Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How to use Gmer?


  • Please log in to reply
3 replies to this topic

#1 myym

myym

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Denmark
  • Local time:01:12 PM

Posted 07 October 2013 - 02:26 PM

I have been using this program for a while, but I can not see whether it finds any malware or not. It creates a long list under the malware tab, but after it is finished I can't see any option on removing, even after I close and re-run the program it just creates a list.

Can someone explain how to use this program?



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,277 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:12 AM

Posted 08 October 2013 - 08:11 AM

GMER is a stand-alone tool that will help investigate for the presence of rootkits. It will not actually tell you if you are infected or not unless you know what you're looking for. Official public information in regards to using GMER can be found here.

If you're unsure how to use a particular Anti-rootkit (ARK) tool or interpret the log it generates, then you probably should not be using it. Some ARK tools like GMER are intended for advanced users or to be used under the guidance of an expert who can interpret the log results and investigate it for malicious entries before taking any removal action. Even with advanced training, trying to interpret GMER results can be confusing at best as there could be many legitimate entries in its log.

Incorrectly removing legitimate entries could lead to disastrous problems with your operating system. Why? Not all hidden components detected by anti-rootkit (ARK) scanners and security tools are malicious. It is normal for a Firewall, some anti-virus and anti-malware software (ProcessGuard, Prevx), CD Emulators sandboxes, virtual machines and Host based Intrusion Prevention Systems (HIPS) to exhibit rootkit-like behavior or hook into the OS kernal/SSDT (System Service Descriptor Table) in order to protect your system. SSDT is a table that stores addresses of functions that are used by Windows. Whenever a function is called, Windows looks in this table to find the address for it. Both legitimate programs and rootkits can hook into and alter this table.

API Kernel hooks are not always bad since some system monitoring software and security tools use them as well. If no hooks are active on a system it means that all system services are handled by ntoskrnl.exe which is a base component of Windows operating systems and the process used in the boot-up cycle of a computer. ARK scanners do not differentiate between what is good and what is bad...they only report what is found. Therefore, even on a clean system some hidden essential components may be detected when performing a scan to check for the presence of rootkits. As such, you should not be alarmed if you see any hidden entries created by legitimate programs after performing a scan.

In most cases further investigation is required after the initial ARK scan by someone trained in rootkit detection or with advanced knowledge of the operating system. Report logs need to be analyzed and detected components identified in order to determined if they are benign, system critical or malevolent before attempted removal. Using an ARK scanner without knowing how to tell the difference between legitimate and malicious entries can be dangerous if a critical component is incorrectly removed.

Discussions pertaining to how GMER works, what it can or cannot do, what the log results mean, etc is not available to the public in order to safeguard and protect the integrity of the tool from malware writers. As such, our discussion in public areas is limited and sometimes may appear vague or not fully address a specific question so it should not be taken personal.

If learning about malware removal techniques and how to use specialized fix tools like GMER is something you are interested in, please read BC Malware Removal Training Program.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 myym

myym
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Denmark
  • Local time:01:12 PM

Posted 08 October 2013 - 02:05 PM

Thank you for a detail explanation, I found this site very interesting and have been looking at various anti-malware programs which I was not aware of them, to find out how to use them, including Gmer. I will read more about it on your site and the link you provided, and will post my problems I encounter in the future. 

Thank you for providing such a good place.



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,277 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:12 AM

Posted 08 October 2013 - 02:17 PM

You're welcome on behalf of the Bleeping Computer community.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users