Here is the Pretty park Virus antidote. I know that there were a couple
of you guys in my address book, and once again I apologize for this
being sent to you. I hope you got my warning in time and didn't open it.
- Ian
>Manual Removal of W32/Pretty.Worm
>
>
>Creation of the REGEDIT.SCR File
>1. Click on the Start button. Highlight Programs, then click on MS-DOS
>Prompt.
>2. At the C:\WINDOWS> prompt type the following:
> copy regedit.exe regedit.scr <then press ENTER on the keyboard>
> exit <then press ENTER on the keyboard>
>
>
>Backup the Registry
>IMPORTANT: Before beginning to manually remove W32/Pretty.Worm from your
>computer make sure to backup the Registry. This will safeguard your
Windows
>installation. You can recover your Windows configuration by restoring the
>backup if an error occurs during the removal process.
>1. Click on Start. The Start menu will appear.
>2. Click on Run.
>3. Type REGEDIT.SCR in the Open field.
>4. Click the OK button. The Registry Editor window will appear.
>5. Click on the Registry pull-down menu.
>6. Click on Export Registry File.
>7. In the File Name field type "backup" (without the quotation marks).
>8. In the Save In field be sure that the desktop is selected (if it is not,
>click on the pull down menu and select "Desktop").
>9. Select "All" in the Export Range group box.
>10. Click on the Save button. The registry will then be saved.
>11. Click the X in the top right corner to close the Registry Editor.
>You now have a backup of your Registry saved as "backup" on your desktop.
>NOTE: If you need to restore the Registry you can double click on the
>"backup" file located on the desktop. Once these instructions are complete
>and everything is running properly you may delete this backup file by
>right-clicking on it then left-clicking on Delete from the pop-up menu that
>appears.
>
>
>Edit the Registry
>1. Click on the Start button. The Start menu will appear.
>2. Click on Run.
>3. Type REGEDIT.SCR in the Open field.
>4. Click the OK button. The Registry Editor window will appear.
>5. Click on the plus (+) sign next to HKEY_LOCAL_MACHINE.
>6. Click on the plus (+) sign next to SOFTWARE.
>7. Click on the plus (+) sign next to Classes.
>8. Click on the plus (+) sign next to exefile.
>9. Click on the plus (+) sign next to shell.
>10. Click on the plus (+) sign next to open.
>11. Highlight the folder named command.
>12. Double-click on the word "default" on the right side of the screen.
>13. Delete the "Files32.VXD" text that is found in the Value Data field.
>14. Now type the following into the Value Data field exactly as it appears
>(after the colon):"%1" %*
>15. Click the OK button then close the registry editor.
>16. Restart the computer.
>
>
>Deleting Pretty Park Files
>1. Click on the Start button.
>2. Highlight Find then click on Files or Folders.
>3. In the Named field type FILES32.VXD
>4. In the Look In field make sure the C: drive is selected then click the
>Find Now button.
>5. The computer will then search for the file named FILES32.VXD. When it
>finds it the file name will be displayed at the bottom of the dialog box.
>6. If the file is found right-click on the icon that appears to the left of
>the file name. A pop-up menu will appear. Now left click on Delete.
>Answer YES to any questions about placing this file in the recycle bin.
>7. Now delete the FILES32.VXD text that was typed in the Named field and
>type PRETTYPARK in its place.
>8. Click on the Find Now button.
>9. The computer will then search for any files named PRETTYPARK. When it
>finds it the file name will be displayed at the bottom of the dialog box.
>10. If the file is found right-click on the icon that appears to the left
of
>the file name. A pop-up menu will appear. Now left click on Delete.
>Answer YES to any questions about placing this file in the recycle bin.
>11. Click the X in the top right corner to close the Find dialog box.
>
>You are now clean from W32/Pretty.Worm
-- Ian Spencer <www.sunbeamalpine.org> '61 Harrington Alpine B9104782 OD HRO '62 Harrington Le Mans BH9115930 OD LRX
This archive was generated by hypermail 2b30 : Tue Sep 05 2000 - 08:45:26 CDT