GMER Issues

Discussion in 'malware problems & news' started by ronm90, Oct 12, 2006.

Thread Status:
Not open for further replies.
  1. ronm90

    ronm90 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    1
    Location:
    Honolulu, Hawaii
    Hi all,

    I am using a Toshiba Satellite 1905 Series laptop and running windows XP Home SP-2 with IE 7 browser. I ran Hijackthis and posted the log in another forum. The results of the log revealed I had a RootKit Virus. I was given instructions to remove it with GMER. I ran GMER and it found three hidden files highlighted in red. Gmer scanned for about 30 minutes then it has stayed on this file:

    RegistryUsers\lotsofnumbers\Microsoft\software\windows\shellnoroamer\bagmru/2/1/1.

    Gmer has been stuck on this file for over hours. The file flickers as if it is being scanned but goes no further. When I click OK it tells me GMER is still scanning. I used MRU Blaster and deleted over 600 MRU files. I ran GMER again and the scan stayed on this file again. Nobody in that other forum has addressed this problem, may be you can.

    Should I just let GMER continue to scan or stop it and remove the Rootkit virus as per the instructions given me? Or do I need to make some adjustments or delete a registry file and restart the scan? I would appreciate your help so I can continue to remove this virus. Thanks in advance.
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi ronm90,

    If you restart GMER to do a new scan you will see a few options on the right hand side.
    Uncheck "Registry"

    Let the person helping you, know that you unchecked this option when you post the results though. It may be important, depending on which rootkit you were diagnosed with.

    Once you have started the scan do not change any options, certainly not select the "Show all" checkbox.

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.