W32/PrettyPark.37376
Analysis
- Virus is 32bit with a WWPack32 compressed size
of 37,376 bytes
- Virus icon resembles a character from an adult
cartoon "South Park"
- Virus will copy itself as Files32.vxd to the Windows\System
folder
- Virus may modify the registry to run any time an
EXE file is run, as in this
example -HKEY_CLASSES_ROOT\exefile\shell\open\command
(Default) = Files32.vxd "undefined1" undefined* -
Next, the virus will periodically scavenge the address book in Outlook and attempt to email itself to all contacts found - email will be in this format -
Subject: C:\CoolProgs\Pretty Park.exe
Attachment: "Pretty Park.exe" -
Virus may also attempt to connect to the IRC network and connect with a specific channel, then data to that channel - this is probably in an effort to convey to the author of the virus that a system has become infected with the virus