Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Gamarue virus

  • Please log in to reply
2 replies to this topic

#1 Maltrandi


  • Members
  • 1 posts

Posted 30 October 2013 - 12:13 PM

My flash drive got infected with the Gamarue virus from someone's computer and I want to make sure that it hasn't spread to mine. How can I manually check for the infection? Please give me names of processes, registry entries etc. that it could have started. I have updated Microsoft security essentials but I want to be sure that the next drive I plug into my computer won't be infected.

Edited by hamluis, 30 October 2013 - 04:11 PM.
Moved from Win 7 to Am I Infected - Hamluis.

BC AdBot (Login to Remove)


#2 noknojon


  • Banned
  • 10,871 posts
  • Gender:Not Telling
  • Local time:02:49 AM

Posted 31 October 2013 - 10:09 PM

 I want to be sure that the next drive I plug into my computer won't be infected.

Hello -

Simple answer = Never plug another USB device into your computer ....... :whistle:


Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If a security program requests permission to access the Internet, allow it to do so.


But - We can check if yours is cleaned up now -


Please download and run RKill by Grinler. A black DOS box will briefly flash and then disappear.
This is normal and indicates the tool ran successfully.

Important: Do not reboot your computer until you complete the next step.

Please download AdwCleaner by Xplode and save to your Desktop.
* Double-click on AdwCleaner.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.
* Click on the Scan button. (only once)
* AdwCleaner will begin...be patient as the scan may take some time to complete.
* After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
* Click on the Clean button. (only once)
* Press OK when asked to close all programs and follow the onscreen prompts.
+ Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
* After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
* Copy and paste the contents of that logfile in your next reply.
* A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.



How To Temporarily Disable Your Anti-virus

Please download Junkware Removal Tool by thisisu to your desktop
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.



Please download Malwarebytes Anti-Malware Free (a.k.a MBAM)

Do Not accept the Free Trial Version at this time
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

If MBAM encounters a file that is difficult to remove,you will be presented with a prompt to Reboot and let MBAM proceed with the disinfection process, if asked to Restart the computer, please do so immediately.



Please scan your computer with ESET Online Scanner
Disable all active Antivirus and Antimalware programs
* Open Internet Explorer and hold down Control and click on This Link to open ESET OnlineScan in a new window.
* Click the ESET Online Scanner button.
* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- - Click on eset.exe to download the ESET Smart Installer. Save it to your desktop.
- - Double click on the  icon on your desktop.
* Check "YES, I accept the Terms of Use."
* Click the Start button.
* Accept any security warnings from your browser.
* Under scan settings, check "Scan Archives" and "Remove found threats"
* Click Advanced settings and select the following:
* Scan potentially unwanted applications
* Scan for potentially unsafe applications
* Enable Anti-Stealth technology

* ESET will then download updates for itself, install itself, and begin scanning your computer.
* Please be patient as this will take some time (first time scans are always longer).
* When the scan completes, click List Threats
* Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
* Click the Back button and then

* Click the Finish button.
NOTE:Sometimes if ESET finds no infections it will not create a log.
If you lose the log it can be found at C:\Program Files\ESET\EsetOnlineScanner\log.txt
If no infections are found then please tell me -


Thank You -

#3 TwinHeadedEagle


  • Security Colleague
  • 352 posts
  • Gender:Male
  • Location:Serbia
  • Local time:05:49 PM

Posted 03 November 2013 - 04:01 PM

Download MCShield to your desktop and install
It will initially run a scan and show the result as a toaster by the system clock
Then in the control centre select scanner and tick unhide items on flash drives
Plug in the drive and McShield will start a scan
Then get the log which will be here :
Start > all programs > MCShield > logs > all scans

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users