Good to know you solved it .
You can send the logs here .
I've sent you PMs with some instructions . I look forward to the results.
One advice, to eliminate such FPs it's always recommended to do not use your machine during the scan. User should simply finish all...
I do not see anything suspicious in your crash dump ( see attached for details ).
Maybe you could make crash dump...
PM me http://www.gmer.net/contact.php & I will send you something else to generate MEMORY.DMP
Try this ...
If it would be possible I'd like to see "Kernel Memory Dump" ( %SystemRoot%\MEMORY.DMP ) , go to "Setup and Recovery" -> "System failure" settings...
INT 0x00 ? F68A8B60
INT 0x01 ? F68A8B68
INT 0x03 ? F68A8B78
INT 0xFF ? F68A97B8
Where did you find it ?...
got it, thanks
If you cannot send me an email with your log, please save it into a file and attach here.
Please try nslookup & post results here
Start -> Run -> cmd ->
it should be: 126.96.36.199
If you don't know how to interpret the log please send an email to info (at) gmer . net
It means that fltMgr.sys traces \FileSystem\Fastfat device.
fltMgr.sys is "Microsoft Filesystem Filter Manager" so it should be...
... especially when you want to catch "legendary" rootkits :thumb:
You are right, all this stuff ( including "modern" ARKs ) is little old...
It's just an advertising - the basic economic rule ;)
take a look at :
i386.sys(2005) -> sysbus32.sys(2005/2006) -> msguard.sys(2006) -> lzx32.sys(2006/2007)
and you will see the...
Sorry about your problems but we already discussed your huge configuration which is the probably reason of the conflict. Just use...
Have you ever seen a "new" version or Mr PE386 mock at "us" :)
Looks like "perfectly coded rootkit" dropped sophisticated SYSENTER hooking and came back to "old-school" SSDT hooks.
Looks like a problem with code sections scan in update.sys - I will check it.
GMER from v. 12070 shows all...
Unfortunately I do not have time to test every ARK on the planet 8)
It's better for us if more ARK will be developed, but many of...
It's really good method, it works like a rubber/eraser. The whole content of the malware file is being destroyed, but only content not...
I have no idea who you are and why you are doing all this things ?
Like others I think that your RKU is really great product .
Congrats ! Guys - KUTGW ! :thumb:
Zorra, you are reading my minds .
Like I said before. There is much more room for such programs: RootkitRevealer, BlackLight, IceSword, ......
Separate names with a comma.