GMER Rootkit detector

Discussion in 'other anti-malware software' started by blacknight, Mar 14, 2016.

  1. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,433
    Location:
    Europe
    For who liked this old rootkit detector not so easy to read, here the new version: http://www.gmer.net/. Some old version crashed my system when I used XP SP3 32-Bit. Tried on Seven 64-Bit and it seems to work.
     
  2. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
    Nice to see it is still being developed now that the dev is working for Avast. Which makes it more funny that the only vendor having a detection for it on VT is Avast :argh:
    @blacknight
    Your link is broken.
     
  3. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    1,764
    Location:
    Mexico
    Yeah it's broken. But here you go:
    http://www.gmer.net/

    Strange, I got this line in the Rootkit/Malware tab:
    C:\Windows\system32\csrss.exe [640:664] fffff960008802d0
     
    Last edited: Mar 14, 2016
  4. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    Just ran it on my Win 7 x64 build and log said I was clean as a whistle.

    You might want to check these out:

    http://superuser.com/questions/872983/csrss-exe-anomalies-is-this-a-rootkit
    http://securityxploded.com/hidden-process-detection.php - scroll down to this section: HPD with CSRSS Process Handle Enumeration

    BTW - GMER installs a hidden service .......................... Plus drops a driver in %AppData%\temp

    GMER_service.png
     
    Last edited: Mar 14, 2016
  5. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    I haven't used it in months, the spartan GUI annoyed me, and it behaved a bit weird.

    It should have looked like Tuluka: http://www.downloadcrew.com/article/22466-tuluka

    It's probably nothing malicious, but I would still investigate it.
     
  6. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    1,764
    Location:
    Mexico
    I did it and my symptoms are same as this guy found:
    http://superuser.com/questions/872983/csrss-exe-anomalies-is-this-a-rootkit
    (thanks to @itman for the link)
    Still don't know whether my pc is infected or not. Too complex for me though.
     
  7. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    I'm not sure but I think I had this same reading on my old Win XP PC. Perhaps it's caused by one of your security tools?
     
Loading...
Similar Threads
  1. majorpain
    Replies:
    21
    Views:
    1,462