mgs
[Top] [All Lists]

Re: BEWARE of MY transmitted virus, DAMMIT !!!

To: "Barney Gaylord" <barneymg@ntsource.com>, "MG List" <mgs@autox.team.net>
Subject: Re: BEWARE of MY transmitted virus, DAMMIT !!!
From: Larry Macy <macy@bblmail.psycha.upenn.edu>
Date: Thu, 3 Feb 2000 10:59:08 -0500
FYI Here is a description of this little bastard of a virus.

http://www.datafellows.com/v-descs/prettyp.htm

Larry

BTW Barney - you really should get a computer condom - the one we use is 
VirusScan after evaluting most of the commercial ones. 

At this exact moment in time 2/3/00 3:42 AM, barneymg@ntsource.com made 
the profound statement:

>Dear listers,
>
>There is a real and verified virus that IS (or was) emminating from my
>computer.  I appologize in the most profound way if I and/or my computer
>have caused you any problem(s).  My old computer had sufferd a crash from
>multiple hardware contusions, and I have just purchased a new computer,
>right out of the box up and running for only a few days.  In the process of
>setup and configuration I did a tape data restore from the old system onto
>the new system, so I do not know if this virus is old or new.  The system
>is a Systemax SYS-PJM-C400NM with a Intel Celeron 400 PPGA CPU (Pentium-II
>processor).
>
>This virus comes in the form of an executable program file called <Pretty
>Park.exe> or possibly <prettypa.exe>, and it has been found attached to a
>couple of test e-mail messages from my address of origin addressed to at
>least two of my acquaintances from the mgs list.  Those would be the ones
>reporting back to me, but I have no idea how many more of you may have
>received similar messages.  The respondents reported that their equpment
>identified this attachment as a virus.  I had no knowledge that these
>messages had been sent from my machine, and there is no residual record of
>these messages anywhere on my machine.  And it gets worse.  PLEASE DO NOT
>RUN THIS PROGRAM.
>
>I was doing a general data house cleaning on my new computer when I ran
>across a cute little icon (don't recall which folder it was in), a
>cheerfully colored smiley face on a diamond background if I recall
>correctly, with the title PRETTYPA underneath.  Wondering what this was on
>my new computer, I casually poked the icon to see what it would do.  There
>was a short blip for a second or so, and then back to normal like nothing
>had happened, so I deleted the program icon and went on.  PLEASE DO NOT DO
>THIS.
>
>Only a little while later I noticed my machine trying to dial out to
>connect to my local ISP for no known reason, and when I tried CANCEL it
>didn't work, and when I tried to close the application (the dialer) it
>didn't work, and when I hit the power button on the cabinet it didn't shut
>down either.  The dialer showed data being transmitted in a continuous
>stream, so I finally killed the line power from the wall socket (UPS in
>this case).  I have no idea how much unaccounted for data escaped in the
>interrim, but I presume that this was when the virus escaped from my
>machine into the internet.  And it still gets worse.  Please, please,
>PLEASE do not run this program.
> 
>Upon rebooting my machine it went through the normal ScanDisk routine that
>Windows_98 performs after an abnormal shutdown, with no reported problems.
>Shortly thereafter I noticed the dialer come up again, so I immediately
>disabled automatic dialing.  Even with no applications running, opened, or
>even minimized, it was still trying to dial out.  Checking in the Startup
>program folder I was horrified to find several hunderd items, many of them
>multiple sequentially numbered copies of of the application programs
>showing on the desktop.  With due dilligence I managed to delete everything
>from the Startup folder and reboot the machine, and still it was trying to
>dial out.  YIKES!
>
>I have since deleted all folders and contents under the folders for
>Programs, Favorites and Documents, and this seems to have stopped the
>problem at the moment, but I'm still not sure.  At the very least there is
>now no file anywhere on my hard drive with the name pretty*.* anything (no
>derivative of the word PRETTY).  So now I think I get to restore the
>original operating system from the CD-ROM, as I have severely decimated and
>deneutered my machine in the fury of the moment.
>
>One thing that does remain, but shall be promptly deleted, is a failed task
>in MS Outlook Express labeled "Check for new messages on 'ntsource....",
>with ntsource being my local ISP.  This appearantly causes Outlook Express
>to call up the dialer to attempt to complete the unfinished task, even
>though MSOE is not called up to run and not on the task bar, looking like
>it would always try to do this in the background no matter what.  There was
>a period of about 48 hours when I was using MSOE for reading mail, as it
>was the default mailer on the new machine.  I have installed Eudora Light
>(downloaded new copy for Win-98 from tucows.com) to use as my mail
>application (long tradition), and will not be using MSOE for mail.
>
>This is the first time in 20 or more years of computering I have ever
>experienced a virus on my own equipment, and I would be very happy never to
>see it again.  If anyone has any knowledge of this particular virus or its
>consequences or treatment, may they speak now on behalf of the entire mgs
>list and anyone else who may have been involved with the transmission.
>Once again, I am very sorry for any inconvenience I may have caused.  I
>stand here naked in your presence (perish the thought) ready to be stoned
>if it would help in any way.
>
>Humbly yours,
>
>Barney Gaylord
>1958 MGA with an attitude (and no connection to this incident whatsoever)
>    http://www.ntsource.com/~barneymg


Larry B. Macy, Ph.D.
macy@bblmail.psycha.upenn.edu
System Administrator/Manager
Neuropsychiatry Section
Department of Psychiatry
University of Pennsylvania
3400 Spruce St. - 1015 Gates
Philadelphia, PA 19104

 Ask a question and you're a fool for three minutes; do not ask a 
question and you're a fool for the rest of your life. 



<Prev in Thread] Current Thread [Next in Thread>