Littlebits

Retired Staff
malbky said:
GMER along with TDSS killer is one of the best rootkit removers. I have used this quite a few times.
Does version 2 have new GUI. The old GUI simply is complex. But anyway it was not intended for noobs.
Thanks for the heads up. I will be adding the new version to my USB arsenal soon.

The only problem with McAfee Avert Stinger is it takes too long and also scans and removes only commonly known malware. I given up using stinger. In some cases Pandas active scan via internet seems to be faster. Bitdefender is one of the slowest online scanners.
Hove you actually tried McAfee Stinger lately after Intel gave it a complete over-haul?

It scans are very fast, its detection is better than most of the other scanners because it uses several AV engines and technologies from several other security vendors not just McAfee anymore.

I have remove several Zero Access infections with no problems at all, compared to all of these advanced guides which usually don't work.
It also does excellent with rogue fake security products and ransomware.

Intel did an excellent job improving it, now lets see if they can improve McAfee's other products.

Enjoy!!:D
 

kuttus

Level 2
Verified
If we Run Combofix chances for PC Crash and Registry Corruption and File Association issues are very high. But for McAfee Stinger my Experience all this issues is not happening.....
 

softwareFREEk

New Member
Littlebits said:
GMER v.2.0 released:

GMER is an application that detects and removes rootkits .

It scans for:
hidden processes
hidden threads
hidden modules
hidden services
hidden files
hidden disk sectors (MBR)
hidden Alternate Data Streams
hidden registry keys
drivers hooking SSDT
drivers hooking IDT
drivers hooking IRP calls
inline hooks

New in version 2.0:
- Added support for Windows 8
- Added full support for Windows x64
- Added Trace I/O function
- Added disk "Quick scan" function


Enjoy!! :)
@ Littlebits
my Hiren's BootCD 15.2 has the older
GMER 1.0.15 version, nice find thank you
 

Prorootect

Level 53
Verified
The latest version of GMER 2.1.19155 released 2013.03.04

GMER runs on Windows NT/W2K/XP/VISTA/7/8 32-bit and 64-bit versions.

-------------------

Well, with this latest version .. I have (and you too!) 9 hidden processes in Red (you have surely more than 9 - maybe 70 ..?;) ).

These are the normal Windows system processes by Microsoft, so don't worry about ..

So in this latest GMER version, each red highlighted [*** hidden ***] Windows process is shown with EPROCESS structure (and PID) in Value tab, identifying each process.

On the msdn.microsoft.com website, I read:
'The EPROCESS structure is an opaque structure that serves as the process object for a process.'
'Some routines .. use EPROCESS to identify the process to operate on.'

WHY this latest GMER 2.1.19155 version highlights all the Windows processes with EPROCESS in red - I don't know!:D
- but NO worry, it's OK. this is NOT rootkit, but FP's only (9 in my case) .. however I see this nice small 'Warning' window: 'GMER has found system modification, which might have been caused by ROOTKIT activity. ..':D



PS. Yet none of my other anti-rootkit tools don't show the same problem. That's why is good to have some anti-rootkit tools on your Windows .. like me ..;)
 

Prorootect

Level 53
Verified
But after restart of the PC, no more red positions in GMER ..

The scan finished successfully - GMER window:


So after download GMER - restart Windows, that's all.

Before launch GMER, close all running applications - because during the scan, it takes a lot of CPU cycles (frequently 80 percent ..) - so risk of Windows crash .. Blue Screen ..
 

Prorootect

Level 53
Verified
After the download of this latest version of GMER, start time of my PC is hugely extended, and the machine became very slow .. I do not know why.
So I deleted this latest version of GMER (exe file), but no improvement, my PC is slow for now ..
Do you have similar problems, please? ..
 

Gnosis

New Member
Run PCHunter and check your startup items, services, kernel modules and inline hooks and eliminate any GMER stuff. Check your msconfig startup list as well. Then reboot.

I must be young or have never really used this because this is the first time I have seen this program (as far as I know) Smile
I know that the sand in Australia is magnificent and all, but you need to get your head out of it. LOL :)
 

Prorootect

Level 53
Verified
Thank you ZOU / Gnosis!


No more problems in my PC, all run smoothly like before.
Because I tried Restore Point day before the event of problem .. So I do not know why I had these slowdowns ..

This is essential: they are gone!

My fault was that I did run GMER at the same time with my browser and another software (stopped) - then all this was too bulky for my CPU cycles, and Windows has Blue Screen, then it has started the KernelFaultCheck to do the minidump. But after removing this KernelFaultCheck - from startup and Registry - the slowndowns were still there!
Restore Point saved me.:cool:
 

Prorootect

Level 53
Verified
The latest version of GMER 2.1.19163 released 2013.04.04


•2.1
- Added third-party software component scan
- Improved services scanning
- Improved registry scanning
- Fixed Windows 8 x86 lock issue