The gmer ark (http://www.gmer.net/files.php) has been updated. Thankyou gmer.
-{ Quote: "
- Changed installation method
- Improved files scanning
- Improved kernel & user mode code sections scanning " }-

Is this tool worth running in real time? Does it run in realtime under Vista?

Check out that page,

have a look at the examples.
-{ Quote: "GMER runs only on Windows NT/W2K/XP/VISTA" }-

-{ Quote: "Is this tool worth running in real time? Does it run in realtime under Vista?" }-

Isn't Gmer an on-demand anti-rootkit scanner? Or am I missing something? :doubt:


Thanks

I should have given more information or formed the question better. I have used gmer under Vista as a scanner, but I did not have the settings tab to check what I want monitored in realtime.

Thank you.

This is the post that prompted me to investigate gmer's realtime ability.

http://www.wilderssecurity.com/showthread.php?t=233560

FWIW I don't see any option to enable real time monitoring in Gmer.
I thought it had that ability, but unless I'm missing something Gmer is a scanner only.

When gmer is first opened, next to the Rootkit/Malware tab is a tab with 3 arrows. Click on that tab then go to the settings tab. Aren't those checkboxes for realtime monitoring? I don't know for sure that's why I'm asking.

If that's true, then it must have to be manually activated.
No autostart option.

I think it loads a driver, C:\windows\system32\drivers\gmer.sys

Is that only for the on demand scanner?

Hi,

Is Gmer work on vista x64 ?

Thanks

Regards

Rules.

-{ Quote: "Hi,

Is Gmer work on vista x64 ?

Thanks

Regards

Rules." }-

you probably wont need GMER or any rootkit scanner for vista 64.

GMER (Latest Version) seems quicker and more responsive.

Is anyone tested this yet on actual malware samples?

EASTER

-{ Quote: "you probably wont need GMER or any rootkit scanner for vista 64." }-


Hi firzen 771,

Thanks for response, i know vista x64 don't need anti rookit detection, because he get native patchGuard.
i just wondered:)


Regards,
Rules
Vista Business x64 SP1-windows defender off-Uac off-ZA Pro 8.0.298.004, Avira Antivir Premium Resident 8.2.0.33, Prevx Edge x64 3.0.1.17 Resident.

Very True

But the percentages likely favor 32 bit systems still even though more users are finding better performance & benefits with 64 of which i tend to agree.

However, in keeping with this topic, Gmer in much the same way as Ice Sword is allowed a substantial amount of time to pass unhindered, leaving users relying on the last versions virtually stalled, and reason for some excitement that it's finally being improved little by little.

Listen or look folks, malwares continue circling the block day and night and sooner or later they find a hole, even if a pinhole to pierce thru, because any opening no matter how miniscule can be expanded and before one knows it, a cascade of newly designed malwares can flood into a system. All they need is one really good opening to encourage them to broaden the scope of their own horizons.

Many newer rootkits have found the last version's weakness and hence in order to keep up, just like the AV/AS vendors, you either meet those new challenges or they threaten to undo everything that's was done in the first place to ward off and identify those techniques, and stand to watch the walls of that security crumble to pieces.

So. yes, this is a very welcome update indeed,

EASTER

New one out again GMER 1.0.15.14833
http://www.majorgeeks.com/GMER_d5198.html

-{ Quote: "New one out again GMER 1.0.15.14833
http://www.majorgeeks.com/GMER_d5198.html" }-

The changelog on Gmer site doesn't indicate it.

-{ Quote: "1.0.15
- Changed installation method
- Improved files scanning
- Improved kernel & user mode code sections scanning " }-


Likely the same one.

-{ Quote: "The changelog on Gmer site doesn't indicate it.

Likely the same one." }-

The change log may not but check out this page:

http://www.gmer.net/files.php

v1.0.15.14833 clearly noted as the latest release.

;D

Please check the MD5 file hashes:

These are the results i find on both:

FC05C88E595AFB0B1C2C0D9896FC2517

FC05C88E595AFB0B1C2C0D9896FC2517

This new version doesn't have a settings tab.

-{ Quote: "This new version doesn't have a settings tab." }-

That might explain jdd58's question about real-time monitoring in post # 8.
I'm guessing that there is no real-time monitoring in the latest release.

I've myself haven't used Gmer as an active monitoring app, but you can definitely make full use of protection with the AVZ Anti-Viral kit to accomplish that goal.

-{ Quote: "Is this tool worth running in real time? Does it run in realtime under Vista?" }-
-{ Quote: "Is Gmer work on vista x64 ?" }-
It works on Vista 64 but in reduced mode but detects two hidden bluetooth entries, they are inaccessible in real must be a software specific thing.

I made tests in the past and Gmer is much better then its commercial Aswar copy but there you have a signed driver.

-{ Quote: "you probably wont need GMER or any rootkit scanner for vista 64." }-
Not true, it detects restricted or hidden registry entries on Vista 64 maybe user mode rootkits too, didn´t test so far.
You should keep in mind that Vista 64 uses security through obscurity feature nothing else,
Gmer stated once that it is still vulnerable to other low level attacks.
Not to forget that MS and their S Syndrome is always present as ai controlled global surveillance bot.

-{ Quote: "I've myself haven't used Gmer as an active monitoring app, but you can definitely make full use of protection with the AVZ Anti-Viral kit to accomplish that goal." }-

I was wondering about that before I installed Drive Sentry. I have been using AVZ Antiviral Toolkit for on-demand scans. I haven't activated the Guard or monitoring driver in it. I see AVZ in a lot of member signatures here as an on-demand program.
The only issue I notice with the scanner is an occasional f/p.
At some point I may try using AVZ real-time.

Using Gmer & looking at process System PID 4

C:\Documents and Settings\[UserName]\Local Settings\Temp\aujasnkj.sys

Using Radix PID 4 shows red now with
(85) PID: 4 [86FC49C8] (System)
The start address of thread 372 of process System (PID 4) doesn't point inside a process module.
It points at address 86AB7790. This is suspicious. You can try to kill or suspend this thread.

File is not visible with explorer. If this is a GMER sys file is it deleted right after creation? With Gmer GUI closed sys file still shows in Radix process thread but Radix shows it as a supd thread # 372

Only viable Google shows it as a Gmer file

http://www.threatexpert.com/report.aspx?md5=fc05c88e595afb0b1c2c0d9896fc2517

What's with this file?

fcukdat posted ver.1.0.15.14878 : sysinternls (http://forum.sysinternals.com/forum_posts.asp?TID=18128&PID=91641#91641)

-{ Quote: "I was wondering about that before I installed Drive Sentry. I have been using AVZ Antiviral Toolkit for on-demand scans. I haven't activated the Guard or monitoring driver in it. I see AVZ in a lot of member signatures here as an on-demand program.
The only issue I notice with the scanner is an occasional f/p.
At some point I may try using AVZ real-time." }-

It was actually this AVZ which pointed out vulnerabilities that i hadn't even addressed yet, in both unneeded Services and restrictanonymous settings at LSA and a few more which encouraged me to close down additional ports that were open.

Like Gmer, we're fortunate to have a small detector on this order that can root up to the surface for us these certain display items that require attention.

EASTER