Kaspersky detects Worm.Win32.AutoRun.gmem on my computer but it doesn’t help to get rid of it. Is it a dangerous virus? I read some posts online saying the virus can corrupt files and programs. Does it mean I am going to lose everything on my computer? Oh my god!!! I’m not good at computer and I have no idea where I should begin to remove it. Please help!!!!
Worm.Win32.AutoRun.gmem is classified as a high-risk worm which is commonly spread via email attachments and infected websites nowadays. It will attach the file containing the malware to a mail and then spam hundreds or even thousands of people so unwary people may encounter this virus immediately after opening a spam email or performing some unsafe activities online, such as visiting suspicious web sites or downloading free programs from unknown sources. Once it gains an access, it can prevent the firewall from working properly and then look for opportunities in the background to download other malicious infections into the computer. Now this Worm is known to attack Windows computer like Windows XP, Windows Vista, Windows 7 or Windows 8 or even crash a server. It is very aggressive and capable of blocking most the security tools. Each time you tried to get rid of the virus, antivirus will become unresponsive or give you an error instead. Sometimes, the virus keeps recurring even though the last scan said your computer was already clean. It is definitely a pain if your computer has been infected by Worm.Win32.AutoRun.gmem virus.
The longer this Worm resides on your computer, the harder it gets for you to completely get rid of this virus. It will consume much CPU usage so that the computer user will need to take a long time to run programs and load web pages. Also the worm can replicate itself and install several malevolent files and programs to the PC in order to reduce your system performance. Everything on the computer will be slow like a snail. In addition, the virus is able to open a backdoor process to let the hijacker invade the infected PC for malicious purpose like stealing the information and data. Considering the virus endangers the privacy of computer users that should be removed as soon as possible.
It can bypass the legit security tools and destroy your computer secretly.
It prevents you from opening some application because the files are corrupted.
It can make your browser redirected to all kinds of malicious websites.
It is able to allow remote hacker access the compromised system for illicit purpose.
From malicious drive-by-download scripts from corrupted porn and shareware / freeware websites.
Through spam email attachments, media downloads and social networks.
When clicking suspicious pop-ups or malicious links.
Open unknown email or download media files that contain the activation code of the virus.
Note: No matter how the virus accesses your PC, users should know that there are no tools can remove this pesky Trojan automatically at this moment, it is suggested users not spend much time in downloading or paying any security software which claims can delete this stubborn virus. It is totally useless. To completely get rid of Worm.Win32.AutoRun.gmem, professional manual guide is needed.
Currently many computer users had the same experience that this virus couldn’t be removed by any anti-virus applications. So the manual approach is always required to combat this virus. And here is the step-by-step removal guide for all computer users.
1. End the malicious process from Task Manager.
Once Worm.Win32.AutoRun.gmem virus is installed, computer user may notice that CPU usage randomly jumps to 100 percent. At any time Windows always has many running processes. A process is an individual task that the computer runs. In general, the more processes, the more work the computer has to do and the slower it will run. If your system’s CPU spike is constant and remain at a constant 90-95%, users should check from Task Manager and see if there is a suspicious process occupying system resources and then end it immediately.
(The name of the virus process can be random.)
Press Ctrl+Shift+Esc to quickly bring up Task Manager Window:
2. Show hidden files and folders.
Open Folder Options by clicking the Start button, clicking Control Panel, clicking Appearance and Personalization, and then clicking Folder Options.
Click the View tab.
Under Advanced settings, click Show hidden files and folders, uncheck Hide protected operating system files (Recommended) and then click OK.
3. Open Registry entries. Find out the malicious files and entries and then delete all.
Attention: Always be sure to back up your PC before making any changes.
a. Press Windows key + R to open Run box. In the “Open” field, type “regedit” and click the “OK” button.
Then a Registry Editor window will pop up as the following picture shows:
b. Search malicious files and registry entries and then remove all of them:
%AllUsersProfile%\[random]
%AppData%\Roaming\Microsoft\Windows\Templates\[random]
%AllUsersProfile%\Application Data\.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\[random]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Temp
Worm.Win32.AutoRun.gmem is a severe threat that makes the infected PC full of security bugs to help the remote attack of many other threats. It usually infiltrates into the compromised PC system without a user’s knowledge and permission. Once inside a system, it can drop down other files through network exploits which causes your PC in great danger. What’s worse, this dangerous virus has the capability to record and send computer users’ confidential information, for instance, credit card, login numbers, etc to a remote hacker. It is highly recommended to remove Worm.Win32.AutoRun.gmem quickly to secure your computer.
Note: If you are not knowledgeable enough to be able to distinguish the location of this virus, or you are afraid of making mistake during the manual removal, please contact experts from Yoocare Online Tech Support for further help.
Published by & last updated on August 2, 2014 1:57 am
Leave a Reply
You must be logged in to post a comment.