Gmer & rawlp

Discussion in 'other anti-malware software' started by Rainwalker, Jul 7, 2007.

Thread Status:
Not open for further replies.
  1. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    After doing a scan w/gmer i noted a number of rawlp entries e.g. Device\rawlp create_mailslot..........i have not been able to find any info on this o_O Anyone with ideas?
     
    Last edited: Jul 7, 2007
  2. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    7,303
    Location:
    England
  3. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    Thanks stapp....and way over my head...have not seen these entries before... need to know more and need to know if I can safely dump them. There were many 'Attached Devices" with the updated Gmer scan. Have not seen this before, but that might be due to the latest Gmer version. So somebody please help me out with this.
     
  4. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    7,303
    Location:
    England
    Just looking on the Gmer webpage there is a list of additions in the version history for the latest build which says....

    - Added AttachedDevice hooks detection

    http://www.gmer.net/files.php

    On left of page is a contact link for help, might be worth a try.
     
  5. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    The link does not open for me nor does www.gmer.net
    Receive: The connection was reset
     
  6. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    7,303
    Location:
    England
    I have no problem with the links Rainwalker have just tried them from my post, perhaps someone else could check.
     
  7. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    Thanks stapp...175 people thus far have seen this post yet only you have responded.....does that mean i am alone in this ? It seems Rawlp stuff is an old start up program( for what i do not know ) that was written years ago. The author has said "That just means that 10 years ago, I once wrote a sample startup script
    included with debian / sysvinit, and people have been adapting it for
    all kinds of projects". He goes on to say "frankly I have no idea what that project is about". So this says next to nothing to me. Also, www.gmer.net still does not open.
    I am believing i have been hacked. Other then Gmer, scans show nothing.
    I don't know if i can safely remove all the rawlp stuff.
     
  8. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    7,303
    Location:
    England
    I have sent an email to GMER about you, I will let you know as soon as I hear anything.
     
  9. gmer

    gmer Developer

    Joined:
    May 8, 2006
    Posts:
    86
    @Rainwalker

    If you don't know how to interpret the log please send an email to info (at) gmer . net

    Thanks.
     
  10. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    7,303
    Location:
    England
    Compliments on the quick reply GMER
     
  11. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    Thanks stapp...i'll be in touch....btw, what is Gmer ip address?
     
  12. gmer

    gmer Developer

    Joined:
    May 8, 2006
    Posts:
    86
    Please try nslookup & post results here

    Start -> Run -> cmd ->
    Code:
    C:\>nslookup
    
    >gmer.net
    it should be: 204.152.184.145
     
  13. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    Thank you for responding Gmer,
    I did a command prompt with C:\>nslookup
    and then with C:\>nslookup>gmer.net
    in both cases i got nothing.
     
  14. gmer

    gmer Developer

    Joined:
    May 8, 2006
    Posts:
    86
    If you cannot send me an email with your log, please save it into a file and attach here.
     
  15. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    I have sent you an email with the log...I sent it to info@gmer.net o_O
    Nothing came back...
    I will try again...now
     
  16. gmer

    gmer Developer

    Joined:
    May 8, 2006
    Posts:
    86
    got it, thanks
     
Thread Status:
Not open for further replies.