32.vxd, which the worm added to the hard drive. It also deletes the registry key that the worm added during installation.4. Run Norton AntiVirus. Fixppark.com does not scan the entire hard disk for copies of PrettyPark.Worm. To ensure there are no other instances of PrettyPark.Worm, scan the hard disk with Norton AntiVirus after running fixppark.com. If Norton AntiVirus again reports the PrettyPark.Worm, run Fixppark.com again, to remove this second instance of the worm; or use the following "Manual removal instructions."

Although this tool has a .COM extension, it is actually a Windows executable file. It has been renamed to prevent possible problems in cases where the file Files32.vxd has already been deleted from the system. Manual removal instructions:

1. Click Start, then Run. 2. Type REGEDIT, and then click OK. 3. Navigate to the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command 4. Change the value of this key from:files32.vxd "%1" %* to :"%1" %* NOTE: The new value consists of a double quote, percent sign, the numeral one, double quote, space, percent sign, and asterisk. Don't forget the space. 5. Delete the file PrettyPark.exe 6. Restart the computer. 7.

Additional information:

December 7, 2000: Due to a recent decrease in world-wide infections of this worm, SARC is reducing the threat level of this worm to 3 and removing it from the "Top Threats" list. The first report of this worm was submitted through Norton AntiVirus's Scan & Deliver system on May 28, 1999 from France.