Groove OW Virus
Virus Name: Groove OW
V Status: Viron
Discovered: December, 1992
Symptoms: .EXE files overwritten & truncated; file date/time changes;
graphic display; lost clusters; C:\COMMAND.COM replaced;
boot failures; programs fail to function properly
Eff Length: 1,214 Bytes OW
Type Code: PNEK - Non-Resident Overwriting COMMAND.COM &.EXE Infector
Detection Method: ViruScan, Sweep, AVTK, F-Prot, IBMAV,
NAV, NAVDX, VAlert, PCScan, ChAV,
NShld, Sweep/N, AVTK/N, LProt, NAV/N, IBMAV/N,
Removal Instructions: Delete infected files
The Groove OW virus was submitted in December, 1992. Its origin or
point of isolation is unknown. Groove OW is a non-resident direct
action overwriting virus which infects .EXE programs and the copy
of COMMAND.COM located in the C: drive root directory. It is not
related to the Groove virus.
When a program infected with the Groove OW virus is executed, this
virus will infect the copy of COMMAND.COM located in the C: drive
root directory as well as one .EXE program located in the current
drive's current directory. It will then display a graphic with
the name "Sara's Groove".
Programs infected with the Groove OW virus will have a file length
of 1,214 bytes and will contain pure viral code. The file's date
and time in the DOS disk directory listing will be the system date
and time when infection occurred. The following text strings can
be found within the viral code in all Groove OW infected programs:
"*.exe c:\command.com .. Darkest avenger"
"Isnt dedicated to Sara Gordon"
"Its dedicated to her GROOVE!"
Disks infected by the Groove OW virus will have a large number of
lost clusters. The virus creates three additional lost clusters
each time an infected program is executed. System boot failures
will also occur when the user attempts to boot from the system