deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-15 10:23:37 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Updates

Browse Source
This commit is contained in:
Beth Levin
2018-07-31 10:27:52 -07:00
parent 7640a38b4b
commit cba4e4d0d7
4 changed files with 47 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
windows/security/intelligence/worms-malware.md
View File

@ -21,11 +21,11 @@ Worms represent a large category of malware. Different worms use different metho
Jenxcus (also known as Dunihi), Gamarue (also known as Androm), and Bondat have consistently remained at the top of the list of malware that infect users running Microsoft security software. Although these worms share some commonalities, it is interesting to note that they also have distinct characteristics.
Jenxcus has capabilities of not only infecting removable drives but can also act as a backdoor that connects back to its server. This threat typically gets into a PC from a drive-by download attack, meaning it's installed when users just visit a compromised webpage.
* **Jenxcus** has capabilities of not only infecting removable drives but can also act as a backdoor that connects back to its server. This threat typically gets into a PC from a drive-by download attack, meaning it's installed when users just visit a compromised webpage.
Gamarue typically arrives through spam campaigns, exploits, downloaders, social networking sites, and removable drives. When Gamarue infects a PC, it becomes a distribution channel for other malware. Weve seen it distribute other malware such as infostealers, spammers, clickers, downloaders, and rogues.
* **Gamarue** typically arrives through spam campaigns, exploits, downloaders, social networking sites, and removable drives. When Gamarue infects a PC, it becomes a distribution channel for other malware. Weve seen it distribute other malware such as infostealers, spammers, clickers, downloaders, and rogues.
Bondat typically arrives through fictitious Nullsoft Sciptable Install System (NSIS) Java installers and removable drives. When Bondat infects a system, it gathers information about the machine such as PC name, Globally Unique Identifier (GUID), and OS build. It then sends that information to a remote server.
* **Bondat** typically arrives through fictitious Nullsoft Sciptable Install System (NSIS) Java installers and removable drives. When Bondat infects a system, it gathers information about the machine such as PC name, Globally Unique Identifier (GUID), and OS build. It then sends that information to a remote server.
Both Bondat and Gamarue have clever ways of obscuring themselves to evade detection. By hiding what they are doing on your PC they try to avoid detection by your security software.
@ -37,10 +37,10 @@ This image shows how a worm can quickly spread through a shared USB drive.
## How to protect against worms
Use the following free Microsoft software to detect and remove it:
Enable [Windows Defender AV](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) in Windows 10. It provides real-time protection against threats and detects and removes known unwanted software.
* Windows Defender for Windows 10, and Windows 8.1
Download [Microsoft Security Essentials](https://www.microsoft.com/download/details.aspx?id=5201) for real-time protection in Windows 7 or Windows Vista.
* Microsoft Safety Scanner for Windows 7 and Windows Vista
In case threat removal is unsuccessful, read about [troubleshooting malware detection and removal problems](https://www.microsoft.com/wdsi/help/troubleshooting-infection).
You should also run a full scan find other, hidden malware. If you still can't remove it, visit our advanced troubleshooting page for more help.
For more general tips, see [prevent malware infection](prevent-malware-infection.md).