About “Worm:Win32/Gamarue.X” infection

The Worm:Win32/Gamarue.X is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Worm:Win32/Gamarue.X virus can do?

Authenticode signature is invalid
Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Worm:Win32/Gamarue.X?


File Info:
name: A179278255530C6CE750.mlw
path: /opt/CAPEv2/storage/binaries/483c9f39fef0a9dd7e94d41051b39ddf52df3720352db05bd4b8440e70d7e906
crc32: 0DA62933
md5: a179278255530c6ce7501e15842d49d0
sha1: e648daa2157d4941457cfc6ea972cb3b49b1a7df
sha256: 483c9f39fef0a9dd7e94d41051b39ddf52df3720352db05bd4b8440e70d7e906
sha512: c79c3e043ca572a77a74bba2c42dcea775f2ee838ba554a77a920984c2396f5720016e8e388334d79f4b05d12c9f91b46dcd780ae7a5a0ca7711a14f280cf91e
ssdeep: 48:q0aaPO8jGSLIv+Tqq7NqrhWR07iIsitl6YtDytJFgOrnsB/SsyomXrzCnpnCfayy:1h9jTqMMrY0OI/KYyznSM3Cndkayy
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T1A4B1503862C7A475E7880137BBFA29D9213C6E29035713CF059B08625964BD2FEB6F03
sha3_384: c809688388c2da33e4968651f8ac283cec615326dd9802ce6e663378ef56ce5e632722808641ad0313a25b4d8d9db0dc
ep_bytes: 558bec518b450c8945fc837dfc017402
timestamp: 2013-07-07 12:08:59

Version Info:
0: [No Data]

Worm:Win32/Gamarue.X also known as:

Bkav	W32.FamVT.DebrisA.Worm
Lionic	Worm.Win32.Debris.lNQC
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Uztub.22
FireEye	Generic.mg.a179278255530c6c
CAT-QuickHeal	Trojan.Agent.WL
Skyhigh	Downloader-FOB!A17927825553
McAfee	Downloader-FOB!A17927825553
Cylance	unsafe
VIPRE	Gen:Variant.Uztub.22
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	Worm:Win32/Debris.b771d3ff
K7GW	Trojan ( 004484a91 )
K7AntiVirus	EmailWorm ( 0040f50c1 )
Arcabit	Trojan.Uztub.22
BitDefenderTheta	Gen:NN.ZedlaF.36680.aq4@auODNKk
VirIT	Worm.Win32.Generic.BRT
Symantec	W32.Dromedan
ESET-NOD32	a variant of Win32/Bundpil.BJ
Cynet	Malicious (score: 100)
APEX	Malicious
ClamAV	Win.Adware.Downware-310
Kaspersky	Worm.Win32.Debris.abu
BitDefender	Gen:Variant.Uztub.22
NANO-Antivirus	Trojan.Win32.Drop.chwqha
Avast	Win32:Sg-C [Trj]
Tencent	Worm.Win32.Debris.b
TACHYON	Worm/W32.Debris.5120.D
Emsisoft	Gen:Variant.Uztub.22 (B)
Baidu	Win32.Worm.Agent.q
F-Secure	Worm.WORM/Gamarue.EB.3
DrWeb	Trojan.MulDrop4.25343
Zillya	Worm.DebrisGen.Win32.19
TrendMicro	WORM_GAMARUE.SMF
Sophos	W32/Gamarue-BJ
Ikarus	Worm.Win32.Gamarue
Jiangmin	Worm/Generic.agif
Webroot
Varist	W32/Csyr.C.gen!Eldorado
Avira	WORM/Gamarue.EB.3
Antiy-AVL	Worm/Win32.Debris.abu
Kingsoft	malware.kb.a.995
Xcitium	Worm.Win32.Bundpil.BL@4zjaeb
Microsoft	Worm:Win32/Gamarue.X
ViRobot	Trojan.Win32.Downloader.5120.KZ
ZoneAlarm	Worm.Win32.Debris.abu
GData	Gen:Variant.Uztub.22
Google	Detected
AhnLab-V3	Trojan/Win32.Agent.R73516
VBA32	Worm.Debris
ALYac	Gen:Variant.Uztub.22
MAX	malware (ai score=83)
Malwarebytes	Generic.Malware.AI.DDS
Panda	Trj/Genetic.gen
TrendMicro-HouseCall	WORM_GAMARUE.SMF
Rising	Worm.Gamarue!1.9CC6 (CLASSIC)
Yandex	Trojan.GenAsa!FNn492bpZ2U
SentinelOne	Static AI – Suspicious PE
MaxSecure	Worm.Debris.abu
Fortinet	W32/Bundpil.AA!tr
AVG	Win32:Sg-C [Trj]
DeepInstinct	MALICIOUS

How to remove Worm:Win32/Gamarue.X?

Worm:Win32/Gamarue.X removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X