Closed Solved

Worm:Win32/Gamarue

Microsoft Security Security essentials indicated that my desktop was infected with worm:win32/gamarue.B. It said it was removed, but the task manager showed it as running. I ended the task and I am running a full system virus scan. It seems that the worm first infected the computer on 12/5. The history says allowed then removed. It seems to be running at start up. I shut down the computer every night. Any suggestions? I am posting from my laptop which is not infected...at least so far. Thanks in advance for your help. The full scan said it found no threats.
82 answers Last reply Best Answer
More about worm win32 gamarue
  1. Odd that MSE didn't catch this as it has been in their updates since 9/30.

    http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=WORM:WIN32/GAMARUE.B

    You can try installing malwarebytes and see if it can remove it.

    http://www.malwarebytes.org/
  2. boot the unit in SAFE MODE and then isolate the worm and the delete it from there.
    remember SAFE MODE.
  3. Best answer
    http://www.superantispyware.com/portablescanner.html

    Download and run this,no need to update ^

    [:briovaz:3]
  4. Thanks guys.

    @ Hawkeye~MSE said it removed it...but it still showed that it was running when I checked the task bar.

    I ran a full scan and it said no threats found. It seems to loading itself when I boot up the computer.

    @malmental~How do I isolate it in safe mode?
  5. Thanks too area 51. I am going to go take a look at you link.
  6. write down on a piece of paper or something the actual virus name in full from the task manager, write down the entire executable
    path and all info.
    then in safe mode search for it and then kill it.
  7. And I kill it how? By deleting?
  8. Safe mode with networking.

    Run through the malware guide in my signature.
  9. yes, by deleting.
    you might have to utilize end task to be able to do it...
  10. Viruses can activate a process, while infecting multiple files. Simply deleting a file doesn't mean you'll eradicate the infection.
  11. sometimes that's true..
  12. Hello all.

    51~I ran that earlier today and it said my system was clean.

    I also ran malwarebytes in regular mode and it is currently running in safe mode. So far nothing has been detected.

    I was following Aford's step by step process since it all written out for me and easy to follow. Should I download the spybot program and registry cleaner in the safe mode also?

    I guess I should also change all my passwords for different accounts etc.?
  13. I guess I should also change all my passwords for different accounts etc.? YES

    Did you run superantispyware?
  14. I did not run that yet. I need to download it on this computer...not the infected one. Make a copy etc. I am thinking I need to go change my bank passwords before I do anything else.
  15. Yes, spybot is a quality scanner.

    Ccleaner is a quality software, but won't do anything to remove malware infections.
  16. Nothing was found running malwarebytes in safe mode. The scan just completed.
  17. 44surf said:
    Nothing was found running malwarebytes in safe mode. The scan just completed.


    Quality scanners won't always catch everything. That's why you should always use a few different scanners to verify an infection or clean system. Just make sure to be in safe mode with networking, so you can update the virus definitions before you scan.
  18. I just downloaded that superantispyware. I know that this is pathetic...but how exactly do I save that to a cd?
  19. Just burn it as is it will run when you go to use it.
  20. 44surf said:
    I just downloaded that superantispyware. I know that this is pathetic...but how exactly do I save that to a cd?


    You don't need to. It can be ran in safe mode with networking.

    If you want to create a boot disc to scan the drive, try the AVG rescue disc from the guide.
  21. @51~I just downloaded that superantispyware and saved it to a cd and now in my task manager it says that wormwin32gamarue is running on this computer!!!
  22. too late to restore to the day before this virus appeared.?
  23. and what has your son been doing (or you) on both your units.?
    especially the one I built with you.
  24. oops! My bad! I think that the message in the task manager was just reading out the thread title. Sooooo embarrassing! LOL. The child told me.
  25. Hi mal!
  26. 44surf said:
    Hi mal!

  27. Like the sig picture. :)
  28. much appreciated.
    how's the family (besides your computer issue).?
  29. verbalizer said:
    and what has your son been doing (or you) on both your units.?
    especially the one I built with you.



    He plays games on this one...so one can only guess! He is always asking if he can download something or other. Although I think this worm might have come in with an email. The MSE history shows it making it's way to my system at 4:40 am and 6:40 am and then being removed about 10 minutes after. Should I leave these detection notices in my history? As long as it says it was removed it's ok right? Not sure about the one that says it was allowed.

    Family's good. The boy is mad because I won't let him use my laptop while I clean this one...poor baby. :)
  30. sounds like you have everything under control mom...
    go into the virus control on the one that says allowed and then tell the anti-virus/firewall to dis-allow it and then clean the unit.
  31. It does not show in the allowed section...just that it was allowed in the history. The allowed items only and quarantined items only sections are empty.

    I am thinking maybe I should try a different virus protection program....hmmm....because now I feel a little paranoid!
  32. sounds OK, which program are you using now.?
  33. Microsoft Security essentials.
  34. It does seem like it caught the worm...but in the past when I have switched virus ware programs, the new one always seems to find things on my system.
  35. you might not need to but if you want another good option and the one I use myself then here:
    http://www.comodo.com/home/internet-security/free-internet-security.php
  36. SR-71 Blackbird said:
    http://www.superantispyware.com/portablescanner.html

    Download and run this,no need to update ^

    [:briovaz:3]



    Hi 51. I burned this download...it was under a random name. I found it by the date and time of the download. Should I just load it on the computer? My email is acting strange. I don't know if it is something verizon has changed or something more ominous. Thanks.
  37. It is a portable app,just click it to run
  38. SR-71 Blackbird said:
    It is a portable app,just click it to run



    Hi 51~I am currently running the app on my desktop...the system with the worm. So far it has found 738 threats...adware tracking cookies. I should probably run it on our laptop also. Should I delete the download first? Or does it not matter? Hope my question makes sense.

    ETA And one trojen. Sheeesh!
  39. Delete eveyrthing it finds
  40. SR-71 Blackbird said:
    Delete eveyrthing it finds

    +1
  41. It's probably not as bad as it seems. Superantispyware often detects harmless cookies as threats. The the trojans are another story tho.
  42. I deleted...or quarantined. I am going to have to go back in figure out hoe to delete. It found about 300 cookies on my laptop also. I also uninstalled MSE and downloaded and installed avast. When I ran the scan it said there were files that could not be scanned. What is that about? After that message I ran the antispyware app on the laptop...and it found all the adware. No trojens though.
  43. Your probably fine now but when you install Avast schedule it to do a scan on boot!
  44. So since the antispyware is a portable app...where did it quarantine all the files to so I can delete them?
  45. SR-71 Blackbird said:
    Your probably fine now but when you install Avast schedule it to do a scan on boot!


    Okay...thanks. You know I shut down the computers every night and reboot in the morning. I know you are not supposed to do that...but I hate to leave them running. The desktop seems wake up off and on unless I shut it down. I come out in the middle of the night and it's running. My laptop automatically goes to sleep with so many minutes of no use. It's irritating because it just stops while i am running a scan and I have to wake it by tapping the mouse pad.
  46. Threats that have been detected can be removed but not quarantined. The program description is in this regard confusing as appears to support the quarantine when in fact it is not.

    Quarantined items are only stored in memory. No items are stored in the quarantine over sessions. Users need to keep that in mind since it makes it impossible to restore a false positive after the program has been closed. But that’s how other most portable solutions and antivirus Live CDs work.
  47. So they are all gone right? Even though it said quarantine. Just making sure. :)
  48. yes.
Ask a new question

Read More

Security Win32 Worm Security Essentials Apps