www.belgium.be Logo of the federal government
Document

What is Gamarue/Andromeda?

Gamarue, sometimes referred to as Andromeda, is a malware family on windows that created a worldwide network of infected computers called the Andromeda botnet. Its main functionality was to download and install other malware on the infected system. In 2017 the FBI together with the European authorities were able to dismantle the Command & Control servers managing the infrastructure of this botnet. However, computers are still being infected with Gamarue/Andromeda as not all endpoints haven’t been cleaned up.

How can I identify the infected device?

Most modern antivirus software can detect if a device has been infected with Gamarue/Andromeda.

How can I remove Gamarue/Andromeda?

As Gamarue/Andromeda has been heavily researched, most modern antivirus are able to remove all its components. As such to remove the malware:

  • Perform a full virus scan of the infected system
  • Quarantine any threats found
  • Reboot the system to complete the removal process