1. /
  2. Security Response/
  3. W32.Gammima.AG


Risk Level 1: Very Low

August 27, 2007
August 27, 2007 11:08:32 AM
Also Known As:
Worm.Win32.AutoRun.bhx [Kaspersky], Trojan-PSW.Win32.OnLineGames.rlh [Kaspersky], Trojan-PSW.Win32.OnLineGames.sxa [Kaspersky]
Infection Length:
75,520 bytes
Systems Affected:
W32.Gammima.AG is a worm that spread by copying itself to removable media. It also steals passwords to various online games.

Note: Symantec strongly recommends that customers take specific steps to control the execution of applications referenced in autorun.inf files that may be located on removable and network drives. Threats such as this one frequently attempt to spread to other computers using these avenues. Configuration changes made to a computer can limit the possibility of new threats compromising it. For more information, see the following document:

How to prevent a virus from spreading using the "AutoRun" feature

Antivirus Protection Dates

  • Initial Rapid Release version August 26, 2007 revision 039
  • Latest Rapid Release version March 28, 2017 revision 017
  • Initial Daily Certified version August 27, 2007 revision 002
  • Latest Daily Certified version March 28, 2017 revision 019
  • Initial Weekly Certified release date August 29, 2007
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment


  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Easy


  • Damage Level: Low
  • Payload: Steals online gaming information from the compromised computer.


  • Distribution Level: Medium
  • Target of Infection: Spreads through local drives and removable storage devices.
Writeup By: Masaki Suenaga

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21