How To Remove Pretty Park Worm

How To Remove Pretty Park Worm

pretty worm

A pretty worm at the park :D

This worm is not pretty as it's sounded. This is a email worm like Happy99.exe. Pretty Park Worm is also known as prettypark.exe, files32.exe, or prettyorg.exe. The Windows system can get easily affected to this worm. Once pretty park is up and running it will try to automatically email itself every 30 minutes after it is loaded to every email addresses in your address book.

This not so pretty worm will also try to connect to an IRC server and will join a specific channel. To make itself connected and also to retrieve any IRC commands, it tries to sends information every 30 seconds. This is very dangerous because the author can get a hand and access to any information that includes computer name, product name, product identifier, product key, registered owner, registered organization, system root path, version, version number, ICQ identification numbers, ICQ nicknames, victim's email address, and username and passwords. In addition, being connected to IRC opens a security hole in which the client can potentially be used to receive and execute files.

When Pretty Park is executed it creates a file called files32.vxd in the C:\Windows\System directory and modifies the following registry key located at
_________________________________________________________________________________
HKEY_LOCAL_MACHINE\Software\Classes\exefile\shell\open\command
_________________________________________________________________________________
from "%1" %*
_________________________________________________________________________________
to
_________________________________________________________________________________
files32.vxd "%1" %*
_________________________________________________________________________________
A new variant of the Pretty Park Worm also creates a similar change to the following registry key.
_________________________________________________________________________________
HKEY_CLASSES_ROOT\exefile\shell\open\command
_________________________________________________________________________________
Below is the steps on how you can manually remove this worm. The procedure below requires registry modification, I highly suggest that you make a backup of your registry before your proceed.

1. Click Start --> Run.
2. Type REGEDIT, then click OK.
3. Modify the following Registry value:
_________________________________________________________________________________
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command
_________________________________________________________________________________
and change
_________________________________________________________________________________
files32.vxd "%1" %*
_________________________________________________________________________________
to
_________________________________________________________________________________
"%1" %*
_________________________________________________________________________________
4. Repeat the above step for the following Registry Key
_________________________________________________________________________________
HKEY_CLASSES_ROOT\exefile\shell\open\command
_________________________________________________________________________________
5. Find and Delete the PrettyPark.exe file.

6. Restart your computer.

7. Find and delete Files32.vxd located c:\Windows\System\Files32.vxd.

Want a more easier way to remove this worm? Download the pretty park remover below


Download the file Here:/?mdz4tzez2wy