Test if your system is infected with Flamer, The latest threat on the Internet - gHacks Tech News

Test if your system is infected with Flamer, The latest threat on the Internet

You have probably already heard about Flamer, Flame or Flamy, as some antivirus companies call the malware. Flamer was only recently discovered, despite indicators that it has been spread on targeted systems at least since 2010. This alone highlights the danger of the tool, but that is not the only reason why some security companies call it the most sophisticated threat encountered on the Internet up to day.

Even if some experts disagree, it is definitely one of the most complex ones. If you compare the size of Flamer with Stuxnet, a related threat, you will notice that all of Flamer's modules have a size of about 20 Megabytes, while Stuxnet, which tool experts months to analyze, had only 500K of code. Not all of the 20 Megabytes are malware code on the other hand.

Kaspersky's Questions and Answers offers information about Flame, including how the malware spreads and infects computer systems. According to Kaspersky, Flame has two modules for infecting systems via USB sticks, but also the ability to replicate through local networks.

Flame has also only been identified on PC systems in several middle-eastern states including Iran, Israel, Palestine, Sudan, Syria, Lebanon, Saudi Arabia and Egypt. While it does not mean that PC systems in other countries are safe, it is highly probably that the malware has been designed for specific targets in the geographic region.

BitDefender has create a removal tool for the trojan that is detecting and removing Trojan.Flamer.A/B (that is how Bitdefender calls the malware). All you need to do is download the 32-bit or 64-bit version of the program from the BitDefender website, and run it afterwards on your system.

flamer removal tool

Just click the start scan button and wait for the scan to finish. The program is portable, and seems to automatically switch the interface language based on computer settings (excuse the German in the screenshot). It is definitely a good idea to run the tool once to make sure your computer is not infected by the malware. While unlikely, it is better to be safe than sorry. This is especially true if you are living in the middle eastern region.



We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:

Previous Post: «
Next Post: »


  1. Anonymous said on May 30, 2012 at 4:00 pm

    Thanks, scanning right now :)

  2. Midnight said on May 30, 2012 at 4:29 pm

    Thanks for sharing this, Martin.
    Considering that Kaspersky was one of the first to discover this nasty threat, I’m surprised that they haven’t posted their scanner/removal tool as yet.

    No matter, I’ll run the BitDefender one and see what pops up! :)

  3. Jonathan said on May 30, 2012 at 8:36 pm

    Martin, typo on the line with the link to the q+a, you misspelled Kaspersky.

    1. Midnight said on May 30, 2012 at 8:44 pm

      Hey? No big deal, Jonathan. It’s a difficult word to spell and besides, we all know what he meant to say! :)

    2. Martin Brinkmann said on May 30, 2012 at 8:47 pm

      Thanks and corrected.

    3. Zeus said on May 31, 2012 at 2:41 am

      Talk about kaspersnickity!

  4. RG said on May 30, 2012 at 9:31 pm

    Thanks Martin.

    I think I have a pretty good idea what GrpConv is but wonder why running this tool registers GrpConv -o to run at startup

    1. ilev said on May 31, 2012 at 9:55 am

      OMG, a Windows 3.1 application copied to Windows 7. No wonder Microsoft still fixes security bugs in Windows 7 dated to Windows 3.1. Microsoft’s skill in copy-and-paste never cease to amaze me.

  5. anonymous said on May 31, 2012 at 4:02 pm

    thanks for informing us about this dangerous malware.

  6. Denis said on June 12, 2012 at 9:14 am

    Thanks Martin for the useful information.

    I just run a scan which turned negative. I had exchanged files with Egyptian friends and was very worried when I read about flamer virus. Your site is worth a gem!

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.