Search
Sign in with
Sign up | Sign in
Closed

Worm:Win32/Gamarue

Last response: in Applications
Share

Microsoft Security Security essentials indicated that my desktop was infected with worm:win32/gamarue.B. It said it was removed, but the task manager showed it as running. I ended the task and I am running a full system virus scan. It seems that the worm first infected the computer on 12/5. The history says allowed then removed. It seems to be running at start up. I shut down the computer every night. Any suggestions? I am posting from my laptop which is not infected...at least so far. Thanks in advance for your help. The full scan said it found no threats.

More about : worm win32 gamarue

Register or log in to remove
Related ressources
Ask the community

Thanks guys.

@ Hawkeye~MSE said it removed it...but it still showed that it was running when I checked the task bar.

I ran a full scan and it said no threats found. It seems to loading itself when I boot up the computer.

@malmental~How do I isolate it in safe mode?

Security Expert

write down on a piece of paper or something the actual virus name in full from the task manager, write down the entire executable
path and all info.
then in safe mode search for it and then kill it.

Hello all.

51~I ran that earlier today and it said my system was clean.

I also ran malwarebytes in regular mode and it is currently running in safe mode. So far nothing has been detected.

I was following Aford's step by step process since it all written out for me and easy to follow. Should I download the spybot program and registry cleaner in the safe mode also?

I guess I should also change all my passwords for different accounts etc.?

I did not run that yet. I need to download it on this computer...not the infected one. Make a copy etc. I am thinking I need to go change my bank passwords before I do anything else.
Security Expert

44surf said:
Nothing was found running malwarebytes in safe mode. The scan just completed.


Quality scanners won't always catch everything. That's why you should always use a few different scanners to verify an infection or clean system. Just make sure to be in safe mode with networking, so you can update the virus definitions before you scan.
Security Expert

44surf said:
I just downloaded that superantispyware. I know that this is pathetic...but how exactly do I save that to a cd?


You don't need to. It can be ran in safe mode with networking.

If you want to create a boot disc to scan the drive, try the AVG rescue disc from the guide.

verbalizer said:
and what has your son been doing (or you) on both your units.?
especially the one I built with you.



He plays games on this one...so one can only guess! He is always asking if he can download something or other. Although I think this worm might have come in with an email. The MSE history shows it making it's way to my system at 4:40 am and 6:40 am and then being removed about 10 minutes after. Should I leave these detection notices in my history? As long as it says it was removed it's ok right? Not sure about the one that says it was allowed.

Family's good. The boy is mad because I won't let him use my laptop while I clean this one...poor baby. :) 
Security Expert

sounds like you have everything under control mom...
go into the virus control on the one that says allowed and then tell the anti-virus/firewall to dis-allow it and then clean the unit.

It does not show in the allowed section...just that it was allowed in the history. The allowed items only and quarantined items only sections are empty.

I am thinking maybe I should try a different virus protection program....hmmm....because now I feel a little paranoid!

SR-71 Blackbird said:
It is a portable app,just click it to run



Hi 51~I am currently running the app on my desktop...the system with the worm. So far it has found 738 threats...adware tracking cookies. I should probably run it on our laptop also. Should I delete the download first? Or does it not matter? Hope my question makes sense.

ETA And one trojen. Sheeesh!

I deleted...or quarantined. I am going to have to go back in figure out hoe to delete. It found about 300 cookies on my laptop also. I also uninstalled MSE and downloaded and installed avast. When I ran the scan it said there were files that could not be scanned. What is that about? After that message I ran the antispyware app on the laptop...and it found all the adware. No trojens though.

SR-71 Blackbird said:
Your probably fine now but when you install Avast schedule it to do a scan on boot!


Okay...thanks. You know I shut down the computers every night and reboot in the morning. I know you are not supposed to do that...but I hate to leave them running. The desktop seems wake up off and on unless I shut it down. I come out in the middle of the night and it's running. My laptop automatically goes to sleep with so many minutes of no use. It's irritating because it just stops while i am running a scan and I have to wake it by tapping the mouse pad.
Security Authority

Threats that have been detected can be removed but not quarantined. The program description is in this regard confusing as appears to support the quarantine when in fact it is not.

Quarantined items are only stored in memory. No items are stored in the quarantine over sessions. Users need to keep that in mind since it makes it impossible to restore a false positive after the program has been closed. But that’s how other most portable solutions and antivirus Live CDs work.
Register or log in to remove
 
Ask the community
Read discussions in other Applications categories
!