-------------------------------------------------------------------
Gruel.B (W32/Gruel.B)
The attached file, which actually contains the malicious code, is called: "Symantec_Norton_Tool.exe".
This worm can also spread via the KaZaA file sharing application. To do so, Gruel.B copies itself as Windows XP KeyGen 2.5.exe. to shared directories used by the program.
If the file containing Gruel.B is run, a false Windows error message is displayed, with the options "Send error" and "Send and close". If you click on the latter Gruel.B sends itself to all contacts in the Address Book and displays a new error screen, which will reappear every time users try to close it.
If you click on "Send and close", the worm opens several Control Panel windows as well as the CD-Rom tray and displays a message from the virus author.
The worm also changes user passwords, hides the contents of the C: drive, disables the task bar and deletes numerous system files such as autoexec.bat, config.sys o command.com.
Gruel.B also generates a series of Windows Registry keys
-------------------------------------------------------------------
So far several variants of this virus are spotted...so Norton users beware!
Gruel.B (W32/Gruel.B)
The attached file, which actually contains the malicious code, is called: "Symantec_Norton_Tool.exe".
This worm can also spread via the KaZaA file sharing application. To do so, Gruel.B copies itself as Windows XP KeyGen 2.5.exe. to shared directories used by the program.
If the file containing Gruel.B is run, a false Windows error message is displayed, with the options "Send error" and "Send and close". If you click on the latter Gruel.B sends itself to all contacts in the Address Book and displays a new error screen, which will reappear every time users try to close it.
If you click on "Send and close", the worm opens several Control Panel windows as well as the CD-Rom tray and displays a message from the virus author.
The worm also changes user passwords, hides the contents of the C: drive, disables the task bar and deletes numerous system files such as autoexec.bat, config.sys o command.com.
Gruel.B also generates a series of Windows Registry keys
-------------------------------------------------------------------
So far several variants of this virus are spotted...so Norton users beware!