YES! Still HOT!

Here: http://www.gmer.net/index.php

New GMER is caused by ROOTKIT activity !!!:thumb:

Yours PRO - GMER

I been a fierce critic of GMER all along before because it was so unstable for my systems (all of them), and the best i was ever able to muster was an alert or two pointing to potential discrepencies and the like.

This version on the other hand is encouraging and finally runs very well for me anyway.

So Kudos to GMER for updating and keeping watch on changes needed to uncover increasingly hard to pinpoint rootkits and hiders.

EASTER

Is this program safe for a novice to use or would it be nec to be able to look at what the program has found and decide if its OK to let it remove the identified targets?

-{ Quote: "Is this program safe for a novice to use or would it be nec to be able to look at what the program has found and decide if its OK to let it remove the identified targets?" }-

In a word for you, YES! But please read into the posts about it and take their experiences with it into consideration in order to better acquaint yourself to the results it produces and ask questions right here in this forum to draw a comfortable conclusion in how to intererpret it's finds.

You will receive experienced opinions on what to watch out for and they will guide you to better understanding of it's security functions.


EASTER

-{ Quote: "Is this program safe for a novice to use or would it be nec to be able to look at what the program has found and decide if its OK to let it remove the identified targets?" }-

No. No anti-rootkit tool should ever be used by novices. You can easily make your machine unbootable.

Mrk

Hi Easter your an expert on using this stuff,like ask to which you recommend a stable and no worries utility usefull for us novices. ;)

-{ Quote: "Hi Easter your an expert on using this stuff,like ask to which you recommend a stable and no worries utility usefull for us novices. ;)" }-

It is indeed a somewhat technical apparatus, what i failed to mention is that any novice is completely safe using it to see the results for themselves, which is 100% safe, It's highly recommended however that a novice submit it's findings to an expert forum better learned in just how to interpret those results.

Perhaps Mrkvonic was panicked by my simple answer, but the point is, it's OK to run a scan with it, just be sure to display the returns "FIRST!" in a well-known forum where security technicians familiar with the details can guide you on what direction is best suited for particular actions IF needed, and also they can better on-sight confirm whether or not a real concern exists or not.

What he was pressing at is that if you (being a novice) took it on yourself to begin cancelling items detected, the risk is real that damage could render your PC unusable.

I hope i made it all clear that time for everyone involved.

EASTER

BEFORE download of the latest GMER,

Look to BRILLANT post of GamingMasteR, first Page in Sysinternals thread here: http://forum.sysinternals.com/forum_posts.asp?TID=18128

PROROOTECT

-{ Quote: " EASTER: I been a fierce critic of GMER all along before because it was so unstable for my systems (all of them)," }-

Is this program stable?
I just downloaded the GMER file to my desktop as per in PROROOTECT thread above and ran it.
The program open and begun running.
In the middle of the process I've got a window saying the PC has encountered an error and need to close.
I activated it once again and got a immediately a "Blue Screen" (like a flash of BSOD) and my PC rebooted.
My PC is running normally.
I removed the icon from the desktop

Please any advise?

-{ Quote: "Is this program stable?
I just downloaded the GMER file to my desktop as per in PROROOTECT thread above and ran it.
The program open and begun running.
In the middle of the process I've got a window saying the PC has encountered an error and need to close.
I activated it once again and got a immediately a "Blue Screen" (like a flash of BSOD) and my PC rebooted.
My PC is running normally.
I removed the icon from the desktop

Please any advise?" }-

ok

Gmer is compatible for the most part with other security apps, however you might try to temporarily disable them while your internet connection is cut and see if you still experience that issue.

Another thing, what platform are you running Gmer on too will be of help for us to better pin down what might could cause your system instability when running it.

It's a reasonably versatile ARK so that information might prove helpful.

EASTER

I would consider using Gmer similar to using a registry cleaner in one regard:
Running a scan is harmless. You have to be careful what you do with the items found.

Attention, please,

To be able to download the new version, you do NOT need uninstall GMER the previous version!

Yes, this previous version has tab Settings = possibility of Real Time protection. And file gmer.dll is NOT deletable in Normal Mode - this is his defense antirootkit.

If you have deleted this gmer.dll and now it has become deletable in Normal Mode, then you made Restore of Windows:argh: with your recent Restore Point, like me, and everything will be OK.

Now I have two versions of GMER. Previous version defend myself in a Real Time because I have ticked all boxes in the Settings.

This new version is that the scanner on demand.

But I think, than dear Sir Gmerek soon we will offer these settings in a new edition ...*puppy*

PRO Real Time:thumb:

-{ Quote: "ok

Gmer is compatible for the most part with other security apps, however you might try to temporarily disable them while your internet connection is cut and see if you still experience that issue.

Another thing, what platform are you running Gmer on too will be of help for us to better pin down what might could cause your system instability when running it.

It's a reasonably versatile ARK so that information might prove helpful.

EASTER" }-


I tried running it on my desktop PC. I'am using Windows XP Pro SP3, with AV NOD 32 and Malwarebites-AntiMalware

-{ Quote: "The Tester: Running a scan is harmless. You have to be careful what you do with the items found." }-

I tried running it only to ensure my PC is rootkit free

-{ Quote: "No. No anti-rootkit tool should ever be used by novices. You can easily make your machine unbootable.

Mrk" }-

I'd disagree.

Although it depends very much on what program you use and how much money/time you're willing to spend. And regarding the 'unbootable' thing, if you're prepared to reformat your system that's not much of an issue.

Maybe not suitable for the TRUE novice, but they aren't all that dangerous.

I once had a positive experience (at the time knowing much less about security and the Windows OS) with Sophos' anti-rootkit software. Actually, in that case no malware was detected, but the tool determined that the OS had become corrupted. For as far as I recall, I decided to reformat.

McAfee's anti-rootkit software (older version ?) on the other hand, was not suitable at all. It detected some things in the kernel (?), probably from other security software or a corrupted OS.

But I agree, you have to be cautious and recognize the risk. Personally, I'd rather restore an image. Too bad that most people don't know about imaging systems. Except for those being in the computer security business. :D

Anyway, if you have found a rootkit on your system you should seriously consider reformatting your harddrive or restoring an image. If you're infected with something serious you just can't be sure your machine is clean if you don't reformat or restore a clean image.

Now speaking for myself i wouldn't be as hastey in reformatting should a rootkit of any sort become evident, because they can be extracted safely including their hidden support files. Hence my reference to take your results before a reliable security forum that deals with such matters every day. Anyway, just a simple format might not be enough depending on the severity of damage (if any) that the particular find might been designed to carry out on a windows system.

The reason for my confidence in this is that i have both deliberately infected my machines before and ALLOWED infiltration from a known exploit site with rootkits bundled with a virus and found the rootkit item far easier to extract then suffering the severe damage that a destructive file infector virus has done in the past.

Now in that case, it was too risky to just remove the virus and it's supporting parties since it inserted malicious code into PE files. I had to clean what was cleanable with NOD32 and move those away then not just format, but partition WIPE thoroughly, "then" reformat and install again.

EASTER

EASTER

since I cannot scan my PC using GMER program as I mentioned above, can you recommend me another equivalent program (for rootkit) I can use to scan my PC?

I am using Malwarebites-Antimalware and SuperAntispyware (free)

Thanks

If I am not mistaken, Avast uses GMER as well probably licensed from them. So far haven't noticed any instability on any x32 installs of Avast. The anti rootkit is probably disabled in the x64 install.

-{ Quote: "EASTER

since I cannot scan my PC using GMER program as I mentioned above, can you recommend me another equivalent program (for rootkit) I can use to scan my PC?

I am using Malwarebites-Antimalware and SuperAntispyware (free)

Thanks" }-

Well then, 3 others come to mind. Theres RADIX ARK, ROOTREPEAL, AND KERNEL DETECTIVE. One or more of these should run stable but no guarantee. If one should puke, try another. I have before.

There may be others i've missed i'm sure but members here can bring those up for you.

Hope that helps

EASTER

Behind GMER ( with Settings Tab ), for me, is especially: Kernel Detective, KX-Ray, Radix Antirootkit; also SysProt Antirootit, RKDetector, RootRepeal.

For me ...

EASTER Thanks for your time.

I downloaded Radix and Sophos Antirootkit programs.

1. I ran first Radix. During the scan I looked at the files displayed in the upper panel (I am not such a PC savvy) and found nothing which seems suspicious.
Note: I understand that if an item (file, registry key, etc) need some special attention it is marked in red. Is it correct?

2. I ran Sophos (free program). Found "No Hidden files"

Where is it possible to found a Guide/User Manual for Radix?

3. See this link for info.
http://www.windowsreference.com/security/list-of-free-anti-rootkitrootkit-detection-software-for-windows/

Thanks

Your new Series: GMER!

Today: GMER 1.0.15.14939.

Gooood!



*puppy*

When it comes to the possibility that a nasty rootkit just might have found it's way into your system, it's absolutely IMPERATIVE to make use of several ARK's because they (malware makers) are very keen aware of them and readjust their programmings to blind most common ARK's.

One thing is certain though, they haven't yet overtook all of them.

EASTER

The Latest Version of our GMER v1.0.15.14944 released into the wild!

Tiny and light-weight software, but strength and intelligence of an elephant!

Yes, his weight: 279 Kb only; for ur memory - gmer.exe v1.0.14.14536: 792 KB!

Congratulations to Mr. Gmerek!:thumb:

Gratulacje dla Pana Gmerek!:argh:


Yours PROROOTECT International Edition.:thumb:

-{ Quote: "
Yes, his weight: 279 Kb only; for ur memory - gmer.exe v1.0.14.14536: 792 KB!
" }-

GMER has been on a diet! :P Thanks for the info :).

-{ Quote: "GMER has been on a diet! :P Thanks for the info :)." }-

I been a former pretty harsh critic in the past of Gmer due in part of my impatience i think. Early versions were nothing short of total distortions and tabs were always non-responsive for me so i never could get any type of a decent read from it.

I am pleasantly pleased now however how so much better Gmer is greatly improved along with stability and almost mystified of this great turnaround in this project.

EASTER

Your GMER this week: v1.0.15.14966. :thumb:

-{ Quote: "Is this program safe for a novice to use or would it be nec to be able to look at what the program has found and decide if its OK to let it remove the identified targets?" }-

I've just downloaded. This works brilliantly, no crashes, etc (unlike the previous version!). I'm no expert at all, I just googled anything I wasn't sure about.
Its worth giving it a go.

For your MBR rootkit - the latest version of mbr.exe STILL HOT (Today, April 15th, 2009): http://www2.gmer.net/mbr/

To detect and remove LATEST variant of MBR rootkit please use this v0.3.1; link at the bottom of the page.

Bravo, Mister Gmerek!:thumb:


Yours PROROOTECT

-{ Quote: "For your MBR rootkit - the latest version of mbr.exe STILL HOT (Today, April 15th, 2009): http://www2.gmer.net/mbr/

To detect and remove LATEST variant of MBR rootkit please use this v0.3.1; link at the bottom of the page.

Bravo, Mister Gmerek!:thumb:


Yours PROROOTECT" }-

Excellent!

You been spot on with these vital apps someone is going to be in dire need of sooner or later.

8) THE PROROOTECT LEGACY LIVES! 8)

I ran GMER after a fresh install, doing the Windows update and just installing a few applications.

GMER gave me some entries, but because the system was just installed I wanted to know if these are probably from the AV Avira I have installed?

http://img27.imageshack.us/img27/4151/74237265.jpg

THANKS

Already DasFox, 11 beautiful antirootkit SSDT hooks from AVIRA v9, which defend your Windows!

Your - and my - antirootkit defense.

Yours PROROOTECT:thumb:

-{ Quote: "Already DasFox, 11 beautiful antirootkit SSDT hooks from AVIRA v9, which defend your Windows!

Your - and my - antirootkit defense.

Yours PROROOTECT:thumb:" }-

That's what I was thinking this is from Avira.

How is Avira for rootkit detection?

THANKS

DasFox STILL HOT!:argh:

Avira = trustworthy + efficiency!

I have no rootkits, but some antirootkits top flight. See my signature, please ...

Good Night for you, PROROOTECT:thumb:

Thank you, PROROOTECT!
-{ Quote: "Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.1 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK" }-

Our GMER this week: v1.0.15.14972: http://www.gmer.net/files.php

Download on your direction - and delete previous version.

That's all.