Gmer....newish rootkit detector ?

Discussion in 'other anti-trojan software' started by Longboard, Jun 16, 2006.

Thread Status:
Not open for further replies.
  1. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
  2. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Re: ?newish rootkit detector

    Yep....gmer drops in from time to time ;)
     
  3. gmer

    gmer Developer

    Joined:
    May 8, 2006
    Posts:
    86
    Re: ?newish rootkit detector

    @Bubba I'm always here ;)
     
  4. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    Re: ?newish rootkit detector

    @bubba so I see: keeping peoples on toes!

    @gmer: how about testing some fo your rootkits with BOClean ?

    Anybody have an experience with resource load or conflicts with the monitoring function of GMER?
     

    Attached Files:

    Last edited: Jun 16, 2006
  5. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Re: ?newish rootkit detector

    Hi gmer.

    Would your app be an added compliment or does Icesword cover the same ground?
     
  6. gmer

    gmer Developer

    Joined:
    May 8, 2006
    Posts:
    86
    Re: ?newish rootkit detector

    If you want I will send you my samples.

    https://www.wilderssecurity.com/showthread.php?t=133605

    Watch this movie: http://www.gmer.net/gmer.avi ( 4,5MB format DivX )
    Sorry but comments are in polish.
     
  7. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    Re: ?newish rootkit detector

    sorry, you are mistaking me for someone with know-how LOL
    Just interested end user.
    thx anyway,

    I read the other thread it was a bit fragmented and didn't seem to address the question of memory/cpu cycles or conflicts very well.

    searching around you are getting some attention gmer.
    There is a very cryptic thread at scheinsicherheit.

    Thx
     
  8. gmer

    gmer Developer

    Joined:
    May 8, 2006
    Posts:
    86
    Re: ?newish rootkit detector

    I know that GMER as monitoring tool is not for all.
    I'm using it to catch malware. The key is gmer.ini.

    Thx
     
  9. controler

    controler Guest

    Re: ?newish rootkit detector

    Funny it crashed my system.

    What am I missing here?
     
  10. gmer

    gmer Developer

    Joined:
    May 8, 2006
    Posts:
    86
    Re: ?newish rootkit detector

    If you could say when ? Just after run or during scan ?

    Please send me C:\WINDOWS\Minidump\Mini*.dmp file.
     
  11. gmer

    gmer Developer

    Joined:
    May 8, 2006
    Posts:
    86
  12. Zero3K

    Zero3K Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    340
    Re: ?newish rootkit detector

    Here are two things I'm suggesting right now:

    1. Make the UI better looking
    2. Make it run in the system tray
     
  13. controler

    controler Guest

  14. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Re: ?newish rootkit detector

    GMER : I'm using it to catch malware.

    ...so am I:D

    hi gmer nice tool been using it a while.:thumb:
     
  15. controler

    controler Guest

    Re: ?newish rootkit detector

    It seems if I start a scan and stop it strange things happen.

    Then if say I open task manager, I can not stop it even after shutting down
    gmer. Why did you send me to this thread again?

    http://www.techsupportforum.com/showthread.php?t=104694
    Are you hinting I am infected?
    Yes i have the AppPatch folder but there are no exe's in it. I thought AppPatch was a normal folder.

    I am running BoClean ,A2 2.0 and socket shield.
     
    Last edited by a moderator: Jun 20, 2006
  16. controler

    controler Guest

    Re: ?newish rootkit detector

    I am now able to run scans without any problem.
    I have attached my scan log for your viewing pleasure.

    I wonder why the rootkits found do not show up in the GUI scan but rather in the txt file you create after the scan?

    You will notice most of the services it found show disabled.

    I will say that I used this computer to install the Sony Rootkit a while back from a Neil Diamond CD. I thought I had Shared toolkit active at the time and know I had BoClean active. I also installed thales navigation software that is for CD protection but none have said anything about a rootkit in that.
     

    Attached Files:

    • con2.txt
      File size:
      839.7 KB
      Views:
      57
  17. controler

    controler Guest

    Re: ?newish rootkit detector

    I can tell you right off hand
    SSDT \??\C:\WINDOWS\system32\drivers\prcmondrv1041.sys ZwCreateProcess <-- ROOTKIT !!!
    SSDT \??\C:\WINDOWS\system32\drivers\prcmondrv1041.sys

    belongs to ProcessViewer By Igor Nys


    http://www.teamcti.com/pview/prcview.htm


    controler
     
  18. controler

    controler Guest

    Re: ?newish rootkit detector

    Interesting that you all diisapeared now.
     
  19. peewee

    peewee Registered Member

    Joined:
    Jan 31, 2006
    Posts:
    30
    Re: ?newish rootkit detector

    What the heck is a "diiasapeared?"
     
  20. controler

    controler Guest

    Re: ?newish rootkit detector


    Is just another of my misspelled words for disappeared or vanished;)
     
  21. gmer

    gmer Developer

    Joined:
    May 8, 2006
    Posts:
    86
    Re: ?newish rootkit detector

    Sorry, but I have no drawing skills ;)

    I will check it.

    No, but it could be the reason of BSODs.



    Do not scan with "Show all" option checked.

    I have to test GMER & ProcessViewer .

    Regards
     
  22. controler

    controler Guest

    Re: ?newish rootkit detector

    Gmer

    If I am infected, it is because I was targeted by someone that frequents DSlreports or here. yes I must say I do know a few that might not like what I post but even though I have frequented the rootkit site, I only promoted their cause.
    I will say I have been behind a router for years and been actualy testing maleware. Maybe one slipped through but I as you know I have been branded the reformat guru. Besides that I know hardware. I do see alot of rootkit flags for ligit software in your program at the moment.
    If you looked at my txt file you would see all the flags were ligit programs that are not compromised.

    con
     
  23. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Re: ?newish rootkit detector

    GMER : Sorry I have no drawing skills.

    ...LOL, thats fine gmer, you carry on with development:cautious:
     
  24. gmer

    gmer Developer

    Joined:
    May 8, 2006
    Posts:
    86
    Re: ?newish rootkit detector

    Please create new log: GMER.EXE >> Rootkit >> Scan >> Copy >> Ctrl + V
    ( do not select "Show all" )
     
  25. controler

    controler Guest

    Re: ?newish rootkit detector

    gmer

    When I do a scan without selecting show all, the copy yext only shows the SSDT, which is the first part of the log and FILES, which is the very last part of the log. without selecting show all, my copied text does not flag rootkit at the end of each entry so i am still confused.
    From what I see, if you uncheck everything but system and files in the GUI, you get the same results as not selecting show all.
    My System volume Information folder is not accessible with ADMIN rights.
     

    Attached Files:

    Last edited by a moderator: Jun 23, 2006
Thread Status:
Not open for further replies.