Discussion in 'other anti-malware software' started by SUPERIOR, Jan 4, 2013.
Thanks for the heads up!
Looks like this is what will end up in avast! 8 + maybe even more
Got it, thanks. It's been awhile.
GREAT TOOL. Surprised this hasn't got more attention.
GMER 2.0.18454 posted.
@ SUPERIOR & G1111
2 updates in 4 weeks ! I wonder why ? No mention of why in here http://www.gmer.net/#news
i just tried gmer it came up with these in red
should i be worried?
Library C:\DOCUME~1\steve\LOCALS~1\Temp\nsa6.tmp\registry.dll (*** hidden *** ) @ C:\Program Files\FirefoxPortable\FirefoxPortable.exe  0x10000000
Library C:\DOCUME~1\steve\LOCALS~1\Temp\nsa6.tmp\newadvsplash.dll (*** hidden *** ) @ C:\Program Files\FirefoxPortable\FirefoxPortable.exe  0x02AC0000
Library C:\DOCUME~1\steve\LOCALS~1\Temp\nsa6.tmp\System.dll (*** hidden *** ) @ C:\Program Files\FirefoxPortable\FirefoxPortable.exe  0x034F0000
No, this tool requires a trained mind, it even detects Steam as a rootkit here, cleary some behavior resambling rootkit, but not to worry.
As Syobon alludes to = probably OK, but check these,
Also, funny how sometimes we forget things i've done it myself in the past
When I use these kind of programs (Like GMER, MBAR, HitmanPro etc) I first clean my PC with Ccleaner as Normal User and then as Admin to "minimize" the chance for false positives, like on stuff in your Temp Directories.
One advice, to eliminate such FPs it's always recommended to do not use your machine during the scan. User should simply finish all applications and then start the scan.
Anomaly-based detection that is implementd in this tool doesn't give simple answer that all entries are BAD so in many cases "trained eye" might help.
good spotting yes i forgot thanks
Just want to repeat Syobon's warning.
GMER is designed to be used only by those who really understand it. Generally I have seen GMER used as a tool to fix a totally crapped up machine, not as a normal malware scan. There are forums where experts will provide guidance to help clean up a malware infested machine. The experts on these forums have standard tools and procedures they use and GMER is one of the tools.
If you understand what you are seeing in a GMER report, you are probably an expert. You definitely do not just delete everything that GMER flags in read.
Just my 2c. Good luck.
The latest version of GMER 2.1.18952 released 2013.02.13
Just downloaded latest version – first time ever that I have seen all options in right pane enabled (and selectable)
I closed all other programs – ran a full scan – about 15 minutes into scan – BSOD!(APC_INDEX_MISMATCH)
Ran SFC /scannow - no issues detected – then ran a 'quick' scan this time – exactly same result! Same BSOD.
Have never run into this kind of issue before with Gmer. It seems that perhaps ALL options should not be selected – but how to know? Very poor Help – and searching the net is hopeless.
All one gets is 'you need to know what you're doing' kind of suggestion.
its a question of deciding if the item is dangerous or not, gmer only list potential threats even many legitimate windows services and applications maybe detected as rootkits.
Further analyses are necessary to determinate its nature, if a unknown file is shown at gmer and no antivirus detects it, you need reverse-engineering and debugging expertize to determine yourself, in other words known what you're doing
Thanks for the reply – but you're missing my point.
Gmer listed nothing! – no 'unknown' file! – nothing suspicious was listed. During it's scan – the system just crashed! (each time I ran Gmer) As for the BSODs – I have several debugging programs – the culprit was ntoskrnl.exe which is generic and can mean anything, or nothing!
I was hoping that the dev might provide some clues as to what settings should be enabled in Gmer.
Bad luck, the new version never starts up. I see this "windows loading ring" but it never ends. Older version runs fine.
I can't even run my 'old' Gmer anymore!
It comes up with the same error messages as 'new' Gmer - and refuses to run!
Sorry to hear about the BSOD, not good !
Try to locate Gmer's Driver first & delete it, or rename it. Some ARK's don't like having more than one of it's Drivers running at the same time. Or uninstall both versions, & reinstall the previous version.
The answer is in the FAQ's
Let us know how you get on
I've sent you PMs with some instructions . I look forward to the results.
Hi guys! Appreciate your responses!
Have gotten nowhere with Gmer – I removed all previous versions – downloaded another copy of Gmer and ran the program again. Same issues resurfaced.
On opening Gmer - GUI window displays following text message:
''Disk \Device\Harddisk0\DRO suspicious partition 2 80(A) 17Hidd HPFS/NTFS 100MB offset''
This 'suspicious' partition is my hidden system partition! - so no idea why this is being flagged.
When I try running a quick scan – I get the following message:
''C:\windows\system32\config\system – the process cannot access the file because it is being used by another process''
When I click Ok – the message vanishes – the scan runs, but as before, well into the scan – the system crashes with no warning.
I have been using Gmer since early 2011 – however, one of the aspects of Gmer that has always puzzled me was that 'my' Gmer has always only displayed 3 options (Services – Registry – Files) in the right pane. None of the other options were selectable. Yet I saw on the net and elsewhere, that other users had all their options available – even when I upgraded Gmer – the same lack of options remained.
So my concern has been whether my previous versions of Gmer were actually flawed, or corrupted. This latest version is the first time I have ever seen Gmer with all options selectable.
Just too bad it doesn't quite work!
No really... thank you! Awesome product. Best rootkit detection/removal tool in existence, IMO. It will pretty much find and remove anything there is.
But as such, will also inevitably flag FP's as well. So it belongs only in the hands of an advanced/knowledgeable user that knows what they're looking at in the logs... when to shoot, and when to hold your fire.
Personally it's one of my American Express Card type tools... that I don't leave home without when doing malware removal from people's boxes.
i guess it was related to Online Armor, i had to reinstall it and now it's working.
Keep up the good work !
Edit: I think i got a FP : "sector 0: rootkit-like behavior". Where should i post the log for analyzing ?