1. Symantec/
  2. Security Response/
  3. W32.Gruel@mm


Risk Level 2: Low

July 13, 2003
February 13, 2007 12:03:46 PM
Also Known As:
W32/Gruel-A [Sophos], W32/Fakerr@MM [McAfee], Win32.Gruel [CA]
Systems Affected:

W32.Gruel@mm is a worm that spreads by email and file-sharing networks. Its payload includes changing user passwords, hiding drive C, and making numerous changes to the system registry.

The email has the following characteristics:
Subject: Microsoft Windows Critical Update.
Attachment: Windows Critical Update 088562.exe
Subject: Symantec: New serious virus found
Attachment: Symantec_Norton_Tool.exe
Subject: Microsoft Windows Critical Update
Attachment: AntiVirus_Patch.exe

Symantec Security Response has received reports that email messages, which falsely claim to have been sent by Symantec, have been sent to numerous email addresses.

These messages may contain an attached file that the message claims is a removal tool for W32.Gruel@mm. There is currently no such tool, and the message is not from Symantec. Symantec never sends unsolicited removal tools by email.

If you receive this or a similar message, delete the message without opening the attached file.

The text of the false message is:

From: "Symantec Corporation"<security@symantec.com>
Subject: Symantec: New Serious Virus found.

Norton Security Response, has detected a new virus in the Internet. For this reason we
made this tool attachement, to protect your computer from this serious virus. Due to the number of submissions
received from customers, Symantec Security Response has upgraded this threat to a Category
5 (Maximum ).

Prevention, using the W32.Gruel@mm Tool:
To prevent or remove W32.W32.Gruel@mm , apply this attachment tool as quickly as possible. This is the easiest way to
remove/prevent this threat.

Technical Details:
Also Known As: W32.Gruel@mm , W32.KillerGuate
Type: Virus
Infection Length: 45,195 bytes (zip file), 45,528 bytes (executable) (45KB approx)
Systems Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me, Windows 2003
Systems Not Affected: Macintosh, OS/2, UNIX, Linux

Additional information:
Security Response has received many submissions of corrupted W32.W32.Gruel@mm . A specific detection for this type of

infected file has been added as W32.W32.Gruel@mm . This detection is available in virus definitions dated June 12
2003. Be sure to delete the files detected as W32.W32.Gruel@mm .

Note: If you believe your computer may already be infected or just want to protect it agains W32.W32.Gruel@mm , please
download this tool now.

Symantec Corporation.
Last Updated on: July 13, 2003 04:55:35 PM

Antivirus Protection Dates

  • Initial Rapid Release version July 14, 2003
  • Latest Rapid Release version August 5, 2017 revision 019
  • Initial Daily Certified version July 14, 2003
  • Latest Daily Certified version August 6, 2017 revision 001
  • Initial Weekly Certified release date July 16, 2003
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Maryl Magee

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube