Also detected as:
Alerts from your security software may be the only symptom.
security software detects and removes this threat.
This threat is the spreading component of the Worm:Win32/Gamarue family of worms.
Find out ways that malware can get on your PC.
Use the following free Microsoft software to detect and remove this threat:
You should also run a full scan. A full scan might find hidden malware.
This threat tries to steal your sensitive and confidential information. If you think your information has been stolen, see:
You should change your passwords after you've removed this threat:
This threat might make lasting changes to your PC's settings that won't be restored when it's cleaned. The following links can help change these settings back to what you want:
This threat tries to use the Windows Autorun function to spread via removable drives, like USB flash drives. You can disable Autorun to prevent worms from spreading:
Remember to scan any removable or portable drives. If you have Microsoft security software, see this topic on our software help page:
You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.
If you’re using Windows XP, see our Windows XP end of support page.
Gamarue.O contains code that is loaded and run by Gamarue.N. It might have the file name desktop.ini.
When run, it connects to a server at thesecond.in. From there, it downloads a file that it saves as thumbs.db. This file is then decrypted and saved as C:\Temp\TrustedInstaller.exe, then run.
Note that desktop.ini and thumbs.db are both file names commonly used by clean files, and most PCs have files with these names that aren't necessarily malware.
You can learn more about the Worm:Win32/Gamarue family in the family description.
Analysis by Ray Roberts
Take these steps to help prevent infection on your PC.
I want to...
Note: Your feedback is important to us, however we do not respond to individual concerns through this channel.
If you require support, please visit the
Microsoft Answer Desk.
If you suspect that a file has been incorrectly identified as malware, you can submit the file for analysis.