Threat Description

Groovie

Details

Aliases:Groovie, Groov
Category: Malware
Type:
Platform: W32

Summary



This Word macro virus creates an infected file called DATA.DOC to the Word startup directory. While infecting files, it creates a temporary file called C:\GROOVIE.SYS and imports the code of the virus from it.

WM/Groovie is able to spread under the Word 97 SR-1 update, but it is not the first virus to be able to do this.



Removal


Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.

More

You may wish to refer to the Support Community for further assistance. You also may also refer to General Removal Instructions for a general guide on alternative disinfection actions.



Technical Details



Groovie activates by displaying a message box with these texts:

ALT-F11 says
  It's GROOVIE

The virus also attempts to set the hard drive volume label to "groovie" and create a configuration information file with IPCONFIG and send the file to a ftp site over the internet.

After disinfecting the WM/Groovie virus, the hard drive volume label has to be restored manually back to original. Also, the temporary C:\GROOVIE.SYS file is not removed and has to be deleted manually. Do notice that GROOVIE.SYS is not infected and can not spread - it is just a temporary file used by the virus.





Description Created: Mikko Hypponen/F-Secure


SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More