W32/Gruel-A, W32/[email protected]
, Win32.Gruel, WORM_GRUEL, [email protected]
WORM_GRUEL.A, WORM_GRUEL.B, WORM_GRUEL.C, WORM_GRUEL.D, WORM_GRUEL.E
Category: Computer Worm
Active & Spreading
Asia, Europe, North and South America
13 Jul 2003
This malware makes use of the email messaging service as well as the file sharing networks on the Internet as transport mechanisms for the spread of its codes. The [email protected]
sends email messages to unsuspecting computer users convincing them to install an attachment which is supposedly a removal tool for this malware. According to some antivirus vendors however, no such tool currently exists that is specific to this threat.
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean [email protected]
from your computer.
A computer system experiencing infection from the [email protected]
malware will be experience missing critical batch, executable, and command files among others from the hard drive. The files which are attempted to be deleted by this malware normally are part of the monitoring tools of the operating system. After the successful deletion of the targeted files the [email protected]
will proceed by creating its own executable file as well as dropping of a spiked executable file in the shared folder of the Peer to Peer file sharing application. This file will be presented by the malware as a type of key generator application for a variant of the Windows Operating System platform. It also modifies relevant key values in the Windows Registry.
The [email protected]
will display a fake message alerting of a bogus error on the operating system. A new window will be displayed asking the computer user to send the details to the developer. Upon clicking on the send button the routine will enter into a continous loop. The [email protected]
will then open multiple Control Panel windows and eject the optical media drive of the infected machine. The System Tray, Task Bar, and the icon for the main hard drive will be hidden by this malware. A message from the author of the [email protected]
will also be displayed on screen.