Monday, April 1, 2013

New Worm on the Loose in Iloilo... 2013

201304021414

There's a new Windows malware spreading around in computers in Iloilo. I don't know the extent, but here in San Joaquin, it's becoming more prevalent, which is another reason to use genuine operating systems and software, AND to have a non-administrative account - or better yet - a guest account, which is the lowest level and most secure Windows account, as the default account - for any Windows installation.

The infected host PC copies the malware into a removable drive and moves folders and files in the root of a removable into a folder with a drive icon and hides the folder. It also creates a shortcut to the new folder on the root of the folder, and adds a file named ~WYDCNU.FAT32 to the root of the drive. I don't know the exact order and the other things the worm does, but like many other worm varieties which hide folders and files, once the removable drive is inserted into a clean Windows PC using an administrative account, the program is copied into at least one folder which is in the %SYSTEM% path, or some similar folder so that subsequent uninfected portable drives plugged into the new system will catch the worm and go on to infect some other poor hapless chap's clean PC... and it goes on and on.

It's been identified by Avira as 'WORM/Gamarue.nouem'... my apologies it's not cropped. I'm lazy right now....



It's been identified by Avira as 'WORM/Gamarue.nouem'... my apologies it's not cropped. I'm lazy right now....

Recommendations to remove this virus from your computer would be a clean installation.

After a clean installation, or if it is certain that the computer is not infected, in order to prevent the likelihood of an infection, or at least minimize the chances:

  1. Create a guest account
    • Press Windows orb
    • Type cmd
    • Type control userpasswords 2
    • Check Users must enter a user name and password to use this computer.
    • Click Add...
    • Click Next...
    • Type a password
    • Select Other option button
    • Click Guest
    • Click Finish
  2. If there are several users sharing the use of the computer, make this new guest account default
    • Return to the command line
    • Type control userpasswords2
    • Check Users must enter a user name and password to use this computer if it is not checked
    • Click on the designated Guest account under Users for this computer
    • Uncheck Users must enter a user name and password to use this computer
    • Click OK or Apply
    • Type the password you assigned to the Guest user
    • Click OK
    • Whenever the computer boots, it will automatically log in to this account.


Here are more details about the virus at PCThreat (http://www.pcthreat.com/parasitebyid-20702en.html), including how to remove it if you don't wish to perform a clean install



\

201304021419