Gmer 1.0.15 (update)

Discussion in 'other anti-malware software' started by Meriadoc, Mar 6, 2009.

Thread Status:
Not open for further replies.
  1. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    The gmer ark has been updated. Thankyou gmer.
     
  2. jdd58

    jdd58 Registered Member

    Joined:
    Jan 30, 2008
    Posts:
    525
    Location:
    Arizona
    Is this tool worth running in real time? Does it run in realtime under Vista?
     
  3. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Check out that page,

    have a look at the examples.
     
  4. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Isn't Gmer an on-demand anti-rootkit scanner? Or am I missing something? :doubt:


    Thanks
     
  5. jdd58

    jdd58 Registered Member

    Joined:
    Jan 30, 2008
    Posts:
    525
    Location:
    Arizona
    I should have given more information or formed the question better. I have used gmer under Vista as a scanner, but I did not have the settings tab to check what I want monitored in realtime.

    Thank you.
     
  6. jdd58

    jdd58 Registered Member

    Joined:
    Jan 30, 2008
    Posts:
    525
    Location:
    Arizona
  7. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    FWIW I don't see any option to enable real time monitoring in Gmer.
    I thought it had that ability, but unless I'm missing something Gmer is a scanner only.
     
  8. jdd58

    jdd58 Registered Member

    Joined:
    Jan 30, 2008
    Posts:
    525
    Location:
    Arizona
    When gmer is first opened, next to the Rootkit/Malware tab is a tab with 3 arrows. Click on that tab then go to the settings tab. Aren't those checkboxes for realtime monitoring? I don't know for sure that's why I'm asking.
     
  9. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    If that's true, then it must have to be manually activated.
    No autostart option.
     
  10. jdd58

    jdd58 Registered Member

    Joined:
    Jan 30, 2008
    Posts:
    525
    Location:
    Arizona
    I think it loads a driver, C:\windows\system32\drivers\gmer.sys

    Is that only for the on demand scanner?
     
  11. Rules

    Rules Registered Member

    Joined:
    Mar 3, 2009
    Posts:
    532
    Location:
    Europa
    Hi,

    Is Gmer work on vista x64 ?

    Thanks

    Regards

    Rules.
     
  12. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    you probably wont need GMER or any rootkit scanner for vista 64.
     
  13. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    GMER (Latest Version) seems quicker and more responsive.

    Is anyone tested this yet on actual malware samples?

    EASTER
     
  14. Rules

    Rules Registered Member

    Joined:
    Mar 3, 2009
    Posts:
    532
    Location:
    Europa

    Hi firzen 771,

    Thanks for response, i know vista x64 don't need anti rookit detection, because he get native patchGuard.
    i just wondered:)


    Regards,
    Rules
    Vista Business x64 SP1-windows defender off-Uac off-ZA Pro 8.0.298.004, Avira Antivir Premium Resident 8.2.0.33, Prevx Edge x64 3.0.1.17 Resident.
     
  15. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    Very True

    But the percentages likely favor 32 bit systems still even though more users are finding better performance & benefits with 64 of which i tend to agree.

    However, in keeping with this topic, Gmer in much the same way as Ice Sword is allowed a substantial amount of time to pass unhindered, leaving users relying on the last versions virtually stalled, and reason for some excitement that it's finally being improved little by little.

    Listen or look folks, malwares continue circling the block day and night and sooner or later they find a hole, even if a pinhole to pierce thru, because any opening no matter how miniscule can be expanded and before one knows it, a cascade of newly designed malwares can flood into a system. All they need is one really good opening to encourage them to broaden the scope of their own horizons.

    Many newer rootkits have found the last version's weakness and hence in order to keep up, just like the AV/AS vendors, you either meet those new challenges or they threaten to undo everything that's was done in the first place to ward off and identify those techniques, and stand to watch the walls of that security crumble to pieces.

    So. yes, this is a very welcome update indeed,

    EASTER
     
  16. rolarocka

    rolarocka Guest

  17. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    The changelog on Gmer site doesn't indicate it.


    Likely the same one.
     
  18. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,299
    Location:
    South Wales, UK
    The change log may not but check out this page:

    http://www.gmer.net/files.php

    v1.0.15.14833 clearly noted as the latest release.

    :D
     
  19. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    Please check the MD5 file hashes:

    These are the results i find on both:

    FC05C88E595AFB0B1C2C0D9896FC2517

    FC05C88E595AFB0B1C2C0D9896FC2517
     
  20. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    This new version doesn't have a settings tab.
     
  21. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    That might explain jdd58's question about real-time monitoring in post # 8.
    I'm guessing that there is no real-time monitoring in the latest release.
     
  22. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    I've myself haven't used Gmer as an active monitoring app, but you can definitely make full use of protection with the AVZ Anti-Viral kit to accomplish that goal.
     
  23. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    It works on Vista 64 but in reduced mode but detects two hidden bluetooth entries, they are inaccessible in real must be a software specific thing.

    I made tests in the past and Gmer is much better then its commercial Aswar copy but there you have a signed driver.

    Not true, it detects restricted or hidden registry entries on Vista 64 maybe user mode rootkits too, didn´t test so far.
    You should keep in mind that Vista 64 uses security through obscurity feature nothing else,
    Gmer stated once that it is still vulnerable to other low level attacks.
    Not to forget that MS and their S Syndrome is always present as ai controlled global surveillance bot.
     
    Last edited: Mar 8, 2009
  24. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    I was wondering about that before I installed Drive Sentry. I have been using AVZ Antiviral Toolkit for on-demand scans. I haven't activated the Guard or monitoring driver in it. I see AVZ in a lot of member signatures here as an on-demand program.
    The only issue I notice with the scanner is an occasional f/p.
    At some point I may try using AVZ real-time.
     
  25. controler

    controler Guest

    Using Gmer & looking at process System PID 4

    C:\Documents and Settings\[UserName]\Local Settings\Temp\aujasnkj.sys

    Using Radix PID 4 shows red now with
    (85) PID: 4 [86FC49C8] (System)
    [*] The start address of thread 372 of process System (PID 4) doesn't point inside a process module.
    It points at address 86AB7790. This is suspicious. You can try to kill or suspend this thread.

    File is not visible with explorer. If this is a GMER sys file is it deleted right after creation? With Gmer GUI closed sys file still shows in Radix process thread but Radix shows it as a supd thread # 372

    Only viable Google shows it as a Gmer file

    http://www.threatexpert.com/report.aspx?md5=fc05c88e595afb0b1c2c0d9896fc2517

    What's with this file?
     
Loading...
Thread Status:
Not open for further replies.