is an older advanced stand-alone tool which will help investigate for the presence of rootkit and malicious activity. It will not actually tell you if you are infected or not unless you know what you're looking for. GMER compares the output from system function calls directly into the operating system to output from calls generated by their own functions. Any differences between it's own implementation and that of the operating system is reported as a hidden file, service, registry key, or device. GMER also looks for hidden code modifications and API Kernel hooks as well as many other checks which are not discussed in public to safeguard the program from malware writers who would use that information for nefarious purposes.
Most of the log listings are dumps of raw memory data structures from the Windows Kernel which handles access to files, registry keys, hardware and from the system processor tables. Even with advanced training, trying to interpret GMER results can be confusing at best as there could be many legitimate entries in its log.
GMER is known for being extremely good at rootkit detection, but it is also known for occasionally being unstable on some computers
. There are varying reasons GMER will not run properly. CD Emulators (Daemon Tools, Alchohol, Astroburn, AnyDVD) should always be disabled first if using them and sometimes you have to uncheck some of the scanning options in order to get it to run.
I am a firm believer that if someone is unsure how to use a particular security tool or interpret any logs it generates, then they probably should not
be using it. Folks often panic when they see scanning log results they do not understand after using tools they no very little about. Some security tools are intended for advanced users
, those who are knowledgeable of the Windows registry or to be used under the guidance of an expert
who can interpret the log results and investigate it for malicious entries before taking any removal action. Security tools will show everything they find that is a possible problem (good and bad) but you need to know what to remove and what not to remove
. Incorrectly removing legitimate entries could lead to disastrous problems
with your operating system.
As for ComboFix, you may want to read ComboFix usage, Questions, Help? - Look here
If you want a comprehensive look at your system for possible malware by experts, there are other advanced tools which can be used to investigate but they are not permitted in this forum. Please follow the instructions in the Malware Removal and Log Section Preparation Guide
. When you have done that, post your logs
in the Virus, Trojan, Spyware, and Malware Removal Logs forum
, NOT here
, for assistance by the Malware Response Team.
If you choose to post a log, please reply back in this thread with a link to the new topic.