is an older advanced stand-alone tool that compares the output from system function calls directly into the operating system to output from calls generated by their own functions. Any differences between it's own implementation and that of the operating system is reported as a hidden file, service, registry key, or device. GMER also looks for hidden code modifications and API Kernel hooks as well as many other checks which are not discussed in public to safeguard the program from malware writers who would use that information for nefarious purposes.
GMER will not actually tell you if you are infected or not unless you know what you're looking for. Most of the log listings are dumps of raw memory data structures from the Windows Kernel which handles access to files, registry keys, hardware and from the system processor tables. Even with advanced training, trying to interpret GMER results can be confusing at best as there could be many legitimate entries in its log. We do not use it much any more and when we do, it's log is typically asked for in the Virus, Trojan, Spyware, and Malware Removal Logs Forum
GMER is known for being extremely good at rootkit investigation and detection, but it is also known for occasionally being unstable on some computers
. There are varying reasons GMER will not run properly or result in a BSOD. In some cases, a BSOD may be attributed to one of the scanning options available when running GMER and you may need to uncheck one or more of those options to get it to run properly.
Open GMER and on the right side, deselect (uncheck
) the following:
- Drives/Partition other than System drive (typically C:\)
- Show All <- don't miss this one
If that does not work you may also need to deselect uncheck
the following (along with the items noted above) from the options on the right, then try running it again or perform the scan in safe mode
If you still cannot get GMER to run and you believe your system is infected, then follow the instructions in the Malware Removal and Log Section Preparation Guide
. When you have done that, start a new topic and post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum
, NOT here
, for assistance by the Malware Response Team. If HelpBot
replies to your topic, please follow Step One and CLICK the link so it will report your topic to the team members.
If you choose to follow the above instructions and post a FRST log, please reply back in this thread with a link to the new topic. If not, at least you know doing that is an option available to you.