Welcome to the Virus Encyclopedia of Panda Security.
It deletes key files that Windows needs to work correctly, hides the C: drive, disables the Taskbar and certain options in theStart menu. It spreads via email or through the P2P program KaZaA.
|Detection updated on:||April 27, 2009|
Gruel.F is a worm that deletes many key files of the Windows system directory. Additionally, it opens several windows in the Control Panel, opens and closes the CD-ROM tray, disables the Taskbar, displays messages on screen, etc.
Gruel.F uses two different means to spread:
- Via email in a message with an attached file called PROTECT_REMOVE_TOOL.EXE.
- Through the peer-to-peer file sharing program (P2P) KaZaA. Gruel.F copies itself in the shared directory under the name MATRIX RELOADED 2 AVI.EXE.
Gruel.F is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.
However, when Gruel.F spreads via email, it reaches the computer in a message with the attached file called PROTECT_REMOVE_TOOL.EXE.
When Gruel.F is run, it displays the following message on screen, which is a fake Windows error message:
In order to consult the routine followed by Gruel.F, click here.