A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z | Encyclopedia Home
P letter viruses. Scroll down the page to view or choose from the names below:
PenPal |
Perrin | PKZIP300 | PrettyPark | Pro-Linux
PenPal
Perrin
PKZIP300
PrettyPark
Pro-Linux
If you are unable to find a description for a particular virus, please contact me or post a message in the forum.
Type: Hoax
This is a hoax. Consult the Hoax Encyclopedia for information on this and other virus hoaxes.
Type: Hoax
This is a hoax. Consult the Hoax Encyclopedia for information on this and other virus hoaxes.
Type: Hoax
This is a hoax. Consult the Hoax Encyclopedia for information on this and other virus hoaxes.
Aliases:
Type: Email worm, backdoor access Trojan, and password-stealing Trojan
Systems Affected: Windows 32-bit systems
Payload: Improper removal can lead to executables not being able to launch. Remote access Trojan leaves system vulnerable. Password-stealing Trojan can lead to security compromise.
ITW: Yes
Origin: Central Europe
Description: Spread via email as an attched file named PrettyPark.exe. The file will have the icon of a South Park cartoon character. If executed, the worm first installs itself to the Windows\System directory as FILES32.VXD and then sends a copy of itself to all addresses listed in the Outlook/Outlook Express address book. It also sends passwords and system information via IRC. PrettyPark modifies the registry to allow it to run each time any .EXE file is run. Thus, if the worm (FILES32.VXD) is deleted without correcting the registry entry, other .EXE files on the system will no longer run.
While installing to system the worm copies itself to \Windows\System\ directory as FILES32.VXD file and then modifies the Registry to be run each time any EXE file starts when Windows is active. The worm does this by modifying an EXE file startup command key in the . The key name is and it is associated with the worm file (FILES32.VXD file that was created in the Windows system folder). If the FILES32.VXD file is deleted and Registry is not corrected, the EXE files would not start any more.
What to look for: Check the registry key HKEY_CLASSES_ROOT\exefile\shell\open\command and look for the value FILES32.VXD. Also, check the Windows\System directory for the filename FILES32.VXD
How to prevent it: Do not open attachments received unexpectedly even if from known senders. Most email worms take advantage of the infected user's address book, and thus email worms are most likely to be received from a known source.
Aliases: Troj_Shockwave, Creative
Type: Email worm and Trojan
Systems Affected: Windows 32-bit systems
Payload: Renames .JPG and .ZIP files, then moves them to the root of the local drive (C:\).
ITW: Yes
Origin:
Description: Spread via email as an attched file named CREATIVE.exe. The body of the email reads:
“Check out this new flash movie that I downloaded just now ... It’s Great
Pro-Linux then drops a text file, MESSAGEFORU.TXT, which reads as follows:
Bye”
“Hi, guess you have got the message. I have kept a list of files that I have infected under this. If you are smart enough just reverse back the process. i could have done far better damage, i could have even completely wiped your harddisk. Remember this is a warning & get it sound and clear... - The Penguin.”
Pro-Linux then mass mails itself to all the recipients in the infected user's address book, after which it sends an email to the presumed author, with the subject: "Job complete". The message body of that email reads, "Got yet another idiot.”
What to look for: Search for MESSAGEFORU.TXT or CREATIVE.EXE
How to prevent it: Do not open attachments received unexpectedly even if from known senders. Most email worms take advantage of the infected user's address book, and thus email worms are most likely to be received from a known source.
