Discussion in 'other anti-malware software' started by Meriadoc, Mar 6, 2009.
The gmer ark has been updated. Thankyou gmer.
Is this tool worth running in real time? Does it run in realtime under Vista?
Check out that page,
have a look at the examples.
Isn't Gmer an on-demand anti-rootkit scanner? Or am I missing something?
I should have given more information or formed the question better. I have used gmer under Vista as a scanner, but I did not have the settings tab to check what I want monitored in realtime.
This is the post that prompted me to investigate gmer's realtime ability.
FWIW I don't see any option to enable real time monitoring in Gmer.
I thought it had that ability, but unless I'm missing something Gmer is a scanner only.
When gmer is first opened, next to the Rootkit/Malware tab is a tab with 3 arrows. Click on that tab then go to the settings tab. Aren't those checkboxes for realtime monitoring? I don't know for sure that's why I'm asking.
If that's true, then it must have to be manually activated.
No autostart option.
I think it loads a driver, C:\windows\system32\drivers\gmer.sys
Is that only for the on demand scanner?
Is Gmer work on vista x64 ?
you probably wont need GMER or any rootkit scanner for vista 64.
GMER (Latest Version) seems quicker and more responsive.
Is anyone tested this yet on actual malware samples?
Hi firzen 771,
Thanks for response, i know vista x64 don't need anti rookit detection, because he get native patchGuard.
i just wondered
Vista Business x64 SP1-windows defender off-Uac off-ZA Pro 8.0.298.004, Avira Antivir Premium Resident 220.127.116.11, Prevx Edge x64 18.104.22.168 Resident.
But the percentages likely favor 32 bit systems still even though more users are finding better performance & benefits with 64 of which i tend to agree.
However, in keeping with this topic, Gmer in much the same way as Ice Sword is allowed a substantial amount of time to pass unhindered, leaving users relying on the last versions virtually stalled, and reason for some excitement that it's finally being improved little by little.
Listen or look folks, malwares continue circling the block day and night and sooner or later they find a hole, even if a pinhole to pierce thru, because any opening no matter how miniscule can be expanded and before one knows it, a cascade of newly designed malwares can flood into a system. All they need is one really good opening to encourage them to broaden the scope of their own horizons.
Many newer rootkits have found the last version's weakness and hence in order to keep up, just like the AV/AS vendors, you either meet those new challenges or they threaten to undo everything that's was done in the first place to ward off and identify those techniques, and stand to watch the walls of that security crumble to pieces.
So. yes, this is a very welcome update indeed,
New one out again GMER 22.214.171.12433
The changelog on Gmer site doesn't indicate it.
Likely the same one.
The change log may not but check out this page:
v126.96.36.19933 clearly noted as the latest release.
Please check the MD5 file hashes:
These are the results i find on both:
This new version doesn't have a settings tab.
That might explain jdd58's question about real-time monitoring in post # 8.
I'm guessing that there is no real-time monitoring in the latest release.
I've myself haven't used Gmer as an active monitoring app, but you can definitely make full use of protection with the AVZ Anti-Viral kit to accomplish that goal.
It works on Vista 64 but in reduced mode but detects two hidden bluetooth entries, they are inaccessible in real must be a software specific thing.
I made tests in the past and Gmer is much better then its commercial Aswar copy but there you have a signed driver.
Not true, it detects restricted or hidden registry entries on Vista 64 maybe user mode rootkits too, didn´t test so far.
You should keep in mind that Vista 64 uses security through obscurity feature nothing else,
Gmer stated once that it is still vulnerable to other low level attacks.
Not to forget that MS and their S Syndrome is always present as ai controlled global surveillance bot.
I was wondering about that before I installed Drive Sentry. I have been using AVZ Antiviral Toolkit for on-demand scans. I haven't activated the Guard or monitoring driver in it. I see AVZ in a lot of member signatures here as an on-demand program.
The only issue I notice with the scanner is an occasional f/p.
At some point I may try using AVZ real-time.
Using Gmer & looking at process System PID 4
C:\Documents and Settings\[UserName]\Local Settings\Temp\aujasnkj.sys
Using Radix PID 4 shows red now with
(85) PID: 4 [86FC49C8] (System)
[*] The start address of thread 372 of process System (PID 4) doesn't point inside a process module.
It points at address 86AB7790. This is suspicious. You can try to kill or suspend this thread.
File is not visible with explorer. If this is a GMER sys file is it deleted right after creation? With Gmer GUI closed sys file still shows in Radix process thread but Radix shows it as a supd thread # 372
Only viable Google shows it as a Gmer file
What's with this file?
Separate names with a comma.