Aliases: No associated aliases
Worm:Win32/Gamarue is a family of worms that belong to the Win32/Gamarue family. The Gamarue family may be distributed by exploit kits, spammed emails or other malware, and has been observed downloading other files and stealing information about your computer.
Worm variants of the Win32/Gamarue family may spread by infecting removable drives (such as USB drives or portable hard disks) that you have plugged into your computer. If you then plug those drives into another computer, the worm will infect that computer as well.
See our infographic to for a depiction of how a worm spreads by removable drives.
For more information on this family, see the Win32/Gamarue description.
On November 29, 2017, law enforcement agencies, in cooperation with Microsoft Digital Crimes Unit and with help from Windows Defender researchers, disrupted the Gamarue (also known as Andromeda). For more information:
Use the following free Microsoft software to detect and remove this threat:
- Windows Defender Antivirus for Windows 10 and Windows 8.1, or Microsoft Security Essentials for Windows 7 and Windows Vista
- Microsoft Safety Scanner
- Microsoft Windows Malicious Software Removal Tool
You should also run a full scan. A full scan might find hidden malware.
This threat tries to use the Windows Autorun function to spread via removable drives, like USB flash drives. You can disable Autorun to prevent worms from spreading:
Scan removable drives
Remember to scan any removable or portable drives. If you have Microsoft security software, see this topic on our software help page:
Use cloud protection
Use cloud protection to help guard against the latest malware threats. It’s turned on by default for Microsoft Security Essentials and Windows Defender Antivirus for Windows 10.
Go to Settings > Update & security > Windows Defender > Windows Defender Security Center > Virus & threat protection and make sure that your Cloud-based Protection settings is turned On.