Worm:Win32/Gamarue.B

Worm_Win32/Gamarue.B is a malicious computer program designed to carry out or inflict a set of destructive commands against PCs improperly protected or having weaker Internet security in place.

Worm_Win32/Garmarue.B has multiple aliases due to Worm_Win32/Gamarue.B's ability to self replicate, and because Worm_Win32/Gamarue.B is a standalone file, meaning Worm_Win32/Gamarue.B doesn't require a host to travel or propagate, so Worm_Win32/Gamarue.B can spread at an alarming rate.

Security experts and victims affected by Worm_Win32/Gamarue.B have connected Worm_Win32/Gamarue.B to a malicious email phishing scam targeting online bank users. The malicious email reads as follows:

Subject: ACH Payment xxxxxxx cancelled

13450 Sunrise Valley Drive, Suite 100 Hendon, VA 20171 (703)561-1100 2011 NACHA - The Electronic Payment Association

The ACH payment number referenced in the body of the email and in the subject line is a randomly assigned number generated for each target or the email. The subject line is a hyperlinked and, if clicked, victims are taken to a malicious web page, so they can provide vital data to a hacker. There is also an embedded link in the body of the email, which is rumored to be constant and route to a website housing an anxious Trojan downloader to further infect the PC with malicious files and programs.

Worm_Win32/Gamarue.B is the poisonous carrier of this farce and phishing scam. However, playing delivery threat isn't its only payload. The main payload of Worm_Win32/Gamarue.B is to be fruitful and multiply … again and again by infecting every node and drive Worm_Win32/Gamarue.B finds. Worm_Win32/Gamarue.B makes copies of itself and uses a FTP or http connection to mail itself to everyone on the victim's email listings. Worm_Win32/Gamarue.B also communicates with Worm_Win32/Gamarue.B's boss to report Worm_Win32/Gamarue.B's malicious deeds, i.e. where Worm_Win32/Gamarue.B has placed infections and connects to the following servers or domains to download more malicious files:

– randomcrappy.com

– karabasdobryak.eu

– loshatemikontara551.ru

– serioslyfucked.ru

The infiltration of Worm_Win32/Gamarue.B may bring about false positives and negatives warning of an intrusion, so you will not question a fake scanning engine or some rogue security program display to get you to buy fraudulent security programs.

The earlier you remove Worm_Win32/Gamarue.B, the better for you, your family and your friends, since anyone electronically connected to your system can also be affected or targeted.

Other aliases of Worm_Win32/Gamarue.B might be:

• Trojan/Win32.FakeAV
• Trojan.Downloader5.886
• Win32/TrojanDownloader.Agent QXN
• Trojan.Win32.Yakes.glu
• Troj/Bredo-KN

Many of the security industry classifications used above signal big trouble for the infected PC and its users. Cybercriminals or makers of this malware tool have the intention of stealing vital data, downloading more malicious files, giving a hacker unbridle access and use of the PC to distribute a DNS assault or email spam campaign, and allow a Trojan to perform a simulation of a security breach to sell some fake anti-virus program.

Computer worms are most dangerous and hard to remove manually, because of all the moving pieces or copies it leaves, and its ability to embed venomous programs deep in a system's kernel, BIOS or MBR. To ensure the virus is completely wiped away, you should use a reputable anti-malware solution known to contain an anti-rootkit and able to search deep in your system, something not all programs can do.

Until your system is free of Worm_Win32/Gamarue.B or other malware hiding deep in your system, you should completely disconnect your Internet to stop any new transmissions of data to hacker or to stop a hacker from gaining remote access and control