Should I remove “Worm:Win32/Gamarue.N”?

The Worm:Win32/Gamarue.N is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Worm:Win32/Gamarue.N virus can do?

Authenticode signature is invalid

How to determine Worm:Win32/Gamarue.N?


File Info:
name: DE3A9767A48870290BDD.mlw
path: /opt/CAPEv2/storage/binaries/5296cdf137a71f33b942aab3a6b8d3052e72b71fb19057c35e9f264915ff1d22
crc32: D7408662
md5: de3a9767a48870290bdd8b9ec9113c71
sha1: 460149e0cea7cdd0c7ca9cf12af69e510842d439
sha256: 5296cdf137a71f33b942aab3a6b8d3052e72b71fb19057c35e9f264915ff1d22
sha512: 7733900cdf6cd736e4640e386fd5fee4d1014661cb67f71dd363d3ace60bf196bcb858d75fda4e3da68e98d0953c7449e15ec8b34b5803c04465971fbfb5186d
ssdeep: 48:C+Ubwu9hrN5c8/Yc4cA/c4UBPmIg7o2cqmXB:uhrNvQYA/4wIg7jmXB
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T18781613B93647A33D0842B3329E750C7BEBD67A013A04A2F84831A05244153BDD6FF86
sha3_384: 0dae3bb186228f72b47815816368de43170a7c2de460e33d32fa504c595b816862ee4341a4651df494af254cb737f281
ep_bytes: 558bec538b5d08568b750c578b7d1085
timestamp: 2013-03-15 18:12:29

Version Info:
0: [No Data]

Worm:Win32/Gamarue.N also known as:

Bkav	W32.FamVT.DebrisB.Worm
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.30878484
FireEye	Generic.mg.de3a9767a4887029
CAT-QuickHeal	Trojan.Agent.WL
Skyhigh	BehavesLike.Win32.Downloader.xz
McAfee	Downloader-FKP!DE3A9767A488
Malwarebytes	Bundpil.Worm.AutoRun.DDS
Zillya	Worm.DebrisGen.Win32.23
Sangfor	Suspicious.Win32.Save.ins
CrowdStrike	win/malicious_confidence_100% (D)
K7GW	Trojan ( 004d2f401 )
K7AntiVirus	EmailWorm ( 0040f50c1 )
BitDefenderTheta	Gen:NN.ZedlaF.36744.aq4@a4uKeIf
VirIT	Worm.Win32.Generic.FXY
Symantec	Backdoor.Trojan
ESET-NOD32	Win32/Bundpil.J
APEX	Malicious
ClamAV	Win.Worm.Bundpil-3
Kaspersky	Worm.Win32.Debris.b
BitDefender	Trojan.GenericKD.30878484
NANO-Antivirus	Trojan.Win32.Bundpil.jvbysv
SUPERAntiSpyware	Trojan.Agent/Gen-Dropper
Avast	Win32:Downloader-TBF [Trj]
Emsisoft	Trojan.GenericKD.30878484 (B)
Baidu	Win32.Worm.Bundpil.z
F-Secure	Trojan.TR/Rogue.kdz.409654
DrWeb	Trojan.MulDrop4.25343
VIPRE	Trojan.GenericKD.30878484
TrendMicro	WORM_GAMARUE.SMB
Trapmine	malicious.moderate.ml.score
Sophos	Troj/Loader-M
Ikarus	Trojan.SuspectCRC
MAX	malware (ai score=82)
GData	Win32.Worm.Debris.A
Jiangmin	Worm/Bundpil.b
Webroot	W32.Worm.Gen
Google	Detected
Avira	TR/Rogue.kdz.409654
Varist	W32/Csyr.A!Eldorado
Antiy-AVL	Worm/Win32.Bundpil
Kingsoft	malware.kb.a.996
Xcitium	Worm.Win32.Bundpil.T@4wizl6
Arcabit	Trojan.Generic.D1D72B14
ViRobot	Worm.Win32.Bundpil.4096
ZoneAlarm	Worm.Win32.Debris.b
Microsoft	Worm:Win32/Gamarue.N
Cynet	Malicious (score: 100)
AhnLab-V3	Worm/Win32.Bundpil.R63957
Acronis	suspicious
VBA32	BScope.Worm.Debris
ALYac	Trojan.GenericKD.30878484
TACHYON	Worm/W32.Bundpil.4096
Cylance	unsafe
Panda	Generic Malware
TrendMicro-HouseCall	WORM_GAMARUE.SMB
Rising	Worm.Gamarue!1.68D7 (CLASSIC)
Yandex	Trojan.GenAsa!uEcSV6bgqXU
SentinelOne	Static AI – Malicious PE
MaxSecure	Worm.W32.Bundpil.abr
Fortinet	W32/Bundpil.K!tr
AVG	Win32:Downloader-TBF [Trj]
DeepInstinct	MALICIOUS

How to remove Worm:Win32/Gamarue.N?

Worm:Win32/Gamarue.N removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X