Groovie

Classification

Malware

-

-

Groovie, Groov

Summary

This Word macro virus creates an infected file called DATA.DOC to the Word startup directory. While infecting files, it creates a temporary file called C:\GROOVIE.SYS and imports the code of the virus from it.

WM/Groovie is able to spread under the Word 97 SR-1 update, but it is not the first virus to be able to do this.

Removal

Automatic action

Based on the settings of your F-Secure security product, it will either move the file to the quarantine where it cannot spread or cause harm, or remove it.

Find out more

Knowledge Base

Find the latest advice in our Community Knowledge Base.

User Guide

See the user guide for your product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details

Groovie activates by displaying a message box with these texts:

ALT-F11 says
 It's GROOVIE

The virus also attempts to set the hard drive volume label to "groovie" and create a configuration information file with IPCONFIG and send the file to a ftp site over the internet.

After disinfecting the WM/Groovie virus, the hard drive volume label has to be restored manually back to original. Also, the temporary C:\GROOVIE.SYS file is not removed and has to be deleted manually. Do notice that GROOVIE.SYS is not infected and can not spread - it is just a temporary file used by the virus.

Date Created: -

Date Last Modified: -