Win32/Gamarue
Posted: April 12, 2012
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 2/10 |
---|---|
Infected PCs: | 21 |
First Seen: | April 12, 2012 |
---|---|
OS(es) Affected: | Windows |
Gamarue is a backdoor Trojan that allows criminals to have a dangerous level of access to your PC. Gamarue's functions can include installing other malware, changing your system settings and stealing system information that can be exploited in future attacks. SpywareRemove.com malware researchers have seen Gamarue being distributed in multiple ways, but the most recent of Gamarue's attacks appear to use spam e-mail messages that pretend to be booking reservations for high-class European hotels. Recognizing and deleting Gamarue's e-mail spam is the best way to keep your PC safe, but if you do find your computer infected by Gamarue, anti-malware software should be used to delete Gamarue harmlessly.
Gamarue: Reserving Your Place in Line for Malware Attacks
Gamarue or Andromeda has been known to use varied templates for its e-mail spam and, in some cases, even drive-by-download kits like the Blackhole Exploit Kit. In general, anti-malware programs should be used to analyze any file attachment from a suspicious source and protect your browser in the event of contact with hostile sites. However, SpywareRemove.com malware experts have been able to identify some of the most current Gamarue attacks, which begin with fake hotel reservations.
These hotel reservations, sent through e-mail, are designed to look as though they're sent by Brenners Park-Hotel and Spa and similar high-class resorts, although the location may be incorrect (current templates list Brenners Park's location, incorrectly, as Austria rather than Germany). However, the biggest clue to the reservation's fraudulence should be the request to open an attached ZIP file, which SpywareRemove.com malware experts have found to be one of the most well-used infection vectors for malware.
Opening the archive will launch a temporary Trojan dropper, BKDR_ANDROM.P, that's designed to install Gamarue and then delete itself to avoid detection. There aren't symptoms associated with Gamarue Gamarue's presence – not even a visible memory process (since Gamarue infects itself into an unrelated system process).
What's Waiting for You at Your Stay in Gamarue Hotel
Gamarue includes a parcel of standard backdoor Trojan-related features, along with a module-based expansion feature that allows other functions to be added onto Gamarue by its criminal users. While some variants of Gamarue may display features besides the ones noted below, SpywareRemove.com malware analysts warn against the following attacks in particular:
- Gamarue may establish connections to up to six C&C servers that allow criminals to have access to your PC.
- System information (such as your operating system type) may be transmitted by Gamarue to the aforementioned C&C servers.
- Gamarue may download and install other malware.
- Perhaps most significantly as far as SpywareRemove.com malware experts are concerned, Gamarue has shown capabilities for Registry-altering behavior, which can allow Gamarue to disable other programs or change your security settings in negative ways.
The top victimized countries of Gamarue's last spam e-mail run include Germany, Australia, Singapore and Italy (listed in order of quantity of attacks). However, SpywareRemove.com malware experts note that Gamarue can run on PCs in other regions and is a danger to Windows versions from XP up to Windows 7 – both 32-bit and 64-bit versions.
Due to the usage of encryption, code injection and other defenses in a typical Gamarue infection, removing Gamarue should use suitably advanced anti-malware programs.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%SystemRoot%\system32\wuauclt.exe
File name: %SystemRoot%\system32\wuauclt.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
%SystemRoot%\system32\svchost.exe
File name: %SystemRoot%\system32\svchost.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.