Re: Win. 95 Problem--FILES32.VXD Missing???--

Re: Win. 95 Problem--FILES32.VXD Missing???--

[ Follow Ups ] [ Post Followups ] [ FAQ ]
[ Back to Messages ]

Posted by daniel on July 11, 2001 at 22:47:36:

In Reply to: Re: Win. 95 Problem--FILES32.VXD Missing???-- posted by Sandie on July 16, 2000 at 16:37:07:

You r a twonk !!!- files32.vxd is caused by the following virus - readon

How to remove Pretty Park.exe

After detecting Pretty Park there are several ways to remove it. You can do this manually,
automatically (using anti-virus software), or with a combination of the two. Bear in mind that
once your system has been cleansed, you will need a good anti-virus program to protect
yourself from further mischief (once bitten twice shy after all). This being the case using an
automatic or semi automatic method makes most sense. So which anti-virus software do
you opt for?

I originally used Dr Solomon's Anti-Virus package to clean my system when it was infected
by Pretty Park. I know, I should have been using a virus package in the first place but you
always think it's never going to happen to you don't you? Anyway, after everything was
back to normal I found that my computer was far slower than it had been prior to the Pretty
Park infection. At first I put this down to the infection itself but after a few days discovered
that is was the anti-virus package that was causing the problem. The way it 'guards' the
system for virus activity creates a significant delay in your system.

I solved the problem by installing McAfee Clinic. This is a web based Anti-Virus System,
which I installed after reading the very favourable reviews. You can scan your system to
find and eliminate viruses. Install the ActiveShield program to ensure instant protection
from further viruses and also create a rescue disk to protect from Boot Sector viruses. As
you do all this from a simple online menu just by logging in it means that you can protect
any computer you use regardless of where it is. Also as it's 'online' the virus database is
always up to date and what's more it doesn't seem to affect the speed of my computers (I
use it on my laptop as well).

It's cheaper than other systems too at only $30 per year as it is a single cost solution
compared with buying a hard disk based program and then having to fork out for updates
on a regular basis.

You can get a free trial from McAfee and use it to find and remove the Pretty Park virus.

However removing the virus itself is not all that will need to be done. The problem is that
Pretty Park.exe makes some major changes deep within your system registry. You
therefore need to remove these elements as well.

The following method is taken from the McAfee web site and has proved most effective in
removing the 'tentacles' that Pretty Park so effectively threads throughout your operating
system. This information together with a good Anti-Virus program such as Virus Clinic
should be all you need to get your system back on it's feet again.

Removal Instructions

Removal of this Trojan is complicated by the depth to which it hooks into the operating

One trick that AVERT has discovered is to rename the registry editing programs from their
original .EXE to a .COM extension. This will by pass the limitations created by removing
the trojan prior to editing the registry. For example, in Windows 95/98, the registry can be
loaded and edited using the program named REGEDIT.EXE while in Windows NT, you
use REGEDT32.EXE. Rename these to a .COM extension and they will still execute and
allow you remove references of trojans and Internet worms.

1) Identify and note the files associated with this trojan as detected by the scanner - do not
remove the trojan at this time. If you have already removed the trojan, you will not be able to
run REGEDIT steps below on the affected system. Proceed instead to step 11 listed

2) Open an MS-DOS prompt via the menu or click on START|RUN and type COMMAND
and then press enter.

3) Start Regedit in Windows 95/98 by typing REGEDIT or in Windows NT type
REGEDT32 and press enter.

4) Remove references to the trojan from these keys of the registry
They should contain only the following values "%1" %*

5) If applicable, remove any keys that run the main trojan under


6) If applicable, delete the registry key if it exists HKEY_CLASSES_ROOT\.dl
and exit Regedit.

7) If applicable, edit WIN.INI and remove the reference to the trojan from the run= line in the
[windows] section.

8) If applicable, edit SYSTEM.INI and remove the reference to the trojan from the shell=
line in the [boot] section. It should just contain the file EXPLORER.EXE.

9) Restart the system.

10) Delete the trojan program(s). If all is well the files should be deleted OK. If you get an
error message saying that windows is unable to delete the file because it is in use, then
you have made an error in the above procedure. Repeat steps 1 to 9 and try again.

11) In the event that the trojan was deleted before making the registry changes, it is still
possible to repair the registry. You will need access to another computer, or at a minimum,
access to MS-DOS on the affected system. Using MS-DOS edit, create a file called

UNDO.REG with the following content (you can cut and paste):

@="\"%1\" %*"
@="\"%1\" %*"

12) Save this file to the Windows folder of the affected system as the file "UNDO.REG".

13) Click on START|RUN and type in UNDO.REG and press ENTER. The contents of
UNDO.REG should be now imported to the registry.
: : Rob..
: : Go to run on your start-bar- type SFC
: : This will run a program on win 95 called system file checker.You need to put yr win95 CD in yr CD Rom drive
: : Then type name of missing file,
: : Ok
: : Do this as many times as you need to replace your files
: : from
: : Sandie
: : x0x

Follow Ups:

Post a Followup

Please note:
  • Messages must be on the topic of this forum!
  • No posting of requests for cracks, codes, serials, or warez!
  • No posting of illegal software or links to such sites!
  • No use of profanity or inappropriate or offensive language!
  • Spamming is not allowed!
  • We track the IP addresses of forum abusers!
  • Abuse of this forum will be reported to your ISP!
E-Mail (optional):
please note: your e-mail address will be visible in your message.



Optional Link URL:
Link Title:
Optional Image URL: