Good to know you solved it . You can send the logs here . Thanks
@Krysis, @gambla I've sent you PMs with some instructions . I look forward to the results. Thanks
Hello, One advice, to eliminate such FPs it's always recommended to do not use your machine during the scan. User should simply finish all...
Hello SystemJunkie I do not see anything suspicious in your crash dump ( see attached for details ). Maybe you could make crash dump...
PM me http://www.gmer.net/contact.php & I will send you something else to generate MEMORY.DMP
Try this ...
If it would be possible I'd like to see "Kernel Memory Dump" ( %SystemRoot%\MEMORY.DMP ) , go to "Setup and Recovery" -> "System failure" settings...
@SystemJunkie INT 0x00 ? F68A8B60 INT 0x01 ? F68A8B68 ... INT 0x03 ? F68A8B78 ... INT 0xFF ? F68A97B8 Where did you find it ?...
got it, thanks
If you cannot send me an email with your log, please save it into a file and attach here.
Please try nslookup & post results here Start -> Run -> cmd -> C:\>nslookup >gmer.net it should be: 204.152.184.145
@Rainwalker If you don't know how to interpret the log please send an email to info (at) gmer . net Thanks.
Hello It means that fltMgr.sys traces \FileSystem\Fastfat device. fltMgr.sys is "Microsoft Filesystem Filter Manager" so it should be...
... especially when you want to catch "legendary" rootkits :thumb: You are right, all this stuff ( including "modern" ARKs ) is little old...
It's just an advertising - the basic economic rule ;)
@fcukdat take a look at : i386.sys(2005) -> sysbus32.sys(2005/2006) -> msguard.sys(2006) -> lzx32.sys(2006/2007) and you will see the...
@EASTER.2010 Sorry about your problems but we already discussed your huge configuration which is the probably reason of the conflict. Just use...
Have you ever seen a "new" version or Mr PE386 mock at "us" :)
Hi Looks like "perfectly coded rootkit" dropped sophisticated SYSENTER hooking and came back to "old-school" SSDT hooks. SSDT...
Thanks SystemJunkie Looks like a problem with code sections scan in update.sys - I will check it. GMER from v. 12070 shows all...
@Someone Unfortunately I do not have time to test every ARK on the planet 8) It's better for us if more ARK will be developed, but many of...
@Zorra It's really good method, it works like a rubber/eraser. The whole content of the malware file is being destroyed, but only content not...
@EP_X0FF I have no idea who you are and why you are doing all this things ? Like others I think that your RKU is really great product . I...
Congrats ! Guys - KUTGW ! :thumb:
Zorra, you are reading my minds . Like I said before. There is much more room for such programs: RootkitRevealer, BlackLight, IceSword, ......
Separate names with a comma.