Published Apr 02, 2012 | Updated Dec 04, 2017


Severe |Detected with Windows Defender Antivirus

Aliases: No associated aliases


Windows Defender Antivirus detects and removes this threat.

This family can give a malicious hacker control of your PC. The malware can also steal your sensitive information and change your PC security settings.malware

We've seen them installed by kits and other malware. They can also be attached to spam emails.exploit

Some variants of this family are and can spread by infecting removable drives (such as flash drives or portable hard disks). If you plug those drives into another , the worm will infect that as well. See for more information.wormsWorm:Win32/GamarueUSBPCPC

On November 29, 2017, law enforcement agencies, in cooperation with Microsoft Digital Crimes Unit and with help from Windows Defender researchers, disrupted the Gamarue (also known as Andromeda). For more information:

Microsoft teams up with law enforcement and other partners to disrupt Gamarue (Andromeda)

Use the following free  software to detect and remove this threat:Microsoft

You should also run a full scan. A full scan might find hidden malware.

This threat tries to steal your sensitive and confidential information. If you think your information has been stolen, see:

You should change your passwords after you've removed this threat:

This threat might make lasting changes to your 's settings that won't be restored when it's cleaned. The following links can help change these settings back to what you want:PC

This threat tries to use the function to spread via removable drives, like flash drives. You can disable to prevent worms from spreading:Windows AutorunUSBAutorun

Remember to scan any removable or portable drives. If you have Microsoft security software, see this topic on our software help page:

Use cloud protection to help guard against the latest malware threats. It’s turned on by default for Microsoft Security Essentials and Windows Defender Antivirus for Windows 10. 

Go to and make sure that your settings is turned .Settings > Update & security > Windows Defender > Windows Defender Security Center > Virus & threat protectionCloud-based ProtectionOn

You can also visit our  or search the for more help.advanced troubleshooting pageMicrosoft virus and malware community

Protect your sensitive information
Additional remediation instructions for this threat
Disable Autorun
Scan removable drives
Use cloud protection
Get more help
Follow us