Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Is GMER safe?

  • Please log in to reply
3 replies to this topic

#1 computerquotes


  • Members
  • 1 posts
  • Local time:07:57 AM

Posted 04 July 2017 - 02:07 AM


it installed a file on my computer after running the exe http://imgur.com/7gWwBpq

I cannot get rid of this. When I try to close it from the app data, it says a program is running 



BC AdBot (Login to Remove)


#2 jwoods301


  • Members
  • 1,489 posts
  • Gender:Male
  • Local time:06:57 AM

Posted 04 July 2017 - 02:24 AM

GMER is a legitimate program.


I downloaded the zip file, extracted it, and ran GMER.


I did not see that file in my list of running processes.


Reboot and see if it is running after that.


Search for the file on your system and see what folder it's in.

#3 midimusicman79


  • Members
  • 793 posts
  • Gender:Male
  • Location:Norway
  • Local time:03:57 PM

Posted 04 July 2017 - 06:52 AM

Hi all!
This behavior of GMER is perfectly normal, because it loads a system file (driver) with a random name so as to be able to run even if the user has malware which blocks gmer.exe on their computer.
As per the developer's (Przemysław Gmerek) home page:

It's recommended to download randomly named EXE (click button above) because some malware won't let gmer.exe launch.

This driver file, which BTW in my case is ffndqpob.sys, is located in C:\Users\<User Name>\AppData\Local\Temp
Actually, the said name randomization applies both to the exe file as well as the driver file.
Which means that if you download the exe file, it could be named something like BTW in my case jexhkzj2.exe

However, the exe file within the zip file is not randomly named, and is as such named gmer.exe
More information here: https://en.wikipedia.org/wiki/GMER
Please note: You have to exit GMER before deleting the system file in question.

Edited by midimusicman79, 05 July 2017 - 01:44 AM.

MS Win 10 Pro 64-bit, EAM Pro/EEK, MB 3 Free, WPP, SWB Free, CryptoPrevent Free, NVT OSA and Unchecky, WFW, FFQ with CanDef, uBO, Ghostery, Grammarly Free and HTTPS Ew. Acronis TI 2018, K. Sw. Upd. AM-tools: 9-lab RT BETA, AdwCleaner, Auslogics AM, aswMBR, Avira PCC, BD ART, catchme, Cezurity AV, CCE, CKS, ClamWin P., Crystal Sec., DDS, DWCI, EMCO MD, eScan MWAV, ESS/EOS, FGP, FMTB, FRST, F-SOS, FSS, FreeFixer, GMP, GMER, hP BETA, HJT, Inherit, JRT, K. avz4, KVRT, K. TDSSKiller, LSP-Fix, MB 3 Free, MBAR BETA, MA Stinger, NMC, NoBot, NPE, NSS, NVT MRF (NMRF), OTL, PCC, QD, RCS, RSIT, RKill, Rs, SC, SR, SAP, SVRT, SAS, SL, TMHC, TSA ART, UHM, Vba32 AR, VRS, WR (AiO), Xvirus PG, ZAM, ZHPC, ZHPD and Zoek. I have 23 Years of PC Experience. Bold = effective.

#4 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,934 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:57 AM

Posted 04 July 2017 - 07:29 AM

GMER is an older advanced stand-alone tool that compares the output from system function calls directly into the operating system to output from calls generated by their own functions. Any differences between it's own implementation and that of the operating system is reported as a hidden file, service, registry key, or device. GMER will not actually tell you if you are infected or not unless you know what you're looking for. We do not use it much any more and when we do, it's log is typically asked for in the Virus, Trojan, Spyware, and Malware Removal Logs Forum, not here.

I am a firm believer that if someone is unsure how to use a particular security tool or interpret any logs it generates, then they probably should not be using it. Folks often panic when they see scanning log results they do not understand after using tools they no very little about. Some security tools are intended for advanced users, those who are knowledgeable of the Windows registry or to be used under the guidance of an expert who can interpret the log results and investigate it for malicious entries before taking any removal action. Security tools will show everything they find that is a possible problem (good and bad) but you need to know what to remove and what not to remove. Incorrectly removing legitimate entries could lead to disastrous problems with your operating system.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users