| Name: | PrettyPark |
| Aliases: | CHV, W32/PrettyPark, Trojan .PSW.CHV, I-Worm.PrettyPark,PrettyPark II, Southpark Trojan, W32/Pretty.worm.unp, |
| Ports: | |
| Files: | Pretty.zip - 31,087 bytes PrettyPark.exe - 37,376 bytes PrettyPark.exe - 60,928 bytes Prettyorg.exe - Files32.vxd - .dl - - 17,081 bytes - 17,576 bytes - 36,431 bytes - 36,656 bytes - 36,701 bytes - 37,376 bytes - 51,433 bytes - 60,163 bytes - 60,298 bytes - 60,568 bytes - 60,748 bytes - 60 ,928 bytes |
| Created: | May 1999 |
| Requires: | |
| Actions: | Remote Access / Steals passwords / Worm / IRC trojan / Mail trojan |
| Alters Win.ini and System.ini. Partial trojan, partial worm.Spreads through IRC and email. Itīs hidden in a screen saver. Said to be aclone of Happy99. Tries to spread itself to all addresses in Outlook every30 minutes. | |
| Versions: | 1, 2, A, B, C, D, E, F, G, H, I, J, K, L, M, N, O, |
| Registers: | HKEY_CLASSES_ROOT\exefile\shell\open\command\ HKEY_LOCAL_MACHINE\exefile\CLASSES\exefile\shell\open\command\ HKEY_LOCAL_MACHIN E\Software\Classes\exefile\shell\open\command\ HKEY_LOCAL_MACHINE\SOFTWARE\Micro soft\Windows\CurrentVersion\RunServices\ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\W indows\CurrentVersion\Run\ HKEY_CLASSES_ROOT\ |
| Notes: | Works on Windows 3.1, 95, 98 and NT, together with MS Outlook andmIRC. |
| Country: | written in France |
| Program: | Written in Delphi. |