Welcome to the Virus Encyclopedia of Panda Security.
It deletes key files that Windows needs to work correctly, hides the C: drive, disables the Taskbar and certain options in the Start menu. It spreads via email or through the P2P program KaZaA.
|Detection updated on:||April 27, 2009|
Gruel.B is a worm that deletes many key files of the Windows system directory. Additionally, it opens several windows in the Control Panel, opens and closes the CD-ROM tray, disables the Taskbar, displays messages on screen, etc.
Gruel.B uses two different means to spread:
- Via email in a message with the subject Symantec: New Serious Virus found and the attached file SYMANTEC_NORTON_TOOL.EXE.
- Through the peer-to-peer file sharing program (P2P) KaZaA. Gruel.B copies itself in the shared directory under the name WINDOWS XP KEYGEN 2.5.EXE.
Gruel.B is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.
However, when Gruel.B spreads via email, it reaches the computer in a message with the subject Symantec: New Serious Virus found and the attached file SYMANTEC_NORTON_TOOL.EXE.
When Gruel.B is run, it displays the following message on screen, which is a fake Windows error message:
In order to consult the routine followed by Gruel.B, click here.