Worm.Gamarue.I

Posted: July 20, 2012

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Ranking:	12,281
Threat Level:	5/10
Infected PCs:	2,663

First Seen:	July 20, 2012
Last Seen:	September 5, 2023
OS(es) Affected:	Windows

Worm:Win32/Gamarue.I is a variant of the Gamarue worm that installs other malicious software onto your computer. Both spam e-mail messages and infected removable drives can be infection vectors for Worm:Win32/Gamarue.I, which is capable of creating new copies of itself and enabling these copies to launch on fresh computers automatically. Because Worm:Win32/Gamarue.I includes some advanced system changes and will conceal its components within normal Windows processes, SpywareRemove.com malware research team recommends that you use anti-malware programs to delete Worm:Win32/Gamarue.I – and, preferably, with a sufficiently in-depth scan that you can catch all copies of Worm:Win32/Gamarue.I, including those that are concealed on your PC's removable drives.

Worm:Win32/Gamarue.I: a File with Unexpected Consequences Once You Open It

While other PC threats may, as always, install Worm:Win32/Gamarue.I without your permission, Worm:Win32/Gamarue.I usually infects new PCs via either e-mail, network-shared drives or removable drives. Malware researchers have examined these infection vectors as follows:

E-mail spam may include installers for Worm:Win32/Gamarue.I. These installers will be disguised as supposedly beneficial files, but when launched, will continue through Worm:Win32/Gamarue.I's hidden installation process.
Worm:Win32/Gamarue.I also is capable of copying itself to removable devices, such as writable CDs or your USB thumb drive. SpywareRemove.com malware experts warn that, if the Autorun feature is enabled, Worm:Win32/Gamarue.I will be able to install itself on any new PC that shares these devices. However, if this feature is disabled, Worm:Win32/Gamarue.I will not be installed until you launch one of its components: a fake 'usb drive' LNK file.
If you share locations of your hard drive over a local network, PCs that access this network also are in danger of being infected by copies of Worm:Win32/Gamarue.I. The infection procedures are identical to those abused in Worm:Win32/Gamarue.I's removable drive-based attack.

Worm:Win32/Gamarue.I changes the Registry in ways that allow Worm:Win32/Gamarue.I to launch with Windows. Worm:Win32/Gamarue.I also is a multiple-component worm that conceals many of its files with misleading names and injects others into the memory processes of normal Windows components. This allows Worm:Win32/Gamarue.I to hide itself from any chance of visual inspection.

The Unpleasant Contents of the Conversation When Worm:Win32/Gamarue.I Calls Home

Once Worm:Win32/Gamarue.I has successfully infected a new PC, Worm:Win32/Gamarue.I attempts to communicate with a remote server and report the infection. Afterward, Worm:Win32/Gamarue.I may use this server to install other types of malware, with potential payloads including rogue anti-malware programs, browser hijackers, spyware and other PC threats.

Because Worm:Win32/Gamarue.I can create duplicates of itself and conceal these copies in a variety of locations, SpywareRemove.com malware research team particularly recommends that you use thorough anti-malware scans for removing Worm:Win32/Gamarue.I infections from your computer. Original versions of Worm:Win32/Gamarue.I were detected as long ago as the middle of last year, but new variants of Worm:Win32/Gamarue.I also have been spotted very recently. Updated anti-malware products, therefore, should be considered essential for identifying and removing Worm:Win32/Gamarue.I completely.

Aliases

W32/Jorik_Steckt.BC!tr [Fortinet]Worm/Gamarue.I.355 [AntiVir]Trojan.Win32.Jorik.Steckt.bc [Kaspersky]Win.Trojan.Agent-20637 [ClamAV]Trojan.Jorik.Steckt.bc [CAT-QuickHeal]PSW.Generic9.CHWU [AVG]Trojan-Spy.Win32.Zbot.dvat [Kaspersky]a variant of Win32/Kryptik.AFTN [NOD32]Downloader.Generic13.ARYK [AVG]Artemis!D3818E53F934 [McAfee-GW-Edition]Trojan-Downloader.Win32.Andromeda.unq [Kaspersky]BackDoor-FJW!D3818E53F934 [McAfee]Crypt.BTIP [AVG]Trojan.Win32.Viknok [Ikarus]TR/Rogue.949234 [AntiVir]
More aliases (2498)

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%USERPROFILE%\dxcbxw.exe

File name: dxcbxw.exe
Size: 74.75 KB (74752 bytes)
MD5: d5d0d1a02d95025737c45004eb3d93d9
Detection count: 90
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%
Group: Malware file
Last Updated: May 1, 2013

%ALLUSERSPROFILE%\Local Settings\Temp\msavcu.exe

File name: msavcu.exe
Size: 73.72 KB (73728 bytes)
MD5: a6f0115d2902a857a7d5b8604075dabb
Detection count: 76
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Local Settings\Temp
Group: Malware file
Last Updated: April 17, 2013

%USERPROFILE%\Local Settings\Temp\msibcuvqj.pif

File name: msibcuvqj.pif
Size: 100.71 KB (100717 bytes)
MD5: 7a1d65b4da6c84e8b174d0589cff8f64
Detection count: 72
Mime Type: unknown/pif
Path: %USERPROFILE%\Local Settings\Temp
Group: Malware file
Last Updated: March 29, 2013

%ALLUSERSPROFILE%\Local Settings\Temp\msiobqso.scr

File name: msiobqso.scr
Size: 66.56 KB (66560 bytes)
MD5: 919cc13048d501a598a2014d4002ad1e
Detection count: 65
Mime Type: unknown/scr
Path: %ALLUSERSPROFILE%\Local Settings\Temp
Group: Malware file
Last Updated: April 17, 2013

%ALLUSERSPROFILE%\Local Settings\Temp\msfauh.cmd

File name: msfauh.cmd
Size: 71.16 KB (71168 bytes)
MD5: c6dc1ba5740265b0bd2df97cce0a5cb2
Detection count: 65
Mime Type: unknown/cmd
Path: %ALLUSERSPROFILE%\Local Settings\Temp
Group: Malware file
Last Updated: May 8, 2013

%ALLUSERSPROFILE%\Local Settings\Temp\msaiaya.scr

File name: msaiaya.scr
Size: 75.77 KB (75776 bytes)
MD5: ea999ad0155437cefaa39745adf48a46
Detection count: 61
Mime Type: unknown/scr
Path: %ALLUSERSPROFILE%\Local Settings\Temp
Group: Malware file
Last Updated: April 10, 2013

%ALLUSERSPROFILE%\Local Settings\Temp\mspexf.com

File name: mspexf.com
Size: 70.65 KB (70656 bytes)
MD5: 1f1d17417c03f8828b0ec4731e179ff8
Detection count: 55
File type: Command, executable file
Mime Type: unknown/com
Path: %ALLUSERSPROFILE%\Local Settings\Temp
Group: Malware file
Last Updated: April 11, 2013

%USERPROFILE%\Local Settings\Temp\msiaya.exe

File name: msiaya.exe
Size: 25.08 KB (25088 bytes)
MD5: 5a62ef0ab5b3e1ea1295752b4d71bb40
Detection count: 46
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\Local Settings\Temp
Group: Malware file
Last Updated: March 29, 2013

%USERPROFILE%\dxujlo.exe

File name: dxujlo.exe
Size: 128 KB (128000 bytes)
MD5: 936daa7dc3591d7d8d56e9fb29043c3b
Detection count: 36
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%
Group: Malware file
Last Updated: April 29, 2013

%ALLUSERSPROFILE%\Local Settings\Temp\msfhqty.com

File name: msfhqty.com
Size: 44.54 KB (44544 bytes)
MD5: 9cdd85fc136c661e51ec599515f88ed7
Detection count: 31
File type: Command, executable file
Mime Type: unknown/com
Path: %ALLUSERSPROFILE%\Local Settings\Temp
Group: Malware file
Last Updated: April 17, 2013

%USERPROFILE%\Local Settings\Temp\msioociqa.exe

File name: msioociqa.exe
Size: 79.87 KB (79872 bytes)
MD5: c49a3c2b364927c6e510e9bf4468b343
Detection count: 25
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\Local Settings\Temp
Group: Malware file
Last Updated: May 13, 2013

%ALLUSERSPROFILE%\Local Settings\Temp\msqnykae.com

File name: msqnykae.com
Size: 53.76 KB (53760 bytes)
MD5: fd6e307d7fbfcea3d05b687b9ecf9ec7
Detection count: 25
File type: Command, executable file
Mime Type: unknown/com
Path: %ALLUSERSPROFILE%\Local Settings\Temp
Group: Malware file
Last Updated: April 16, 2013

%USERPROFILE%\Local Settings\Temp\mszuatizo.exe

File name: mszuatizo.exe
Size: 48.64 KB (48640 bytes)
MD5: 62c6e831efd04e3b61b30f7bb0a7801b
Detection count: 20
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\Local Settings\Temp
Group: Malware file
Last Updated: May 15, 2013

%ALLUSERSPROFILE%\Local Settings\Temp\ccoxuszy.com

File name: ccoxuszy.com
Size: 49.15 KB (49152 bytes)
MD5: 4c0a1cdb322291e292f4f138371c9649
Detection count: 12
File type: Command, executable file
Mime Type: unknown/com
Path: %ALLUSERSPROFILE%\Local Settings\Temp
Group: Malware file
Last Updated: April 24, 2013

%TEMP%\JPO\svshost.exe

File name: svshost.exe
Size: 809.27 KB (809273 bytes)
MD5: 33066b25e99516dd3c12f97fcc11b6c7
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%\JPO
Group: Malware file
Last Updated: May 1, 2013

%USERPROFILE%\dxosceyo.exe

File name: dxosceyo.exe
Size: 58.88 KB (58880 bytes)
MD5: b507aab4b5256b068efc52013cf85585
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%
Group: Malware file
Last Updated: April 11, 2020

%USERPROFILE%\dxwoec.exe

File name: dxwoec.exe
Size: 66.56 KB (66560 bytes)
MD5: f9d96815a863a36f8831a6593992b06e
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%
Group: Malware file
Last Updated: April 22, 2013

%USERPROFILE%\dxptzl.exe

File name: dxptzl.exe
Size: 44.54 KB (44544 bytes)
MD5: b4db2fd12f53214d7a5c554567d21b54
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%
Group: Malware file
Last Updated: May 1, 2013

%USERPROFILE%\dxeqvhcdg.exe

File name: dxeqvhcdg.exe
Size: 75.77 KB (75776 bytes)
MD5: 1cc42b371e3aafac62dea9a816519a9c
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%
Group: Malware file
Last Updated: May 1, 2013

%USERPROFILE%\dxabdv.exe

File name: dxabdv.exe
Size: 207.36 KB (207360 bytes)
MD5: 09fe7b078e2f2f201fa9f627bcfb88ba
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%
Group: Malware file
Last Updated: July 2, 2018

%ALLUSERSPROFILE%\Local Settings\Temp\msqezvlu.com

File name: msqezvlu.com
Size: 52.73 KB (52736 bytes)
MD5: d9984c9a1eb5deca2d6cd69036d86b95
Detection count: 5
File type: Command, executable file
Mime Type: unknown/com
Path: %ALLUSERSPROFILE%\Local Settings\Temp
Group: Malware file
Last Updated: May 13, 2013

%SystemDrive%\Users\<username>\Local Settings\Temp\msqfkevyf.pif

File name: msqfkevyf.pif
Size: 26.11 KB (26112 bytes)
MD5: 5e6089e20254b1cd080a6c0d27018392
Detection count: 1
Mime Type: unknown/pif
Path: %SystemDrive%\Users\<username>\Local Settings\Temp
Group: Malware file
Last Updated: April 8, 2013

More files