x
48h OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
SPECIAL OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
HALLOWEEN OFFER
take advantage of our
terrific discounts
BUY NOW AND GET A 50% OFF
x
CHRISTMAS OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 40% OFF
x
SPECIAL OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 50% OFF
x
BLACKFRIDAY OFFER
Buy the best antivirus
at the best price
TODAY ONLY UP TO 70% OFF
x
CYBERMONDAY OFFER
Buy the best antivirus
at the best price
(Only for homeusers)
TODAY ONLY UP TO 70% OFF
Active Scan. Scan your PC free
Panda Protection

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Gruel.F

Threat LevelHigh threatDamageSevereDistributionNot widespread
Common name:Gruel.F
Technical name:W32/Gruel.F
Threat level:Medium
Type:Worm
Effects:  

It deletes key files that Windows needs to work correctly, hides the C: drive, disables the Taskbar and certain options in theStart menu. It spreads via email or through the P2P program KaZaA.

Affected platforms:

Windows XP/2000/NT/ME/98/95

Detection updated on:April 27, 2009
StatisticsNo

Brief Description 

    

Gruel.F is a worm that deletes many key files of the Windows system directory. Additionally, it opens several windows in the Control Panel, opens and closes the CD-ROM tray, disables the Taskbar, displays messages on screen, etc.

Gruel.F uses two different means to spread:

  • Via email in a message with an attached file called PROTECT_REMOVE_TOOL.EXE.
  • Through the peer-to-peer file sharing program (P2P) KaZaA. Gruel.F copies itself in the shared directory under the name MATRIX RELOADED 2 AVI.EXE.

Visible Symptoms 

    

Gruel.F is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.

However, when Gruel.F spreads via email, it reaches the computer in a message with the attached file called PROTECT_REMOVE_TOOL.EXE.

When Gruel.F is run, it displays the following message on screen, which is a fake Windows error message:

In order to consult the routine followed by Gruel.F, click here.