Gmer couldn't terminate a Process

Discussion in 'malware problems & news' started by Ranget, Apr 13, 2012.

Thread Status:
Not open for further replies.
  1. Ranget
    Offline

    Ranget Registered Member

    hi i was running Gmer just for fun on one off my offline machine x64 bit win 7
    i found a notepad.exe process hidden

    so before Doing anything i tried all other x64 Rootkit scanner Didn't find anything
    hidden this process also was hidden to all Process manger

    Process explorer , Kill switch and the normal task manager

    so i tried tuminating the process via Gmer and a massage appeard "0xffffff"

    is this a bug or should i investigate more
  2. 3x0gR13N
    Offline

    3x0gR13N Registered Member

    gmer isn't 64bit compatible, so funky stuff will happen on 64bit.
  3. Ranget
    Offline

    Ranget Registered Member

    So just keep my eyes closed and my finger crossed that i don't have a Rootkit ??
  4. treehouse786
    Offline

    treehouse786 Registered Member

    if your worried then just run a few scans with antimalware boot disks. see my sig for recommendations.
  5. Ranget
    Offline

    Ranget Registered Member

    i don't think antimalware Boot disk will detect anything
    as far as i know they Run on Signature scanning

    if the Rootkit is not known by the company it won't be detected by
    those disk

    but i think it won't hurt to try
  6. treehouse786
    Offline

    treehouse786 Registered Member

    a rootkit is not a rootkit when windows is not running because it cant hide itself at all from scanning engines (when scanned from a boot disk) so they are there for the taking. :) .

    if your still paranoid after the boot disk scans then contact a specialist forum like majorgeeks
  7. TheKid7
    Offline

    TheKid7 Registered Member

    Using Xboot, I periodically make a bootable AntiMalware DVD which contains:

    1. Kaspersky Rescue Disk 10
    2. Dr.Web LiveCD
    3. Avira Rescue System CD
    4. Bitdefender Rescue CD

    The DVD also contains numerous Linux OS's, MemTest86+, etc.

    This DVD is easy and convenient to use.
  8. Ranget
    Offline

    Ranget Registered Member

    it's an offline machine But if it's a bug i don't need the extra Work

    anyway what is an 0xffffffff error o_O
  9. kupo
    Offline

    kupo Registered Member

    You can also ask for help here -http://www.techguy.org/
    And I've read this quote there.
  10. Ranget
    Offline

    Ranget Registered Member

    when i found the process i run another scanner
    that will analyse what in the memory and found the process

    so Gmer isn't False i think it's some kind of a Logger anyway i could terminate it nor do anything else so i will wait and see if any automated program would
    detect it
  11. Ranget
    Offline

    Ranget Registered Member

    the Hidden Process now is with a Different name

    and it's not detected by any of the x64 Rootkit scanners

    Gmer,truex64,tdsskiller,Sophos,sanitycheck

    could it be something like Bios Rootkit or hypervisor rootkit o_O
  12. Cutting_Edgetech
    Offline

    Cutting_Edgetech Registered Member

    Have you tried running Combofix to see if it finds anything? Its great, but use it with caution. If you use it incorrectly it can cause your machine to become inoperable so if your not sure something is safe to remove then visit mybleepingcomputer. They will assist you. Also, Malwarebytes is capable of finding rootkits. I have removed rootkits from machines using Malwarebytes so I know it detects them. You could also try running Hitman Pro just to see if it finds any other type of threats. Usually when I find a rootkit on someones machine it is accompanied with other nasties. You may also try UnHackMe. I believe its specifically for rootkits. I have never tried it so I don't know how good it is, but I have been curious about its capabilities / performance. Now may be a good time to put it to the test, but I do not know how safe it is to use. -http://www.greatis.com/unhackme/ GMER is one of my preferred apps for rootkits, but you have already taken that route. I also like Kaspersky, and Bitdefender rescue disk. For free expert help to verify you are infected, and removal assistance visit mybleeping computer, and read this thread -http://www.bleepingcomputer.com/forums/topic182397.html You may even further your education there from this experience.
    Last edited: May 16, 2012
  13. Cutting_Edgetech
    Offline

    Cutting_Edgetech Registered Member

    BTW.. there use to be a thread here at Wilders with a list of experts that can a assist you. I wasn't able to locate it so i'm not sure if it still exist.
  14. Ranget
    Offline

    Ranget Registered Member

    thanks but i heard that unhackme has nothing new

    i'm not going to use ComboFix nor CCE i have a Bad history with them
    btw Combofix uses Gmer engine
Thread Status:
Not open for further replies.