|Place of Origin||Germany|
|File Type(s)||.com, .exe|
|Infection Length||3,646 to 3,708 bytes|
When a Groove infected file is executed, it installs itself in high memory, just below the DOS 640k boundry. It appends itself to .com and .exe programs as they are executed. It will only infect .exe files that are below a certain size.
Programs infected with Groove may not function properly. If COMMAND.COM has been infected, it may cause the system to be unable to boot.
It displays the following text at half an hour past midnight, which is usually encrypted with the rest of the virus when it is not in memory:
Dont wory, you are not alone at this hour... ThisVirus is NOT dedicated to Sara its dedicated to her Groove (...Thats my name) This Virus is only a test Virus there for be ready for my Next Test ....
Also encrypted are the paths and names of files related to antivirus products the virus deletes or corrupts. These files belong to Norton Anti-Virus, Certus' Novi, Central Point Anti-Virus, Dr. Solomon's Anti-Viral Toolkit, Fifth Generation Systems' Untouchable, and XTree's ViruSafe. The files are:
Origin and Effects
Groove likely originated in Germany. By the time it was isolated there, it was already wild in that country. It was also found in the United States.
Patricia Hoffman. Online VSUM, Groove Virus.
Tarkan Yetiser, VDS Advanced Research Group. Computer Virus Catalog Index, Computer Virus Catalog 1.2: Groove Virus. 1992.06.22
Joe Wells. IBM Research, Antivirus, VIRUS TIMELINE. 1996.08.30