Gmer updated .. version 2 out

Discussion in 'other anti-malware software' started by SUPERIOR, Jan 4, 2013.

Thread Status:
Not open for further replies.
  1. SUPERIOR

    SUPERIOR Registered Member

    Joined:
    Dec 10, 2007
    Posts:
    161
    Location:
    Syria
    http://www.gmer.net/
     
  2. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    Thanks for the heads up!
    Great App!
    :thumb:
     
  3. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Looks like this is what will end up in avast! 8 + maybe even more :)
     
  4. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    Got it, thanks. It's been awhile.
     
  5. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,428
    GREAT TOOL. Surprised this hasn't got more attention. :thumb:
     
  6. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    GMER 2.0.18454 posted.
     
  7. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
  8. culla

    culla Registered Member

    Joined:
    Aug 15, 2005
    Posts:
    504
    i just tried gmer it came up with these in red
    should i be worried?


    Library C:\DOCUME~1\steve\LOCALS~1\Temp\nsa6.tmp\registry.dll (*** hidden *** ) @ C:\Program Files\FirefoxPortable\FirefoxPortable.exe [1160] 0x10000000
    Library C:\DOCUME~1\steve\LOCALS~1\Temp\nsa6.tmp\newadvsplash.dll (*** hidden *** ) @ C:\Program Files\FirefoxPortable\FirefoxPortable.exe [1160] 0x02AC0000
    Library C:\DOCUME~1\steve\LOCALS~1\Temp\nsa6.tmp\System.dll (*** hidden *** ) @ C:\Program Files\FirefoxPortable\FirefoxPortable.exe [1160] 0x034F0000
     
  9. Syobon

    Syobon Registered Member

    Joined:
    Dec 27, 2009
    Posts:
    469
    No, this tool requires a trained mind, it even detects Steam as a rootkit here, cleary some behavior resambling rootkit, but not to worry.
     
  10. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
  11. iammike

    iammike Registered Member

    Joined:
    Jun 13, 2012
    Posts:
    276
    Location:
    SE Asia
    When I use these kind of programs (Like GMER, MBAR, HitmanPro etc) I first clean my PC with Ccleaner as Normal User and then as Admin to "minimize" the chance for false positives, like on stuff in your Temp Directories.
     
    Last edited: Feb 2, 2013
  12. gmer

    gmer Developer

    Joined:
    May 8, 2006
    Posts:
    86
    Hello,

    One advice, to eliminate such FPs it's always recommended to do not use your machine during the scan. User should simply finish all applications and then start the scan.

    Anomaly-based detection that is implementd in this tool doesn't give simple answer that all entries are BAD so in many cases "trained eye" might help. :)

    Thanks
     
  13. culla

    culla Registered Member

    Joined:
    Aug 15, 2005
    Posts:
    504
  14. chinook9

    chinook9 Registered Member

    Joined:
    Jan 27, 2008
    Posts:
    439
    Just want to repeat Syobon's warning.

    GMER is designed to be used only by those who really understand it. Generally I have seen GMER used as a tool to fix a totally crapped up machine, not as a normal malware scan. There are forums where experts will provide guidance to help clean up a malware infested machine. The experts on these forums have standard tools and procedures they use and GMER is one of the tools.

    If you understand what you are seeing in a GMER report, you are probably an expert. You definitely do not just delete everything that GMER flags in read.

    Just my 2c. Good luck.
     
  15. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    The latest version of GMER 2.1.18952 released 2013.02.13
    -http://www.gmer.net/
     
  16. Krysis

    Krysis Registered Member

    Joined:
    Dec 28, 2012
    Posts:
    366
    Location:
    DownUnder
    Just downloaded latest version – first time ever that I have seen all options in right pane enabled (and selectable)

    I closed all other programs – ran a full scan – about 15 minutes into scan – BSOD!(APC_INDEX_MISMATCH)
    Ran SFC /scannow - no issues detected – then ran a 'quick' scan this time – exactly same result! Same BSOD.

    Have never run into this kind of issue before with Gmer. It seems that perhaps ALL options should not be selected – but how to know? Very poor Help – and searching the net is hopeless.
    All one gets is 'you need to know what you're doing' kind of suggestion. o_O
     
  17. Syobon

    Syobon Registered Member

    Joined:
    Dec 27, 2009
    Posts:
    469
    hmm
    its a question of deciding if the item is dangerous or not, gmer only list potential threats even many legitimate windows services and applications maybe detected as rootkits.
    Further analyses are necessary to determinate its nature, if a unknown file is shown at gmer and no antivirus detects it, you need reverse-engineering and debugging expertize to determine yourself, in other words known what you're doing :)
     
  18. Krysis

    Krysis Registered Member

    Joined:
    Dec 28, 2012
    Posts:
    366
    Location:
    DownUnder
    Thanks for the reply – but you're missing my point.
    Gmer listed nothing! – no 'unknown' file! – nothing suspicious was listed. During it's scan – the system just crashed! (each time I ran Gmer) As for the BSODs – I have several debugging programs – the culprit was ntoskrnl.exe which is generic and can mean anything, or nothing! :p

    I was hoping that the dev might provide some clues as to what settings should be enabled in Gmer. :blink:
     
  19. gambla

    gambla Registered Member

    Joined:
    Sep 4, 2007
    Posts:
    161
    Location:
    Frankfurt, Germany
    Bad luck, the new version never starts up. I see this "windows loading ring" but it never ends. Older version runs fine. :(
     
  20. Krysis

    Krysis Registered Member

    Joined:
    Dec 28, 2012
    Posts:
    366
    Location:
    DownUnder
    I can't even run my 'old' Gmer anymore!
    It comes up with the same error messages as 'new' Gmer - and refuses to run! o_O
     
  21. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @ Krysis

    Sorry to hear about the BSOD, not good !

    Try to locate Gmer's Driver first & delete it, or rename it. Some ARK's don't like having more than one of it's Drivers running at the same time. Or uninstall both versions, & reinstall the previous version.
    The answer is in the FAQ's ;)

    Let us know how you get on :thumb:
     
  22. gmer

    gmer Developer

    Joined:
    May 8, 2006
    Posts:
    86
    @Krysis, @gambla

    I've sent you PMs with some instructions . I look forward to the results.

    Thanks
     
  23. Krysis

    Krysis Registered Member

    Joined:
    Dec 28, 2012
    Posts:
    366
    Location:
    DownUnder
    Hi guys! Appreciate your responses!

    Have gotten nowhere with Gmer – I removed all previous versions – downloaded another copy of Gmer and ran the program again. Same issues resurfaced.

    On opening Gmer - GUI window displays following text message:
    ''Disk \Device\Harddisk0\DRO suspicious partition 2 80(A) 17Hidd HPFS/NTFS 100MB offset''

    This 'suspicious' partition is my hidden system partition! - so no idea why this is being flagged.

    When I try running a quick scan – I get the following message:
    ''C:\windows\system32\config\system – the process cannot access the file because it is being used by another process''
    When I click Ok – the message vanishes – the scan runs, but as before, well into the scan – the system crashes with no warning.

    I have been using Gmer since early 2011 – however, one of the aspects of Gmer that has always puzzled me was that 'my' Gmer has always only displayed 3 options (Services – Registry – Files) in the right pane. None of the other options were selectable. Yet I saw on the net and elsewhere, that other users had all their options available – even when I upgraded Gmer – the same lack of options remained.
    So my concern has been whether my previous versions of Gmer were actually flawed, or corrupted. This latest version is the first time I have ever seen Gmer with all options selectable.

    Just too bad it doesn't quite work! o_O
     
  24. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    No really... thank you! Awesome product. Best rootkit detection/removal tool in existence, IMO. It will pretty much find and remove anything there is.

    But as such, will also inevitably flag FP's as well. So it belongs only in the hands of an advanced/knowledgeable user that knows what they're looking at in the logs... when to shoot, and when to hold your fire.

    Personally it's one of my American Express Card type tools... that I don't leave home without when doing malware removal from people's boxes.
     
  25. gambla

    gambla Registered Member

    Joined:
    Sep 4, 2007
    Posts:
    161
    Location:
    Frankfurt, Germany

    Thank you,
    i guess it was related to Online Armor, i had to reinstall it and now it's working. ;)

    Keep up the good work ! :thumb:


    Edit: I think i got a FP : "sector 0: rootkit-like behavior". Where should i post the log for analyzing ?
     
    Last edited: Feb 16, 2013
Loading...
Thread Status:
Not open for further replies.