Test if your system is infected with Flamer, The latest threat on the Internet

Martin Brinkmann
May 30, 2012
Updated • May 30, 2012
Security, Software, Windows
|
13

You have probably already heard about Flamer, Flame or Flamy, as some antivirus companies call the malware. Flamer was only recently discovered, despite indicators that it has been spread on targeted systems at least since 2010. This alone highlights the danger of the tool, but that is not the only reason why some security companies call it the most sophisticated threat encountered on the Internet up to day.

Even if some experts disagree, it is definitely one of the most complex ones. If you compare the size of Flamer with Stuxnet, a related threat, you will notice that all of Flamer's modules have a size of about 20 Megabytes, while Stuxnet, which tool experts months to analyze, had only 500K of code. Not all of the 20 Megabytes are malware code on the other hand.

Kaspersky's Questions and Answers offers information about Flame, including how the malware spreads and infects computer systems. According to Kaspersky, Flame has two modules for infecting systems via USB sticks, but also the ability to replicate through local networks.

Flame has also only been identified on PC systems in several middle-eastern states including Iran, Israel, Palestine, Sudan, Syria, Lebanon, Saudi Arabia and Egypt. While it does not mean that PC systems in other countries are safe, it is highly probably that the malware has been designed for specific targets in the geographic region.

BitDefender has create a removal tool for the trojan that is detecting and removing Trojan.Flamer.A/B (that is how Bitdefender calls the malware). All you need to do is download the 32-bit or 64-bit version of the program from the BitDefender website, and run it afterwards on your system.

flamer removal tool

Just click the start scan button and wait for the scan to finish. The program is portable, and seems to automatically switch the interface language based on computer settings (excuse the German in the screenshot). It is definitely a good idea to run the tool once to make sure your computer is not infected by the malware. While unlikely, it is better to be safe than sorry. This is especially true if you are living in the middle eastern region.

 

Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. Denis said on June 12, 2012 at 9:14 am
    Reply

    Thanks Martin for the useful information.

    I just run a scan which turned negative. I had exchanged files with Egyptian friends and was very worried when I read about flamer virus. Your site is worth a gem!

  2. anonymous said on May 31, 2012 at 4:02 pm
    Reply

    thanks for informing us about this dangerous malware.

  3. RG said on May 30, 2012 at 9:31 pm
    Reply

    Thanks Martin.

    I think I have a pretty good idea what GrpConv is but wonder why running this tool registers GrpConv -o to run at startup

    1. ilev said on May 31, 2012 at 9:55 am
      Reply

      OMG, a Windows 3.1 application copied to Windows 7. No wonder Microsoft still fixes security bugs in Windows 7 dated to Windows 3.1. Microsoft’s skill in copy-and-paste never cease to amaze me.

  4. Jonathan said on May 30, 2012 at 8:36 pm
    Reply

    Martin, typo on the line with the link to the q+a, you misspelled Kaspersky.

    1. Zeus said on May 31, 2012 at 2:41 am
      Reply

      Talk about kaspersnickity!

    2. Martin Brinkmann said on May 30, 2012 at 8:47 pm
      Reply

      Thanks and corrected.

    3. Midnight said on May 30, 2012 at 8:44 pm
      Reply

      Hey? No big deal, Jonathan. It’s a difficult word to spell and besides, we all know what he meant to say! :)

  5. Midnight said on May 30, 2012 at 4:29 pm
    Reply

    Thanks for sharing this, Martin.
    Considering that Kaspersky was one of the first to discover this nasty threat, I’m surprised that they haven’t posted their scanner/removal tool as yet.

    No matter, I’ll run the BitDefender one and see what pops up! :)

  6. Anonymous said on May 30, 2012 at 4:00 pm
    Reply

    Thanks, scanning right now :)

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.