PrettyPark is a worm that propagates by sending its copies through the Internet by
    means of the electronic mail system. The worm usually arrives in one's mailbox as an
    attachment to the message with the following Subject:

    C:\CoolProqs\Pretty Park. exe The attached program - Prettypark.exe uses the icon
    picturing one of the characters from the South Park movie. When a user runs the
    attached file, PrettyPark copies itself to the Windows System directory under the name
    FILES32.VXD. Next the worm modifies the registry key:

    HKEY_CLASSES_ROOT\exefile\shell\open\command changing it to FILES32.VXD
    "%1" %*. When PrettyPark park is executed, a user may see the screensaver activated
    (from files: sspipes.scr or canalisation3d.scr). Every half an hour the worm will try to
    send itself (as an email attachment) to Internet addresses listed in the user's Windows
    Address Book. Much more often - every half a minute, PrettyPark will try to connect to
    selected IRC channels. It appears that the use of the IRC channels is intended to inform
    the author (of the worm) of another sucessful installation. Through the use of IRC,
    PrettyPark can potentially transfer a lot of sensitive data from an affected system to the
    outside world.

    The manual removal of the worm from an infected system is relatively easy. After
    deleting of the original Prettypark.exe attachment, a user should modify the registry key
    HKEY_CLASSES_ROOT\exefile\shell\open\command back to "%1" %* or you
    can delete HKEY_LOCAL_MACHINE\Software\Classes\exefile\shell\open\comman.
    Then the file FILES32.VXD must be deleted and the machine re-started.