Rootkit Detector and Remover

March 23, 2009

The first time I encountered a rootkit is when both my laptop and
desktop was infected by a virus called JambanMu. It is a virus but
using rootkit method to hide itself. I felt that something was not
right on both of my computers but no matter what security software that
I used to scan my computers, it would come up nothing. Then I
accidentally found out about a tool called GMER which is able to detect
and remove rootkit. The name of this tool does sound like a gaming tool
but it’s not. Actually I just wanted to take a look at how his tool
works but it ended up telling me about the rootkit that is present on
my system! Then after a little research, I found out that it was the
JambanMu virus that I brought back from one of my work place.

GMER is an application that detects and removes rootkits.

Detect and Remove Rootkit with GMER

It scans for:

  • hidden processes
  • hidden threads
  • hidden modules
  • hidden services
  • hidden files
  • hidden Alternate Data Streams
  • hidden registry keys
  • drivers hooking SSDT
  • drivers hooking IDT
  • drivers hooking IRP calls
  • inline hooks

    • Other than able to detect and remove rootkits, you can also view
    your computer processes, modules, services and files. It can also scan
    and list all the programs that are auto started when Windows is booted
    up. Another good thing about GMER is it has a built-in registry editor
    in case the rootkit or virus has enabled registry editing restriction.
    At the final tab, there is a CMD console where you can run command
    lines if the Windows command prompt has been disabled.

    Like I said, GMER did detect a rootkit on my computer but wasn’t
    able to totally remove it because it is a persistent virus that just
    kept coming back after cleaning it up. If GMER did not inform me about
    the rootkit presence on my computer, I could be the source of infecting
    many other computers with the computer virus.

    A lot of advanced trojan is able to use rootkit technology to hide
    the process by injecting to the kernel level but luckily not often used
    because it is unstable and will cause the computer to crash if it fails
    to inject. Although I personally do not worry so much on rootkit
    infection but it is still good to run GMER once in a while to check on
    my computer for any suspicious hidden process. It takes only a few
    seconds to scan your computer. If you can’t run GMER, maybe your
    computer is already infected by a rootkit that stops GMER from running.
    Try renaming gmer.exe to another name and then run it. There are
    actually a lot more free and portable anti-rootkit software, perhaps I
    should compile a list when I am feeling better from the bad flu that I
    am currently having.

    Download Now

    Technorati Tags: , , , ,

    Powered by Computer 2000

    Posted by computer2000consultingservices
    Filed in Free Software, Software, Virus Protection, Windows XP
    Leave a Comment »

    Leave a Reply