NEW BLOG POST: Windows Defender AV’s behavior monitoring coupled with cloud-powered machine learning models uncovered and blocked a massive Dofoil (Smoke Loader) coin mining campaign. Read the post
Alert level: Severe Detected with Windows Defender Antivirus
Also detected as: No associated aliases
Worm:Win32/Gamarue is a family of worms that belong to the Win32/Gamarue family. The Gamarue family may be distributed by exploit kits, spammed emails or other malware, and has been observed downloading other files and stealing information about your computer.
Worm variants of the Win32/Gamarue family may spread by infecting removable drives (such as USB drives or portable hard disks) that you have plugged into your computer. If you then plug those drives into another computer, the worm will infect that computer as well.
See our infographic to for a depiction of how a worm spreads by removable drives.
For more information on this family, see the Win32/Gamarue description.
On November 29, 2017, law enforcement agencies, in cooperation with Microsoft Digital Crimes Unit and with help from Windows Defender researchers, disrupted the Gamarue (also known as Andromeda). For more information: