When you run a scan for Root Kits with gmer will all hidden entries be identified as hidden? I certainly would love to know how to use gmer to it's fullest. The same holds true for SSM.

http://spyware-free.us/2006/07/gmer_07.html ;)

Thank you for that link. I have 2 computers and have downloaded gmer on both. It does different on both. On my older computer XP Home the scan produced a long list. On the new XP Pro it seems to have scanned everything but the list produced was short. Also I can't click on Show All on either computer.

@WilliamP

Check your other thread:
http://www.wilderssecurity.com/showthread.php?t=155941

Email gmer he is very helpful.

-{ Quote: "When you run a scan for Root Kits with gmer will all hidden entries be identified as hidden? I certainly would love to know how to use gmer to it's fullest. " }-

@WilliamP

GMER marks as rootkits only hidden processes, modules, services or files.

All other stuff like SSDT, IRP, IDT, inline hooks may be usefull to catch malware that doesn’t hide anything.

Example: Rustock.B

Hidden: NTFS Stream (ADS) + Module + Service

SYSENTER hook to cheat registry.
IoCallDriver hook to hide NTFS Stream.
tcpip.sys + wanarp.sys inline hooks to bypass firewall.

GMER 1.0.12.11883 - http://www.gmer.net
Rootkit scan 2006-11-06 12:51:38
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SYSENTER ? F89F1FAF

Code F89F0A5E pIofCallDriver

---- Kernel code sections - GMER 1.0.12 ----

.text ntoskrnl.exe!Kei386EoiHelper + 1269 804D8DF0 3 Bytes
.text tcpip.sys!IPTransmit + 4279 FAC00CFA 6 Bytes CALL F89F3D60
.text tcpip.sys!IPTransmit + 9433 FAC0211C 6 Bytes CALL F89F3D60
.text tcpip.sys!IPTransmit + 18018 FAC042A5 6 Bytes CALL F89F3D60
.text wanarp.sys FC6A03FD 7 Bytes CALL F89F3D6A

---- Modules - GMER 1.0.12 ----

Module (noname) (*** hidden *** ) F89ED000

---- Services - GMER 1.0.12 ----

Service D:\WINDOWS\system32:lzx32.sys (*** hidden *** ) [SYSTEM] pe386 <-- ROOTKIT !!!

---- Files - GMER 1.0.12 ----

ADS D:\WINDOWS\system32:lzx32.sys <-- ROOTKIT !!!

---- EOF - GMER 1.0.12 ----

-{ Quote: "
Also I can't click on Show All on either computer.
" }-

This option is disabled because making such log doesn't make sense.
"Show All" option is useful when you want to create log of services, processes or other

To show all services tick only "Services" + Show all.

I hope it helps.

Regards

Thank you GMER for your reply. I have read what I could find about gmer. Would you please confirm this for me. As I understand ,when you double click on the icon and gmer opens ,it checks for hidden items and will display them. Thank you for your help.

-{ Quote: "As I understand ,when you double click on the icon and gmer opens ,it checks for hidden items and will display them. " }-
Just after start GMER checks only for hidden processes + servicess + libraries.
To find hidden files, modules, registry keys or inline hooks you have to start full scan .

Thank you for your help. Also I found out the reason for the two different size scans on my two computers. My older computer is connected wireless. A bunch of entries for the wireless shows up.