- July 13, 2003
- February 13, 2007 12:03:46 PM
Also Known As:
- W32/Gruel-A [Sophos], W32/Fakerr@MM [McAfee], Win32.Gruel [CA]
W32.Gruel@mm is a worm that spreads by email and file-sharing networks. Its payload includes changing user passwords, hiding drive C, and making numerous changes to the system registry.
The email has the following characteristics:
Subject: Microsoft Windows Critical Update.
Attachment: Windows Critical Update 088562.exe
Subject: Symantec: New serious virus found
Subject: Microsoft Windows Critical Update
Symantec Security Response has received reports that email messages, which falsely claim to have been sent by Symantec, have been sent to numerous email addresses.
These messages may contain an attached file that the message claims is a removal tool for W32.Gruel@mm. There is currently no such tool, and the message is not from Symantec. Symantec never sends unsolicited removal tools by email.
If you receive this or a similar message, delete the message without opening the attached file.
The text of the false message is:
From: "Symantec Corporation"<firstname.lastname@example.org>
Subject: Symantec: New Serious Virus found.
Norton Security Response, has detected a new virus in the Internet. For this reason we
made this tool attachement, to protect your computer from this serious virus. Due to the number of submissions
received from customers, Symantec Security Response has upgraded this threat to a Category
5 (Maximum ).
Prevention, using the W32.Gruel@mm Tool:
To prevent or remove W32.W32.Gruel@mm , apply this attachment tool as quickly as possible. This is the easiest way to
remove/prevent this threat.
Also Known As: W32.Gruel@mm , W32.KillerGuate
Infection Length: 45,195 bytes (zip file), 45,528 bytes (executable) (45KB approx)
Systems Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me, Windows 2003
Systems Not Affected: Macintosh, OS/2, UNIX, Linux
Security Response has received many submissions of corrupted W32.W32.Gruel@mm . A specific detection for this type of
infected file has been added as W32.W32.Gruel@mm . This detection is available in virus definitions dated June 12
2003. Be sure to delete the files detected as W32.W32.Gruel@mm .
Note: If you believe your computer may already be infected or just want to protect it agains W32.W32.Gruel@mm , please
download this tool now.
Last Updated on: July 13, 2003 04:55:35 PM
Antivirus Protection Dates
Initial Rapid Release version July 14, 2003
Latest Rapid Release version August 5, 2017 revision 019
Initial Daily Certified version July 14, 2003
Latest Daily Certified version August 6, 2017 revision 001
Initial Weekly Certified release date July 16, 2003
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Maryl Magee