Search Solo Products, Services and others Overview of the Site Design and Build a Career Contact us for customer service and other feedback info SRN Micro Privacy Statement



Virus Name  : Worm.Win32/Gamarue.B

Alias             : Win32:Konar [Trj], Worm.Win32.Gamarue!IK, W32/Trojan3.DAJ, W32/Kryptik.CQW!tr, Win32:Konar , Artemis!E716BEF8827E, Downloader.Dromedan, Mal/FakeAV-OQ, WORM_GAMARUE.B

Virus type    : Worm

Threat level : Medium

Virus details :

                  Gamarue.b worm is a network worm and it is spammed via e-mail in a Zip file USPS (20.6 KB)

The infected mail message body is given below.


Unfortunately we failed to deliver the postal package you have sent on the 19th of September in time because the recipient's address is erroneous.

Please print out the shipment label attached and collect the package at our office.

United States Postal Service

The infected message subject will be "USPS Delivery Failure Notification" and from address will be "U.S Postal Service"

                  When the infected e-mail attachment USPS Report.exe within the ZIP file is executed, it copies to %TEMP%\<8 hexadecimal characters>.com folder (example: C:\Windows\temp) and modifies the registry HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run to load automatically on next startup.

                     Gamarue.b worm spreads by copying itself to removable storage devices like pen drives. It also drops several copies of itself in the infected system and network drives. Additionally it attempts to place autorun.inf in the root directory. So that infected file will be executed next time when the drive is accessed.

                     Gamarue worm creates the file diskrun.exe in the removable drive like pen drive and creates <Pen Drive Root>\autorun.inf to load automatically. It is also known as Win32:Konar [Trj], Worm.Win32.Gamarue!IK, W32/Trojan3.DAJ, W32/Kryptik.CQW!tr, Win32:Konar, Artemis!E716BEF8827E, Downloader.Dromedan, Mal/FakeAV-OQ, WORM_GAMARUE.B.

How can I protect my system?

                   Solo has incorporated Gamarue.b worm in its signature file to protect users from this worm attack. Make sure that you have installed registered version of Solo Antivirus to protect your system from all virus threats. 

How to remove this worm?

                   Solo antivirus can detect and remove Gamarue worm and its variants safely. Use the following link to Download 30 day trial version of Solo antivirus to remove viruses from your computer.

                   Solo anti-virus not only scans for all viruses, it contains a unique System Integrity Checker to protect you from New Internet Worms, Backdoors and malicious VB, Java Scripts. It also effectively removes all existing Internet Worms, File viruses, malicious VB, Java scripts, Trojans, Backdoors, boot sector, partition table and macro viruses.

You can purchase Solo antivirus using the link