Groove OW Virus

Virus Name: Groove OW Aliases: V Status: Viron Discovered: December, 1992 Symptoms: .EXE files overwritten & truncated; file date/time changes; graphic display; lost clusters; C:\COMMAND.COM replaced; boot failures; programs fail to function properly Origin: Unknown Eff Length: 1,214 Bytes OW Type Code: PNEK - Non-Resident Overwriting COMMAND.COM &.EXE Infector Detection Method: ViruScan, Sweep, AVTK, F-Prot, IBMAV, NAV, NAVDX, VAlert, PCScan, ChAV, NShld, Sweep/N, AVTK/N, LProt, NAV/N, IBMAV/N, Innoc, NProt Removal Instructions: Delete infected files General Comments: The Groove OW virus was submitted in December, 1992. Its origin or point of isolation is unknown. Groove OW is a non-resident direct action overwriting virus which infects .EXE programs and the copy of COMMAND.COM located in the C: drive root directory. It is not related to the Groove virus. When a program infected with the Groove OW virus is executed, this virus will infect the copy of COMMAND.COM located in the C: drive root directory as well as one .EXE program located in the current drive's current directory. It will then display a graphic with the name "Sara's Groove". Programs infected with the Groove OW virus will have a file length of 1,214 bytes and will contain pure viral code. The file's date and time in the DOS disk directory listing will be the system date and time when infection occurred. The following text strings can be found within the viral code in all Groove OW infected programs: "*.exe c:\command.com .. Darkest avenger" "Isnt dedicated to Sara Gordon" "Its dedicated to her GROOVE!" Disks infected by the Groove OW virus will have a large number of lost clusters. The virus creates three additional lost clusters each time an infected program is executed. System boot failures will also occur when the user attempts to boot from the system hard disk.