Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Waldo on July 22, 2003, 11:37:02 PM
-
Does avast protect & decect from this Highly dangerous new worm ?
Gruel.B (W32/Gruel.B)
The attached file, which actually contains the malicious code, is called: "Symantec_Norton_Tool.exe".
This worm can also spread via the KaZaA file sharing application. To do so, Gruel.B copies itself as Windows XP KeyGen 2.5.exe. to shared directories used by the program.
If the file containing Gruel.B is run, a false Windows error message is displayed, with the options "Send error" and "Send and close". If you click on the latter Gruel.B sends itself to all contacts in the Address Book and displays a new error screen, which will reappear every time users try to close it.
If you click on "Send and close", the worm opens several Control Panel windows as well as the CD-Rom tray and displays a message from the virus author.
The worm also changes user passwords, hides the contents of the C: drive, disables the task bar and deletes numerous system files such as autoexec.bat, config.sys o command.com.
Gruel.B also generates a series of Windows Registry keys
Waldo
-
Yes - it does, if updated at least during last week - actually you can find all Gruel variants in the list of known viruses...
Pavel