GMER is an application that detects and removes rootkits.
It scans for:
The latest version of GMER 2.1.19081 released 2013.02.20
GMER runs only on Windows NT/W2K/XP/VISTA/7/8.
GMER can be downloaded Here :- http://www.gmer.net/#files
Know more about different MBR Rootkit Detector and Sample of Undetectable Rootkit ere > http://www.gmer.net/#files
Frequently Asked Question about GMER and Rootkit ?
Access the FAQ Section here > http://www.gmer.net/#faq
Question: Do I have a rootkit?
Answer: You can scan the system for rootkits using GMER. Run gmer.exe, select Rootkit tab and click the "Scan" button.
If you don't know how to interpret the output, please Save the log and send it to my email address.
Warning ! Please, do not select the "Show all" checkbox during the scan.
Question: How to create "3rd party" log ?
Answer: Tick "3rd party" option and then click the "Scan" button. After the scan you can use "Remove signed" and "Remove duplicates" options to filter the scan results.
Question: How to install the GMER software ?
Answer: Just run gmer.exe. All required files will be copied to the system during the first lanuch.
Question: How to uninstall/remove the GMER software from my machine ?
Answer: Just delete the exe file.
Question: My computer is infected and GMER won't start:
Answer: Try to rename gmer.exe to iexplore.exe and then run it.
Question: How do I remove the Rustock rootkit ?
Answer: When GMER detects hidden service click "Delete the service" and answer YES to all questions.
Question: How do I show all NTFS Streams ?
Answer: On the "Rootkit Tab" select only: Files + ADS + Show all options and then click the Scan button.
Question: Can I launch GMER in Safe Mode ?
Answer: Yes, you can launch GMER in Safe Mode, however rootkits which don't work in Safe Mode won't be detected.
Question: I am confused as to use delete or disable the hidden "service".
Answer: Sometimes "delete the service" option wont work because the rootkit protects its service. So, in such case use:
1) "disable the service",
2) reboot your machine, and
3) "delete the service".
It scans for:
- hidden processes
- hidden threads
- hidden modules
- hidden services
- hidden files
- hidden disk sectors (MBR)
- hidden Alternate Data Streams
- hidden registry keys
- drivers hooking SSDT
- drivers hooking IDT
- drivers hooking IRP calls
- inline hooks
GMER runs on Windows XP/VISTA/7/8
The latest version of GMER 2.1.19081 released 2013.02.20
GMER runs only on Windows NT/W2K/XP/VISTA/7/8.
GMER can be downloaded Here :- http://www.gmer.net/#files
Know more about different MBR Rootkit Detector and Sample of Undetectable Rootkit ere > http://www.gmer.net/#files
Frequently Asked Question about GMER and Rootkit ?
Access the FAQ Section here > http://www.gmer.net/#faq
Question: Do I have a rootkit?
Answer: You can scan the system for rootkits using GMER. Run gmer.exe, select Rootkit tab and click the "Scan" button.
If you don't know how to interpret the output, please Save the log and send it to my email address.
Warning ! Please, do not select the "Show all" checkbox during the scan.
Question: How to create "3rd party" log ?
Answer: Tick "3rd party" option and then click the "Scan" button. After the scan you can use "Remove signed" and "Remove duplicates" options to filter the scan results.
Question: How to install the GMER software ?
Answer: Just run gmer.exe. All required files will be copied to the system during the first lanuch.
Question: How to uninstall/remove the GMER software from my machine ?
Answer: Just delete the exe file.
Question: My computer is infected and GMER won't start:
Answer: Try to rename gmer.exe to iexplore.exe and then run it.
Question: How do I remove the Rustock rootkit ?
Answer: When GMER detects hidden service click "Delete the service" and answer YES to all questions.
Question: How do I show all NTFS Streams ?
Answer: On the "Rootkit Tab" select only: Files + ADS + Show all options and then click the Scan button.
Question: Can I launch GMER in Safe Mode ?
Answer: Yes, you can launch GMER in Safe Mode, however rootkits which don't work in Safe Mode won't be detected.
Question: I am confused as to use delete or disable the hidden "service".
Answer: Sometimes "delete the service" option wont work because the rootkit protects its service. So, in such case use:
1) "disable the service",
2) reboot your machine, and
3) "delete the service".