Sign in with
Sign up | Sign in
Your question
Closed

Worm:Win32/Gamarue

Last response: in Applications
Share
December 7, 2011 2:40:33 PM

Microsoft Security Security essentials indicated that my desktop was infected with worm:win32/gamarue.B. It said it was removed, but the task manager showed it as running. I ended the task and I am running a full system virus scan. It seems that the worm first infected the computer on 12/5. The history says allowed then removed. It seems to be running at start up. I shut down the computer every night. Any suggestions? I am posting from my laptop which is not infected...at least so far. Thanks in advance for your help. The full scan said it found no threats.

More about : worm win32 gamarue

a b 8 Security
December 7, 2011 5:31:51 PM

boot the unit in SAFE MODE and then isolate the worm and the delete it from there.
remember SAFE MODE.
Score
0
Related resources

Best solution

a b 8 Security
December 7, 2011 6:00:34 PM

http://www.superantispyware.com/portablescanner.html

Download and run this,no need to update ^

[:briovaz:3]
Share
December 7, 2011 10:41:59 PM

Thanks guys.

@ Hawkeye~MSE said it removed it...but it still showed that it was running when I checked the task bar.

I ran a full scan and it said no threats found. It seems to loading itself when I boot up the computer.

@malmental~How do I isolate it in safe mode?

Score
0
December 7, 2011 10:46:50 PM

Thanks too area 51. I am going to go take a look at you link.
Score
0
a b 8 Security
December 7, 2011 11:24:19 PM

write down on a piece of paper or something the actual virus name in full from the task manager, write down the entire executable
path and all info.
then in safe mode search for it and then kill it.
Score
0
December 7, 2011 11:47:54 PM

And I kill it how? By deleting?
Score
0
a b 8 Security
December 8, 2011 12:38:23 AM

Safe mode with networking.

Run through the malware guide in my signature.
Score
0
a b 8 Security
December 8, 2011 12:45:22 AM

yes, by deleting.
you might have to utilize end task to be able to do it...
Score
0
a b 8 Security
December 8, 2011 12:47:30 AM

Viruses can activate a process, while infecting multiple files. Simply deleting a file doesn't mean you'll eradicate the infection.
Score
0
a b 8 Security
December 8, 2011 12:53:05 AM

sometimes that's true..
Score
0
December 8, 2011 1:23:49 AM

Hello all.

51~I ran that earlier today and it said my system was clean.

I also ran malwarebytes in regular mode and it is currently running in safe mode. So far nothing has been detected.

I was following Aford's step by step process since it all written out for me and easy to follow. Should I download the spybot program and registry cleaner in the safe mode also?

I guess I should also change all my passwords for different accounts etc.?
Score
0
a b 8 Security
December 8, 2011 1:26:17 AM

I guess I should also change all my passwords for different accounts etc.? YES

Did you run superantispyware?
Score
0
December 8, 2011 1:30:26 AM

I did not run that yet. I need to download it on this computer...not the infected one. Make a copy etc. I am thinking I need to go change my bank passwords before I do anything else.
Score
0
a b 8 Security
December 8, 2011 1:30:38 AM

Yes, spybot is a quality scanner.

Ccleaner is a quality software, but won't do anything to remove malware infections.
Score
0
December 8, 2011 1:32:33 AM

Nothing was found running malwarebytes in safe mode. The scan just completed.
Score
0
a b 8 Security
December 8, 2011 1:34:19 AM

44surf said:
Nothing was found running malwarebytes in safe mode. The scan just completed.


Quality scanners won't always catch everything. That's why you should always use a few different scanners to verify an infection or clean system. Just make sure to be in safe mode with networking, so you can update the virus definitions before you scan.
Score
0
December 8, 2011 1:36:12 AM

I just downloaded that superantispyware. I know that this is pathetic...but how exactly do I save that to a cd?
Score
0
a b 8 Security
December 8, 2011 1:41:32 AM

Just burn it as is it will run when you go to use it.
Score
0
a b 8 Security
December 8, 2011 1:43:21 AM

44surf said:
I just downloaded that superantispyware. I know that this is pathetic...but how exactly do I save that to a cd?


You don't need to. It can be ran in safe mode with networking.

If you want to create a boot disc to scan the drive, try the AVG rescue disc from the guide.
Score
0
December 8, 2011 1:54:02 AM

@51~I just downloaded that superantispyware and saved it to a cd and now in my task manager it says that wormwin32gamarue is running on this computer!!!
Score
0
a b 8 Security
December 8, 2011 2:34:50 AM

too late to restore to the day before this virus appeared.?
Score
0
a b 8 Security
December 8, 2011 2:36:39 AM

and what has your son been doing (or you) on both your units.?
especially the one I built with you.
Score
0
December 8, 2011 2:36:47 AM

oops! My bad! I think that the message in the task manager was just reading out the thread title. Sooooo embarrassing! LOL. The child told me.
Score
0
December 8, 2011 2:37:37 AM

Hi mal!
Score
0
a b 8 Security
December 8, 2011 2:40:15 AM

44surf said:
Hi mal!


Score
0
December 8, 2011 3:27:31 AM

Like the sig picture. :) 
Score
0
a b 8 Security
December 8, 2011 10:55:19 AM

much appreciated.
how's the family (besides your computer issue).?
Score
0
December 8, 2011 1:11:53 PM

verbalizer said:
and what has your son been doing (or you) on both your units.?
especially the one I built with you.



He plays games on this one...so one can only guess! He is always asking if he can download something or other. Although I think this worm might have come in with an email. The MSE history shows it making it's way to my system at 4:40 am and 6:40 am and then being removed about 10 minutes after. Should I leave these detection notices in my history? As long as it says it was removed it's ok right? Not sure about the one that says it was allowed.

Family's good. The boy is mad because I won't let him use my laptop while I clean this one...poor baby. :) 
Score
0
a b 8 Security
December 8, 2011 1:21:27 PM

sounds like you have everything under control mom...
go into the virus control on the one that says allowed and then tell the anti-virus/firewall to dis-allow it and then clean the unit.
Score
0
December 8, 2011 1:27:09 PM

It does not show in the allowed section...just that it was allowed in the history. The allowed items only and quarantined items only sections are empty.

I am thinking maybe I should try a different virus protection program....hmmm....because now I feel a little paranoid!
Score
0
a b 8 Security
December 8, 2011 1:28:25 PM

sounds OK, which program are you using now.?
Score
0
December 8, 2011 1:33:10 PM

Microsoft Security essentials.
Score
0
December 8, 2011 1:34:45 PM

It does seem like it caught the worm...but in the past when I have switched virus ware programs, the new one always seems to find things on my system.
Score
0
December 9, 2011 1:56:59 PM

SR-71 Blackbird said:
http://www.superantispyware.com/portablescanner.html

Download and run this,no need to update ^

[:briovaz:3]



Hi 51. I burned this download...it was under a random name. I found it by the date and time of the download. Should I just load it on the computer? My email is acting strange. I don't know if it is something verizon has changed or something more ominous. Thanks.
Score
0
a b 8 Security
December 9, 2011 6:42:38 PM

It is a portable app,just click it to run
Score
0
December 11, 2011 3:13:08 PM

SR-71 Blackbird said:
It is a portable app,just click it to run



Hi 51~I am currently running the app on my desktop...the system with the worm. So far it has found 738 threats...adware tracking cookies. I should probably run it on our laptop also. Should I delete the download first? Or does it not matter? Hope my question makes sense.

ETA And one trojen. Sheeesh!
Score
0
a b 8 Security
December 11, 2011 4:26:01 PM

Delete eveyrthing it finds
Score
0
a b 8 Security
December 11, 2011 5:05:28 PM

SR-71 Blackbird said:
Delete eveyrthing it finds

+1
Score
0
a b 8 Security
December 11, 2011 5:12:39 PM

It's probably not as bad as it seems. Superantispyware often detects harmless cookies as threats. The the trojans are another story tho.
Score
0
December 11, 2011 5:41:00 PM

I deleted...or quarantined. I am going to have to go back in figure out hoe to delete. It found about 300 cookies on my laptop also. I also uninstalled MSE and downloaded and installed avast. When I ran the scan it said there were files that could not be scanned. What is that about? After that message I ran the antispyware app on the laptop...and it found all the adware. No trojens though.
Score
0
a b 8 Security
December 11, 2011 5:43:49 PM

Your probably fine now but when you install Avast schedule it to do a scan on boot!
Score
0
December 11, 2011 5:45:00 PM

So since the antispyware is a portable app...where did it quarantine all the files to so I can delete them?
Score
0
December 11, 2011 5:50:01 PM

SR-71 Blackbird said:
Your probably fine now but when you install Avast schedule it to do a scan on boot!


Okay...thanks. You know I shut down the computers every night and reboot in the morning. I know you are not supposed to do that...but I hate to leave them running. The desktop seems wake up off and on unless I shut it down. I come out in the middle of the night and it's running. My laptop automatically goes to sleep with so many minutes of no use. It's irritating because it just stops while i am running a scan and I have to wake it by tapping the mouse pad.
Score
0
a b 8 Security
December 11, 2011 5:50:04 PM

Threats that have been detected can be removed but not quarantined. The program description is in this regard confusing as appears to support the quarantine when in fact it is not.

Quarantined items are only stored in memory. No items are stored in the quarantine over sessions. Users need to keep that in mind since it makes it impossible to restore a false positive after the program has been closed. But that’s how other most portable solutions and antivirus Live CDs work.
Score
0
December 11, 2011 5:54:23 PM

So they are all gone right? Even though it said quarantine. Just making sure. :) 
Score
0
a b 8 Security
December 11, 2011 5:55:35 PM

yes.
Score
0
!