W32/Gruel-D

Category: Viruses and Spyware Protection available since:18 Jul 2003 00:00:00 (GMT)
Type: Win32 worm Last Updated:18 Jul 2003 00:00:00 (GMT)
Prevalence: No Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/Gruel-D is a mass mailing worm very similar to W32/Gruel-A that arrives in an email with the following characteristics:

Subject line: Microsoft Windows Critical Update
Message Text:
Critical Update: The Microsoft Windows updates found on this patch include fixes to following Windows operating systems: Any update that is critical to the operation of your computer is considered a Critical Update, and is automatically selected for installation during the scan for available updates. This patch is provided to help resolve known issues, and to protect your computer from known security vulnerabilities and all kinds of viruses. Whether a patch applies to your operating system, software programs, or hardware, it is listed in the Critical Updates category, like this patch attached. For Support please contact us at support@microsoft.com
Attached File: Rundll32.exe

On execution the worm displays a Windows XP style message box containing the text: "Windows has encountered a problem a needs to close. We are sorry for the inconvenience. If you were in the middle of something, the information you were working on might be lost. Please tell microsoft about this problem. We have created an error report thet you cand send to us. we will treat this report as confidential and anounymous. To see what data this error report contains. Windows X found serious error".

There are two buttons, "Send Error" and "Send and Close".

Clicking on "Send Error" displays a bogus technical-looking error message, similar to the above, with "<< Back" and "Close" buttons. "Close" does nothing and "<< Back" takes you back to the previous screen.

Clicking on "Send and Close" will cause the worm to run many control panel applets, eject the CD-Rom drive, remove the taskbar and display a rant about Windows which cannot be closed:

Your computer now is mine, Why? Because I didn't had nothing to do and I thought, why not make the evil? Remember NOW YOUR PC IS IN MY POWER Windows Sucks! I can't stand it anymore! Windows has always sucked. Wake up people! It's a scam! You don't need a faster computer. You need a better operating system. Microsoft continuingly makes money by selling you the latest and greatest Windows. The latest Windows version is always the most inefficient yet, slowing down your fast computer. Also, now you have to upgrade all your other software too because different Windows versions are not compatible with each other! A hidden cost not mentioned at all. It's part of the scam. Capitalism Sucks!, Communism Sucks. KILLERGUATE.

Your computer now is mine, Why? Because I didn't had nothing to do and I thought, why not make the evil? Remember NOW YOUR PC IS IN MY POWER Windows Sucks! I can't stand it anymore! Windows has always sucked. Wake up people! It's a scam! You don't need a faster computer. You need a better operating system. Microsoft continuingly makes money by selling you the latest and greatest Windows. The latest Windows version is always the most inefficient yet, slowing down your fast computer. Also, now you have to upgrade all your other software too because different Windows versions are not compatible with each other! A hidden cost not mentioned at all. It's part of the scam. Capitalism Sucks!, Communism Sucks. KILLERGUATE.

W32/Gruel-D disables many Windows features, such as task manager, logoff, shutdown, lock computer, change password, etc. The worm also changes the default association for EXE files and deletes many files in the Windows system
folder and its sub-folders.

The worm also copies itself to the Desktop as kIlLeRgUaTe1.03