Gmer couldn't terminate a Process

Discussion in 'malware problems & news' started by Ranget, Apr 13, 2012.

Thread Status:
Not open for further replies.
  1. Ranget

    Ranget Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    846
    Location:
    Not Really Sure :/
    hi i was running Gmer just for fun on one off my offline machine x64 bit win 7
    i found a notepad.exe process hidden

    so before Doing anything i tried all other x64 Rootkit scanner Didn't find anything
    hidden this process also was hidden to all Process manger

    Process explorer , Kill switch and the normal task manager

    so i tried tuminating the process via Gmer and a massage appeard "0xffffff"

    is this a bug or should i investigate more
     
  2. 3x0gR13N

    3x0gR13N Registered Member

    Joined:
    May 1, 2008
    Posts:
    849
    gmer isn't 64bit compatible, so funky stuff will happen on 64bit.
     
  3. Ranget

    Ranget Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    846
    Location:
    Not Really Sure :/
    So just keep my eyes closed and my finger crossed that i don't have a Rootkit ??
     
  4. treehouse786

    treehouse786 Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    1,411
    Location:
    Lancashire
    if your worried then just run a few scans with antimalware boot disks. see my sig for recommendations.
     
  5. Ranget

    Ranget Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    846
    Location:
    Not Really Sure :/
    i don't think antimalware Boot disk will detect anything
    as far as i know they Run on Signature scanning

    if the Rootkit is not known by the company it won't be detected by
    those disk

    but i think it won't hurt to try
     
  6. treehouse786

    treehouse786 Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    1,411
    Location:
    Lancashire
    a rootkit is not a rootkit when windows is not running because it cant hide itself at all from scanning engines (when scanned from a boot disk) so they are there for the taking. :) .

    if your still paranoid after the boot disk scans then contact a specialist forum like majorgeeks
     
  7. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,571
    Using Xboot, I periodically make a bootable AntiMalware DVD which contains:

    1. Kaspersky Rescue Disk 10
    2. Dr.Web LiveCD
    3. Avira Rescue System CD
    4. Bitdefender Rescue CD

    The DVD also contains numerous Linux OS's, MemTest86+, etc.

    This DVD is easy and convenient to use.
     
  8. Ranget

    Ranget Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    846
    Location:
    Not Really Sure :/
    it's an offline machine But if it's a bug i don't need the extra Work

    anyway what is an 0xffffffff error o_O
     
  9. kupo

    kupo Registered Member

    Joined:
    Jan 25, 2011
    Posts:
    1,121
    You can also ask for help here -http://www.techguy.org/
    And I've read this quote there.
     
  10. Ranget

    Ranget Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    846
    Location:
    Not Really Sure :/
    when i found the process i run another scanner
    that will analyse what in the memory and found the process

    so Gmer isn't False i think it's some kind of a Logger anyway i could terminate it nor do anything else so i will wait and see if any automated program would
    detect it
     
  11. Ranget

    Ranget Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    846
    Location:
    Not Really Sure :/
    the Hidden Process now is with a Different name

    and it's not detected by any of the x64 Rootkit scanners

    Gmer,truex64,tdsskiller,Sophos,sanitycheck

    could it be something like Bios Rootkit or hypervisor rootkit o_O
     
  12. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    Have you tried running Combofix to see if it finds anything? Its great, but use it with caution. If you use it incorrectly it can cause your machine to become inoperable so if your not sure something is safe to remove then visit mybleepingcomputer. They will assist you. Also, Malwarebytes is capable of finding rootkits. I have removed rootkits from machines using Malwarebytes so I know it detects them. You could also try running Hitman Pro just to see if it finds any other type of threats. Usually when I find a rootkit on someones machine it is accompanied with other nasties. You may also try UnHackMe. I believe its specifically for rootkits. I have never tried it so I don't know how good it is, but I have been curious about its capabilities / performance. Now may be a good time to put it to the test, but I do not know how safe it is to use. -http://www.greatis.com/unhackme/ GMER is one of my preferred apps for rootkits, but you have already taken that route. I also like Kaspersky, and Bitdefender rescue disk. For free expert help to verify you are infected, and removal assistance visit mybleeping computer, and read this thread -http://www.bleepingcomputer.com/forums/topic182397.html You may even further your education there from this experience.
     
    Last edited: May 16, 2012
  13. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    BTW.. there use to be a thread here at Wilders with a list of experts that can a assist you. I wasn't able to locate it so i'm not sure if it still exist.
     
  14. Ranget

    Ranget Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    846
    Location:
    Not Really Sure :/
    thanks but i heard that unhackme has nothing new

    i'm not going to use ComboFix nor CCE i have a Bad history with them
    btw Combofix uses Gmer engine
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.