Worm:Win32/Gamarue

[44surf]

Microsoft Security Security essentials indicated that my desktop was infected with worm:win32/gamarue.B. It said it was removed, but the task manager showed it as running. I ended the task and I am running a full system virus scan. It seems that the worm first infected the computer on 12/5. The history says allowed then removed. It seems to be running at start up. I shut down the computer every night. Any suggestions? I am posting from my laptop which is not infected...at least so far. Thanks in advance for your help. The full scan said it found no threats.

 

[Hawkeye22]

Odd that MSE didn't catch this as it has been in their updates since 9/30.

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=WORM:WIN32/GAMARUE.B

You can try installing malwarebytes and see if it can remove it.

http://www.malwarebytes.org/

 

[verbalizer]

boot the unit in SAFE MODE and then isolate the worm and the delete it from there.
remember SAFE MODE.

 

[Dark Lord of Tech]

http://www.superantispyware.com/portablescanner.html

Download and run this,no need to update ^

[:briovaz:3]

 

[44surf]

Thanks guys.

@ Hawkeye~MSE said it removed it...but it still showed that it was running when I checked the task bar.

I ran a full scan and it said no threats found. It seems to loading itself when I boot up the computer.

@malmental~How do I isolate it in safe mode?

 

[44surf]

Thanks too area 51. I am going to go take a look at you link.

 

[verbalizer]

write down on a piece of paper or something the actual virus name in full from the task manager, write down the entire executable
path and all info.
then in safe mode search for it and then kill it.

 

[44surf]

And I kill it how? By deleting?

 

[aford10]

Safe mode with networking.

Run through the malware guide in my signature.

 

[verbalizer]

yes, by deleting.
you might have to utilize end task to be able to do it...

 

[aford10]

Viruses can activate a process, while infecting multiple files. Simply deleting a file doesn't mean you'll eradicate the infection.

 

[verbalizer]

sometimes that's true..

 

[Dark Lord of Tech]

http://www.microsoft.com/security/scanner/en-us/default.aspx

Run this ^

 

[44surf]

Hello all.

51~I ran that earlier today and it said my system was clean.

I also ran malwarebytes in regular mode and it is currently running in safe mode. So far nothing has been detected.

I was following Aford's step by step process since it all written out for me and easy to follow. Should I download the spybot program and registry cleaner in the safe mode also?

I guess I should also change all my passwords for different accounts etc.?

 

[Dark Lord of Tech]

I guess I should also change all my passwords for different accounts etc.? YES

Did you run superantispyware?

 

[44surf]

I did not run that yet. I need to download it on this computer...not the infected one. Make a copy etc. I am thinking I need to go change my bank passwords before I do anything else.

 

[aford10]

Yes, spybot is a quality scanner.

Ccleaner is a quality software, but won't do anything to remove malware infections.

 

[44surf]

Nothing was found running malwarebytes in safe mode. The scan just completed.

 

[aford10]

Nothing was found running malwarebytes in safe mode. The scan just completed.

Quality scanners won't always catch everything. That's why you should always use a few different scanners to verify an infection or clean system. Just make sure to be in safe mode with networking, so you can update the virus definitions before you scan.

 

[44surf]

I just downloaded that superantispyware. I know that this is pathetic...but how exactly do I save that to a cd?

 

[Dark Lord of Tech]

Just burn it as is it will run when you go to use it.

 

[aford10]

I just downloaded that superantispyware. I know that this is pathetic...but how exactly do I save that to a cd?

You don't need to. It can be ran in safe mode with networking.

If you want to create a boot disc to scan the drive, try the AVG rescue disc from the guide.

 

[44surf]

@51~I just downloaded that superantispyware and saved it to a cd and now in my task manager it says that wormwin32gamarue is running on this computer!!!

 

[verbalizer]

too late to restore to the day before this virus appeared.?

 

[verbalizer]

and what has your son been doing (or you) on both your units.?
especially the one I built with you.