x
48h OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
HALLOWEEN OFFER
take advantage of our
terrific discounts
BUY NOW AND GET A 50% OFF
x
CHRISTMAS OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 40% OFF
x
SPECIAL OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 50% OFF
x
BLACKFRIDAY OFFER
Buy the best antivirus
at the best price
TODAY ONLY UP TO 70% OFF
x
CYBERMONDAY OFFER
Buy the best antivirus
at the best price
(Only for homeusers)
TODAY ONLY UP TO 70% OFF
Active Scan. Scan your PC free
Download Cloud Antivirus Gratis

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Encyclopedia GetVirusCard True 0

Groov.X

 
Threat LevelModerate threatDamageHighDistributionNot widespread
Common name:Groov.X
Technical name:W97M/Groov.X
Threat level:Low
Alias:,
Type:Virus
Affected platforms:

Windows 2003/XP/2000/NT/ME/98/95

Detection updated on:Nov. 13, 2002
StatisticsNo
Family:GROOV

Brief Description 

    

W97M/Groov.X is a polymorphic macro virus that infects MS Word documents. This virus modifies certain MS Word options and displays messages on screen.

Visible Symptoms 

    

Firstly, the virus disables the protection offered by MS Word when a document containing macros is opened. Then, it disables the dialog boxes that appear when the NORMAL.DOT template is saved and those that allow documents to be converted when they are opened. In addition, it also disables the Macro, Templates and add-ins options in the Tools menu and certain messages in the MS Word command bar. Using this stealth technique it tries to hide its presence from the user.

The virus tries to change the name of the C: drive to sajoo and create a file called SAJOO.SYS. Then, the virus saves a copy of the document that it infected at the start under the name DATA.DOT in the Word Startup directory. This directory is indicated in the File locations tab in Options in the Tools menu.

On infecting a document, the virus replaces the information in the Comments field in the Summary tab of the properties of the document with: "ALT-F11 says it's sajoo!" If the user tries to access the Visual Basic code of the document using the key combination Alt+F11, the virus will display the following message of screen:

"It's sajoo!"