> Do prace nam prisel mail s PRETTY PARKem a nejakej chytrak ho > otevrel. Ted se nastehoval do windows a nevim, jak ho odstrelit. > AVG 6 to nezvladne. Porad mi prosim ! Ahoj, myslim ze F-Secure to umi, kratky popis pripojuji, podrobnosti jsou na http://www.europe.datafellows.com/v-descs/prettyp.htm While installing to system the worm copies itself to \Windows\System\ directory as FILES32.VXD file and then modifies the Registry to be run each time any EXE file starts when Windows is active. The worm does this by creating a new key in the HKEY_CLASSES_ROOT. The key name is exefile\shell\open\command and it is associated with the worm file (FILES32.VXD file that was created in the Windows system folder). If the FILES32.VXD file is deleted and Registry is not corrected no EXE file will ever be started in Windows further on. In case of error during installing the worm activates the SSPIPES.SCR screen saver (3D Pipes). If this file is missing, the worm tries to activate 'Canalisation3D.SCR' screen saver. Zdar KAB
This archive was generated by hypermail 2.1.2 : 03. 09. 2001, 22:22 CEST