virus logo Virus

W97M/Groov.A

description-logoAnalysis

  • Virus consists of one macro module named either "groovie" or "orbit"
  • Virus hooks Word event handlers which prevents the printing, opening, closing and saving of infected documents, or exiting Word
  • In a one in five chance, virus will attempt to save host IP information as "c:\ip.txt", then send this file using FTP to "complex.is" to the "incoming" directory

Telemetry logoTelemetry

ID 325214
Released Oct 09, 2002
Description
Updated		 Jul 02, 2003
Aliases W97M.Groovie, WM97/Ipattack
Platform Profile Microsoft Word 97 macro