Welcome to the Virus Encyclopedia of Panda Security.
It deletes key files that Windows needs to work correctly, hides the C: drive, disables the Taskbar and certain options in the Start menu. It spreads via email or through the P2P program KaZaA.
|Detection updated on:||April 27, 2009|
Gruel.E is a worm that deletes many key files of the Windows system directory. Additionally, it opens several windows in the Control Panel, opens and closes the CD-ROM tray, disables the Taskbar, hides the C: drive, displays messages on screen, etc.
Gruel.E uses two different means to spread:
- Via email in a message with the attached file OFFICEXPTRIAL.EXE.
- Through the peer-to-peer file sharing program (P2P) KaZaA. Gruel.E copies itself in the shared directory under the name MATRIX RELOADED 2 AVI.EXE.
Gruel.E is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.
However, when #nombrevirus # spreads via email, it reaches the computer in a message with the attached file OFFICEXPTRIAL.EXE.
When Gruel.E is run, it displays the following message on screen, which is a fake Windows error message:
In order to consult the routine followed by Gruel.E, click here.