This Word macro virus creates an infected file called DATA.DOC to the Word startup directory. While infecting files, it creates a temporary file called C:\GROOVIE.SYS and imports the code of the virus from it.
WM/Groovie is able to spread under the Word 97 SR-1 update, but it is not the first virus to be able to do this.
Based on the settings of your F-Secure security product, it will either move the file to the quarantine where it cannot spread or cause harm, or remove it.
Groovie activates by displaying a message box with these texts:
ALT-F11 says It's GROOVIE
The virus also attempts to set the hard drive volume label to "groovie" and create a configuration information file with IPCONFIG and send the file to a ftp site over the internet.
After disinfecting the WM/Groovie virus, the hard drive volume label has to be restored manually back to original. Also, the temporary C:\GROOVIE.SYS file is not removed and has to be deleted manually. Do notice that GROOVIE.SYS is not infected and can not spread - it is just a temporary file used by the virus.
Date Created: -
Date Last Modified: -