GMER

A while ago I once considered trying GMER but a few people on the McAfee forums told me it was a bit specialised & unless you're a bit of a 'techy' it should be left alone. Reading this thread I'm glad I took their advice. That's what I love about Wilders, there are people far braver than me in willing to test these programs & are good enough to post their experiences!

 

Hello Dave,

One of the finest post comments I have ever seen on any Forum.

GMER seems to have it`s dedicated supporter`s club, but I am just an independent critic of something that justifies comment one way or the other. If it is bad, it gets a kick, if it is good it gets a compliment. I have no allegiance to anything other than quality, performance, reliability and common sense.

GMER is doing badly so far and it matters nothing for dubious tests carried out by dubious sources. It is OUR verdict that counts.

I would strongly recommend that the designer of GMER takes a serious look at his potentially brilliant product and puts his house in order before launching it on the market.

The only consolation is that it is a Freebie. To actually PAY for this program would be akin to paying for having a head on crash in your car.

John B

 

Hi John,

I think a lot of it to do with the platform that you are using as well. I once had some problems with Spybot, in fact it gave me some serious grief before I managed to uninstall it completely. Yet it has its loyal fanclub.

GMER's probably a great idea but has some bugs &/or teething problems. A lot of people like dedicated rootkit detector apps these days.

I ran a Prevx freeware rootkit detector for a few weeks a couple of years ago. It was just a detector though with no removal capability, although that's probably not always a bad thing if you are worried about false-positives.

I eventually uninstalled the Prevx program as I thought it had instability problems, not unnoticed by others who had used it.

I suppose until you try a particular program you are never going to know how it works for you.

I do admire the test pilots!

 

I fully agree with you. A couple of months ago I knew I had a rootkit on my system so I went to Gladiator Security Forum and I was told to d/l Gmer and he specified specific settings in order to run it properly which I would have never known. I tried to run it twice in regular mode and it crashed. He said then to run it in safe mode and it found nothing.

Your post #17 where you showed those settings IE/EAT I think it was supposed to be unchecked and then there was a box you had to check for "scan all" (Right now I can't see the post). He said if I forgot to do any of this the scan would be no good to him. So obviously you have to know what your doing with Gmer. You know what to check and what not too.

Anyways I installed Sophos Antirootkit and it found it right away and took it out. Between my niece and nephew and husband my system was owned. I don't care how many times I show these guys something they always revert to doing what ever they want. It's not like I sit behind them looking over their shoulder to watch, but I should have. I installed EAM and it found 9 Trojans, keylogger, and 1 rootkit and a virus.

So now I'm going to implement LUA, SRP and SuRun so I don't ever have to go through this again. I learned my lesson.

You gave me a good laugh I'd tell'em to go pound salt.

Correctomundo!

 

@ Rilla.

I luv ya.
John

 

Who told you to turn off your firewall and AV while connected to the internet?

 

Some earlier poster on this thread did.

Anyhow, it gets worse. What on Earth does GMER need a working program for to detect a Malware Rootkit ? You don`t have to move to be a bug ! In fact bugs that don`t want to be caught lay doggo. Bugs do stand still at times and they cannot stand more still than when in Safe Mode.

Safe Mode is a Diagnostic Mode and exists for the purpose of carrying out operations without the adverse influence of running programs. Ideally, any debugging or trolling around with data should be done in Safe Mode.
That is why Windows has such a facility. Firewalls and AV programs can seriously interfere with scans as can any open program.

Good Heavens, there is absolutely no need to have anything running, the files etc. are all there just waiting to be pampered with a dead system.

If a debugging program cannot find the little critters in Safe Mode, then we are wasting our time playing with it and best move on to something more practical.

John B

PS :- Before I posted this thread, I did search the Forum for GMER but found nothing. I have now discovered this old thread (2007 ?) :- https://www.wilderssecurity.com/showthread.php?t=162435

 

i never told you to turn off your av and so on and have an active internet connection, i told you to turn off av, all oter running programms and the internet connection.
i hope it is now clear enough.
somethime its also helpfull to uninstall programms like alkohohl 120 and others. if not you get wrong results.
this programm using rootkit techniques. also some antimalware or firewall software.

 

Which one, that's what I'm asking?
There are 32 posts on the thread, and 10 of them by you.
Twenty two posts by other people.
Too hard to look through 22 posts?
I'll save you the time... no one told you to turn off your firewall and AV while staying connected to the internet.

 

OK, no problem, if it suits you to do so, keep your Firewall and AV running.
I have no wish to argue about which post said what or what programs you like to keep running. I have explained clearly what happens to me and unless persuaded otherwise, will stick to what I have said to the letter.

Thanks for letting me know the count of my posts, I had no idea and I am so grateful to you for saving me the time and telling me nobody said to turn of the FW and AV. Nobody is perfect. I do hope we can now get back to the thread.

Too hard to look through all the posts ? NAH, try post No.12, most interesting.

By the way, Majorgeeks says :-
http://forums.majorgeeks.com/showthread.php?t=122626

I wonder what he means by this :- "Disconnect from Internet and close all running programs." Surely he can`t mean to turn off the FW and AV ? I cannot imagine Majorgeeks saying a thing like that.

John B

 

sure they mean turn off all programms, what should an rootkit do when your internet connection is of and your av is not running. it can not connect to an server to download something, you have no internet connection. an other question is, can an active firewall block all connection and are destop firewalls usefull, but it is not the topic title
you can also not find all rootkits in safe mode for some like tdl 3 you need special tools
ps have a look at all security forums blogs etc, all this persons will tell you to turn off all programms, uninstall emulators like alkohol daimon tools and so on.
some will tell you to uninstall antivirus / firewall programms so you can get the best results and have no problems.

 

You have not answered Page42's question.

 

Oh yes I have - read my post again. But please, I could`nt care less in arguing about Page42`s question, it is irrelevant to the purpose of this thread.

We are not here to gang up on petty issues like who said what and where ? It is totally off topic.

Just digest the salient features of the thread and focus your posts on them. I am absolutely certain that you have sufficient expertise to make a very significant and informative contribution and look forward to reading it.

I have constructed a very clear explanation on this unnecessary diversion and will not pursue it any further.

John B

 

I reread this thread and John, Pages comments are right in line. There is nothing wrong with memebrs questioning others and their thoughts. Plus I have always found Page to be very informative and helpful in situations like this.

 

I could never witness any crashes with Gmer.

 

You are so kind

 

ouch i just bit my tongue

 

GMER works fine for me

@JohnBull
No-one is telling you to turn of you AV and FW whilst connected to the internet, they are telling you to disconnect from the internet and then shutdown you AV and FW to let GMER scan.

 

OK, I capitulate and agree entirely with your note and of course Majorgeek`s sound piece of advice. Fine, now we can get back to the subject in hand.

I would add, that the ultimate bed of roses for GMER to enjoy is to do it all in Safe Mode then we should all live happily ever after.

John B

 

Not entirely

From the GMER Faq:

 

I apologize for appearing to dominate my own thread, but am forced to respond by subsequent posts.

Well that`s great. So we do a scan in normal mode with Internet and AV plus FW disabled and what happens - GMER seizes up and we have to crash the system to get out of it. Marvelous !

Other posters have problems with GMER, just read the thread and to supplement this matter, read other Forum threads and net items on GMER.

The program is faulty and I would strongly recommend that the genius who designed this potentially wonderful program reads this Wilders thread and also all the other threads where countless complaints of crashes and faulty scans are voiced in abundance. THEN, look at his program and debug it.

Even in Safe Mode, although the scan finishes perfectly, when I come to log off by START>Log Off panel, I click shutdown and it goes on to infinite response and I have to crash my computer to get out of it.

There is nothing wrong with my system and not an infection in sight. If all computers were as perfectly kept as mine, we would not need a Forum.

The fact that some people have no problems and others do is indicative of a faulty program.
again Majorgeeks says :-
http://forums.majorgeeks.com/showthread.php?t=122626

AND he gives :- "NOTE: If you're having problems with running gmer.exe, try it in Safe Mode. This tool works in Safe Mode whereas many other rootkit revealers do not."

Constructive comments are welcome, fruitless arguments are definitely not.

John B

 

i think an admin will tell us what comments are welcome and delete all are not

you can browse the web and you will findproblems for all programms around the world, nobody said gmer is perfekt.so i try it at home, 3 pcs and gmer runs perfect. but like i said, all programs are deactivated, no inet connection, no cd emulators instaled and under win7 run as admin.
but you are right, gmer makes sometimes problems under vista and win7.

 

I'm sure it's a lot of good for plenty of users.
Just because it doesn't work properly on your system, or some others' machines, doesn't mean that everyone has to run it in Safe Mode or ditch it.
Let's not ignore the positive feedback here.

 

I am not being awkward on this issue, just pointing out that a program should not be so unpredictable as to run OK on some systems and not on others.

Many programs available to us run perfectly well on all our systems providing that the individual system is working properly. A program that behaves like GMER is in need of attention by the designer.

The spectrum of successes to failures with GMER is not reflective of a user friendly program. It is far too erratic. Any piece of software that has a Hit or Miss characteristic is not a reliable prospect. I would not like an aircraft with such a pedigree.

In spite of all I have said and backed up by many others, I happen to consider that GMER has the ingredients of a unique and unequalled Rootkit detector with a versatility better than most.

It just needs the Sorcerer who produced this magical piece of software to pay some attention in trimming the faults out of it so we no longer have the controversy we see raised in threads like this or other sources on the net.

John B

 

so you got your broken video problem fixed eh
with all your addons
perfectly kept i don't think so
otherwise you would have no reason to try gmer
send me a hjt log file
and i'll show you how imperfect your system is