Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Strange processes showing up in GMER after rootkit infection


  • Please log in to reply
1 reply to this topic

#1 MichaBB

MichaBB

  • Members
  • 1 posts
  • OFFLINE
  •  

Posted 11 March 2018 - 06:28 AM

Hello, I'm having a problem with my Windows 10 machine. I've recently got a rootkit, which I (hopefully) got removed after bios reflashing and reinstalling Windows. The rootkit doesn't show up in GMER or Kaspersky's TDSS Killer anymore, but now the computer still slows down sometimes and there is a thread pointing to the csrss.exe file. 

Va2kVw7.png

 

 

There are also some strange processes with their names being made up out of symbols, which don't lead anywhere and don't show up in ProcessExplorer or Task Manager.

 

 

q47gqc7.png

 

 

Does this mean that I'm still infected, and if so, is it possible to have it removed?

 



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,969 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:47 PM

Posted 11 March 2018 - 09:07 AM

GMER is an older advanced stand-alone tool that compares the output from system function calls directly into the operating system to output from calls generated by their own functions. Any differences between it's own implementation and that of the operating system is reported as a hidden file, service, registry key, or device. GMER also looks for hidden code modifications and API Kernel hooks as well as many other checks which are not discussed in public to safeguard the program from malware writers who would use that information for nefarious purposes. GMER will not actually tell you if you are infected or not unless you know what you're looking for. Most of the log listings are dumps of raw memory data structures from the Windows Kernel which handles access to files, registry keys, hardware and from the system processor tables. Even with advanced training, trying to interpret GMER results can be confusing at best as there could be many legitimate entries in its log.

If you want a comprehensive look at your system for possible malware by our experts, there are other more reliable advanced tools which can be used to investigate but they are not permitted in this forum. Please follow the instructions in the Malware Removal and Log Section Preparation Guide. When you have done that, start a new topic and post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team. If HelpBot replies to your topic, please follow Step One and CLICK the link so it will report your topic to the team members.

If you choose to post a log, please reply back in this thread with a link to the new topic.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users