GMER Scan.

GMER Scan.
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Antivirus Discussions    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
GMER Scan. Yvonne York 09-21-2008
|--> Re: GMER Scan. David H. Lipman09-21-2008
| `--> Re: GMER Scan. David H. Lipman09-22-2008
`--> Re: GMER Scan. David H. Lipman09-25-2008
Posted by Yvonne York on September 21, 2008, 8:30 pm
If you were  Registered and logged in, you could reply and use other advanced thread options


GMER 1.0.14.14536

After scanning with Gmer a window popped-up indicating:

[quote]
GMER
Warning !!!
GMER has found system modification caused by ROOTKIT activity.
[unquote]

I examined all items and there one (1) item shown in red letters.
Type: Libary
Name: C:\Documents [***hidden***] @ C:\Documents[2216
Value: 0x00400000

I assume that this item is the culprit in question. I request guidance as
how to proceed and eliminate this rootkit.

TIA


Posted by David H. Lipman on September 21, 2008, 9:00 pm
If you were  Registered and logged in, you could reply and use other advanced thread options



| GMER 1.0.14.14536

| After scanning with Gmer a window popped-up indicating:

| [quote]
| GMER
| Warning !!!
| GMER has found system modification caused by ROOTKIT activity.
| [unquote]

| I examined all items and there one (1) item shown in red letters.
| Type: Libary
| Name: C:\Documents [***hidden***] @ C:\Documents[2216
| Value: 0x00400000

| I assume that this item is the culprit in question. I request guidance as
| how to proceed and eliminate this rootkit.

| TIA



Please post in the below expert forum where you can get expert advice.

http://www.thespykiller.co.uk/index.php?board=3.0
NOTE: Registration is REQUIRED in the forum before posting a log.

Note in your post that I sent you there.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Posted by kalyan on September 22, 2008, 2:28 am
If you were  Registered and logged in, you could reply and use other advanced thread options


Hi

pl post the log file for analysis

If you are not able to remove the rootkit
try this
http://download.nai.com/products/mcafee-avert/McafeeRootkitDetective.zip

http://www.sophos.com/products/free-tools/sophos-anti-rootkit/download/

http://research.pandasecurity.com/blogs/images/AntiRootkit.zip
--
Warm Regards
Kalyan



> GMER 1.0.14.14536
>
> After scanning with Gmer a window popped-up indicating:
>
> [quote]
> GMER
> Warning !!!
> GMER has found system modification caused by ROOTKIT activity.
> [unquote]
>
> I examined all items and there one (1) item shown in red letters.
> Type: Libary
> Name: C:\Documents [***hidden***] @ C:\Documents[2216
> Value: 0x00400000
>
> I assume that this item is the culprit in question. I request guidance as
> how to proceed and eliminate this rootkit.
>
> TIA



Posted by David H. Lipman on September 22, 2008, 6:27 am
If you were  Registered and logged in, you could reply and use other advanced thread options



| Hi

| pl post the log file for analysis

/* NOT HERE ! */


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Posted by David H. Lipman on September 25, 2008, 5:35 pm
If you were  Registered and logged in, you could reply and use other advanced thread options



< snip >

| I examined all items and there one (1) item shown in red letters.
| Type: Libary
| Name: C:\Documents [***hidden***] @ C:\Documents[2216
| Value: 0x00400000

< Snip >

Please return to the thread you started.

The above in combo with...
O23 - Service: GEIF - Unknown owner -
C:\DOCUME~1\TRAVEL~1\LOCALS~1\Temp\GEIF.exe (file
missing)

Is indicative of malware and possibly a RootKit as suspected.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Similar ThreadsPosted
Correct Uninstalling gmer July 3, 2008, 11:03 am
Can't run online scan November 19, 2005, 3:46 pm
PC shuts off on Virus Scan September 23, 2005, 7:22 pm
AV scan an NTFS drive in DOS January 8, 2006, 4:32 pm
Turning Off the NAV 2006 Scan` March 6, 2006, 10:53 pm
stops halfway through scan January 27, 2007, 7:11 pm
Scan Spyware - no internet? July 13, 2007, 2:50 am
Spybot Scan Results Question August 16, 2005, 11:19 am
McAfee Virus Scan Lock Up July 2, 2006, 3:09 pm
Does MS Anti-Virus scan while downloading? December 16, 2006, 9:59 am

The site map in XML format XML site map

Contact Us | Privacy Policy