Gmer couldn't terminate a Process

[Ranget]

hi i was running Gmer just for fun on one off my offline machine x64 bit win 7
i found a notepad.exe process hidden

so before Doing anything i tried all other x64 Rootkit scanner Didn't find anything
hidden this process also was hidden to all Process manger

Process explorer , Kill switch and the normal task manager

so i tried tuminating the process via Gmer and a massage appeard "0xffffff"

is this a bug or should i investigate more

[3x0gR13N]

gmer isn't 64bit compatible, so funky stuff will happen on 64bit.

[Ranget]

So just keep my eyes closed and my finger crossed that i don't have a Rootkit ??

[treehouse786]

Quote:

Originally Posted by Ranget

So just keep my eyes closed and my finger crossed that i don't have a Rootkit ??

if your worried then just run a few scans with antimalware boot disks. see my sig for recommendations.

[Ranget]

i don't think antimalware Boot disk will detect anything
as far as i know they Run on Signature scanning

if the Rootkit is not known by the company it won't be detected by
those disk

but i think it won't hurt to try

[treehouse786]

Quote:

Originally Posted by Ranget

i don't think antimalware Boot disk will detect anything
as far as i know they Run on Signature scanning

if the Rootkit is not known by the company it won't be detected by
those disk

but i think it won't hurt to try

a rootkit is not a rootkit when windows is not running because it cant hide itself at all from scanning engines (when scanned from a boot disk) so they are there for the taking. .

if your still paranoid after the boot disk scans then contact a specialist forum like majorgeeks

[TheKid7]

Using Xboot, I periodically make a bootable AntiMalware DVD which contains:

1. Kaspersky Rescue Disk 10
2. Dr.Web LiveCD
3. Avira Rescue System CD
4. Bitdefender Rescue CD

The DVD also contains numerous Linux OS's, MemTest86+, etc.

This DVD is easy and convenient to use.

[Ranget]

it's an offline machine But if it's a bug i don't need the extra Work

anyway what is an 0xffffffff error

[kupo]

You can also ask for help here -http://www.techguy.org/
And I've read this quote there.

Quote:

If you have a 64 bit computer do not download or run Gmer as it is not designed to work on a 64 bit system (no currently available rootkit scanner is) so will not give any useful information.

[Ranget]

when i found the process i run another scanner
that will analyse what in the memory and found the process

so Gmer isn't False i think it's some kind of a Logger anyway i could terminate it nor do anything else so i will wait and see if any automated program would
detect it

[Ranget]

the Hidden Process now is with a Different name

and it's not detected by any of the x64 Rootkit scanners

Gmer,truex64,tdsskiller,Sophos,sanitycheck

could it be something like Bios Rootkit or hypervisor rootkit

[Cutting_Edgetech]

Have you tried running Combofix to see if it finds anything? Its great, but use it with caution. If you use it incorrectly it can cause your machine to become inoperable so if your not sure something is safe to remove then visit mybleepingcomputer. They will assist you. Also, Malwarebytes is capable of finding rootkits. I have removed rootkits from machines using Malwarebytes so I know it detects them. You could also try running Hitman Pro just to see if it finds any other type of threats. Usually when I find a rootkit on someones machine it is accompanied with other nasties. You may also try UnHackMe. I believe its specifically for rootkits. I have never tried it so I don't know how good it is, but I have been curious about its capabilities / performance. Now may be a good time to put it to the test, but I do not know how safe it is to use. -http://www.greatis.com/unhackme/ GMER is one of my preferred apps for rootkits, but you have already taken that route. I also like Kaspersky, and Bitdefender rescue disk. For free expert help to verify you are infected, and removal assistance visit mybleeping computer, and read this thread -http://www.bleepingcomputer.com/forums/topic182397.html You may even further your education there from this experience.

[Cutting_Edgetech]

BTW.. there use to be a thread here at Wilders with a list of experts that can a assist you. I wasn't able to locate it so i'm not sure if it still exist.

[Ranget]

thanks but i heard that unhackme has nothing new

i'm not going to use ComboFix nor CCE i have a Bad history with them
btw Combofix uses Gmer engine