Author Topic: Gruel.B (W32/Gruel.B)  (Read 2918 times)

0 Members and 1 Guest are viewing this topic.

Offline Waldo

  • Sr. Member
  • ****
  • Posts: 397
  • Avast does the ownage
Gruel.B (W32/Gruel.B)
« on: July 22, 2003, 11:37:02 PM »
Does avast protect & decect from this Highly dangerous new worm ?

Gruel.B (W32/Gruel.B)


The attached file, which actually contains the malicious code, is called: "Symantec_Norton_Tool.exe".

This worm can also spread via the KaZaA file sharing application. To do so, Gruel.B copies itself as Windows XP KeyGen 2.5.exe. to shared directories used by the program.

If the file containing Gruel.B is run, a false Windows error message is displayed, with the options "Send error" and "Send and close". If you click on the latter Gruel.B sends itself to all contacts in the Address Book and displays a new error screen, which will reappear every time users try to close it.

If you click on "Send and close", the worm opens several Control Panel windows as well as the CD-Rom tray and displays a message from the virus author.

The worm also changes user passwords, hides the contents of the C: drive, disables the task bar and deletes numerous system files such as autoexec.bat, config.sys o command.com.

Gruel.B also generates a series of Windows Registry keys


Waldo

**Guns are for show, knifes for a pro**

Offline Pavel

  • Massive Poster
  • ****
  • Posts: 4305
  • Nostalgia isn't what it used to be...
    • ALWIL Software
Re:Gruel.B (W32/Gruel.B)
« Reply #1 on: July 23, 2003, 04:59:06 AM »
Yes - it does, if updated at least during last week - actually you can find all Gruel variants in the list of known viruses...

Pavel
All of us could take a lesson from the weather. It pays no attention to criticism.