Worm.Gamarue.B

Worm.Gamarue.B is a malware worm infection which spreads through removable media and drives, and also communicates with remote servers to report its infection, and to download additional malware and files to the system. Worm.Gamarue.B was first released on 30 September 2011, and has spread virally across the web. This worm also operates under various aliases, some of which are:

Other distribution methods of Worm.Gamarue.B are to use email and spam attachments with a subject reference to a fictitious fake cancelled ACH payment. When the user executes the attachment, the malware copies itself as the following:

%TEMP%\.com

Because of its subtle intrusion into the system, users may find it difficult to identify and remove Worm.Gamarue.B from the system. The presence of the following files and registry modifications will be a clear indication of the presence of Worm.Gamarue.B on the system:

Files:

%TEMP%\.com

The presence of the following registry modifications:

In subkey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Sets value: "2600"
With data: "%TEMP%\.com"

This worm will download additional malware to the system, and its developers may be able to assume complete control of the infected PC. This makes it extremely dangerous for the user, as all his private info such as usernames and financial info is at risk. The criminal developers may also use the user’s PC as part of Denial of Service (DoS) attacks, and other nefarious activities. Worm.Gamarue.B will connect to the following domains to report its infection to its developers, receive further instructions and to download arbitrary files to the system:

randomcrappy.com
karabasdobryak.eu
loshatemikontara551.ru
serioslyfucked.ru

When all is said and done you will only be able to regain control of your PC if you destroy Worm.Gamarue.B with the help of a powerful security tool. Investing in such a tool will also provide you with adequate protection against future similar attacks.