What is Reddit's opinion of
GMER?
From 3.5 billion Reddit comments
➔ GMER website
By popularity on Reddit, this Service is:
28 reviews of this app found across Reddit:
- Trash your AV
- Deactivate your firewall (you most likely have NAT on your router anyway).
- Check your autostart entries every now and then from a boot disc. Autostart is the most sensitive spot of every malware, every malware needs to start with the system, yet it is just a fragile registry entry...
- Use GMER (http://www.gmer.net/) every now and then when your spider sense is tingling. Srsly, you can't fool GMER, it scans from the deepest possible point in your system, at ring0 and is impossible to fool, there is nothing deeper than ring0 on a usual PC where malware can hide stuff from. I always wondered why other AV vendors don't do it like GMER, it can detect all rootkits. But when a AV can detect everything, who will pay 30$ a year for signature updates...
- Scan your traffic while your PC is idle and see if you find something suspicious (You should do that using a transparent proxy, but I haven't heard of rootkits filtering traffic lower than WinPCap drivers, so Wireshark will do)
- Most important: Try to step out of your consumer role, think about how malware works, the core functions of malware all work the same and are very fragile
Use powerful anti-rootkits, people, most of these supposedly undiscoverable malware can be revealed by them:
https://sites.google.com/site/rootrepeal/
http://www.techsupportalert.com/best-free-rootkit-scanner-remover.htm
Very rarely will this be due to a rootkit. Granted, it can be, but it's a very low probability on the list.
There are other tools for finding rootkits - http://www.gmer.net/ for instance.
Much more likely someone managed to access an email account and found recovery seeds there or something.
~99.99% of malware will not survive an standard reinstall.
There are a rare few that can embed themselves in the MBR of disks or firmware of embedded chips.
You should be fine now. If you are concerned about the MBR possibility you can run this to find out http://www.gmer.net/
As for the extremely unlikely firmware method there isn't any real easy way to find out.
Download malwarebytes from malwarebytes.org, enable rootkit detection in the settings and do a full scan. If you are tech savvy you can also try GMER http://www.gmer.net/.
Did you download Fallout 4 from a private or public tracker? You can't trust anything from a public tracker.
Good advice, however, Rookit Revealer is not supported on Vista or 7. In either of those cases, try TDSS Killer, Rootkit Buster or GMER (This last one is very advanced.)
I haven't gotten this and I have done 2 full system scans. There may be a trojan or something which is actually replacing the lol exe file with another one that has actual ransomware inside it. Try running a scan with Gmer to see if you have a rootkit or something in the background. These will often run before malwarebytes starts, downloading and bypassing the software completely.
Edit: GMER is a very useful scanning tool. It is much harder to stop that MBAM or other AV's because it's EXE has no information about what it does, and it always has a random file name when downloaded.
Second EDIT: Modern Virus' will scan for publisher info to prevent MBAM chameleon from getting them. It's a pain in the ass if they can stop you finding them. If a rootkit is replacing the lol file on startup, them MBAM will only catch it when it is launched, and the file will not be replaced until boot, or unless the root can sneak past MBAM. No antivirus is perfect. If you get alerts like this, there is usually a reason. And considering LOL's slow patching, 2 weeks is enough to slip in some edits to the code which will get trojans on your system when you think lol is downloading an update etc. Also, giant userbase. It's the perfect target.
Third Edit: Mbam also has a rootkit scan, but may be stopped by the rootkit if you have one. Many rootkits and malware will actively start causing hell once they know they have been found, sometimes by removing you as an admin and by changing .exe file associations so they first run through other malware.
Might want to run a quick scan with Gmer to tell you if you have a rootkit.
Run a scan with malwarebytes.
Check processes in ProcessExplorer to see what's running - turn on the option to check digital signatures.
Check your page file settings. Did your resident AV is configured to scan when idle ? also check the taskscheduler to look for tasks that ran when the computer is idle.
svchost.exe is the basic layer to everything that is related to network, it is usual to have several of them running alongside.
You can also try to run GMER and have a look to the rootkit pane to see if something strange is hooked on your system (http://www.gmer.net/, download the version with random name, this Tools is targeted by rootkits)
Post the report on pastebin if you need help to read it
Run HiJackThis to have a complete view of what is starting when you open a session (https://sourceforge.net/projects/hjt/)
It can be some legit file that would have some specific attributes (system/hidden), or some malicious file that hide himself.
First, you can change your folder options to view system and hidden files. Then make again a search. You can also try using the command prompt, you may get different results.
If you don't find it, then boot in safe mode, where possibly the file won't be hidden by another process. Search from command line.
If you still don't find it, that's potentially not good news. It would mean possibly that some malicious process hook the system to hide this file (good point is that the process crash, at least he can't go on if it's malicious)
From there, try to run MalwareBytes, if he find Something, make a second pass till he didn't find anything. Removing a malicious piece of code can help you to see others malicious stuff.
If you didn't get any result, make a test with GMER (http://www.gmer.net/, take the exe with random name), this one is dedicated to show you all hooking in place in your system. He can find some rootkit by himself (if so will warn you), but mostly this is something you need to analyse by yourself. Post the results on Pastebin like that we can see the results of the scan.
"lurking on my cpu"
sell computer and buy a tablet to browse facebook.
if you want a serious anwser then this board isn't to teach you how computers work;
get malwarebytes and run chameleon in safemode (hold shift when pc is restarting to get into advanced boot settings).
if that doesn't find anything, get a rootkit scanner i.e. "viruses" "lurking" inside the windows kernel and as such most av and antimalware won't pick up on, I'd use GMER but something like kaspersky's integrated tool works as well.
and just so you know, cpu = central processing unit, i.e. the processor that does all of your computers computing.
Quello che farei io:
- cercherei il nome del file sospetto su internet
- avviarei una distro linux per vedere se trovo il file
- scaricherei qualche altro antivirus per vedere se mi trova altro per esempio proverei [gmer](http://www.gmer.net/)
Some DLL can't be loaded.
Look into the registry: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Make sure the AppInit_DLLs is empty.
In the event viewer, you should get some errors and it should tell you which DLL failed to load. If you can find it, you scan it with Windows Defender or whatever.
Run gmer as well, it's as good as any to detect Malware and Rootkits: http://www.gmer.net/
Otherwise, it could be a SxS error although , you would get a Side By Side error.
If all fails, back your files up, and re-install Windows.
MalwareByte is a very good product, but if you get hit by some real bad malware, he may not see them.
Malwares hooking the system can pretty easyli hide themslef and control whatever is on the system.
GMER is a good tool to check what APIs are hooked on your system (he can detect some rootkits by himself, but the product focus more on presenting you the real state of your system).
You can download it here (use the random name version, product targeted by malwares):
As this can be quit difficult to understand the output, start by running it with default option and post the result on pastebin, we canhelp you to check it.
Yes, that's what I wanted to see.
Problem is that we should see some stuff from Yontoo and others, and nothing show up. Either new version or something is protecting them on the background. I was suspecting something like that considering that with what you have done you should have been able to get ride of them.
Download GMER from this site :
Use the version with random name generated. Run it as admin on your normal session. If he found a rootkit, he will warn you. The product is not intended to be run as a simple scanner, so not having a warning does not mean that there is Nothing.
Run a normal scan with default options. If the product crash, we'll use fewer options.
Post the result on pastebin.
This product is intended to check out what are the process that could have been hijacked, or hooked over.
hooking is the deepest way to get into the system, and give you the ability to totally control what goes over. Including intercetpion of system messages, and hiding what is really on your system.
You can also from GMER use the registry editor and the file browser, where anything suspicious will be shown in red. Just quickly browse the c:\windows and c:\windows\system32 folder to check them out.
Also check out the users root folder with the file manager of gmer
> It's not just on one device, all my devices that are connected to the router and that has a browsing capability are compromised
>! When I connect a phone for example on another router
Where are the other router ? how do you connected it to internet ? it was from another physical place ? or same house ?
what kind of router do you have ?
>I recently changed it to a completely new one with all the safety measures set to the absolute highest. Yet, the stalker still has access to my internet activity across multiple devices. How in earth is this possible?
Various solution come in mind. A new router with all safety measure set are not really helpfull if your router have a backdoor. Some brand of routers had built-in backdoors (they are usually removed just after being discovered)
Physical access also, but less realistic, still possible.
Working for your ISP ? or having some kind of access to your ISP proxy.
Some category of malwares can be really hard to detect. Depend on witch rootkit you choose, you completly hook the system, meaning EVERYTHING can be filtered, especially when it goes to circumvent Anti-virus.
When you scanned your computer, did you do it using the OS installed on the computer, or did you boot on another media, using tools from media that could not have been tampered with your own OS ?
You can run GMER (http://www.gmer.net/) and post the result at pastebin, I'll give it a look.
Have you tried to stalk the stalker ?
You are probably right on the fact that is not your keyboard, but your software.
Keyboard just send keystroke, the system is in charge of reading them, and feed them to the OS.
The problem with those multi-task OS, is that you have to develop in a way that let the system does his job. Usually, in any Windows app, you have a main loop where you give the hand back to the system, that will deal with event such as keyboard input.
So, I would suspect that one application is messing with the system and may be stuck in some sort of loop waiting for an answer before releasing the hand to the OS.
First of all, check for keylogger, as they are hooking the keyboard, can give some strange behavior, the best tool for that would be GMER (grab it here : http://www.gmer.net/, take the exe with random name), if you don't understand the output, upload it to pastebin and leave the URL here.
The hard part would be to narrow the problem.
Does that happen when you are browsing online ? if yes, and it happen mostly when you are browsing, try to disable all add-on/plugins and ran some tests.
Does it happen, not in regard of any usage, but at regular intervals ? check your task scheduler and loook if the timing is approximatly the one where you see, either a singular task running or a task crashing.
Do you have some regular alerts in the event log (even if no related at first sight) ?
When you loose the keyboard, as the mouse work fine, launch the task manager. Do you see a process high on CPU ?
The Firefox process itself can be infected, so you won't see that through extension.
When you start your session, just log in, and directly goes to the task manager. Did Firefox show up despite the fact you didn't start it ? if so, you can try to go through safe mode, manually remove Firefox, and everything Under your profile that is related to Firefox. Then start back again on a normal session and re-install Firefox.
But considering that malwarebytes and spybot didn't catch anything, could mean that the malware is protected. So you may face a rootkit more than a malware.
Download GMER from http://www.gmer.net/, take the EXE with random name, (GMER is commonly targeted by malware) and run a scan. GMER is able to recognize some rootkit by himself and will warn you if he find one.
If GMER didn't tell you anything, it doesn't mean that you didn't got a rootkit, so we'll have to go through the output to see if everything look normal.
It bring back the factory setup, so yes, you have lost what you have done after. Bad news is that you still have the problem, which would mean that the base image is corrupt.
If you didn't do it already, run a chkdsk on your drives.
We'll also make a quick check for some rootkits, in case of. For that, you'll have to download GMER (http://www.gmer.net/), download the random named exe, then run it with admin priv.
If he pop a message saying he have found a rootkit, follow instruction to remove it. If he don't found anything with his scanner doesn't mean you didn't got a rootkit. Run an analysis, and post the result on pastebin, I'll have a look at it (looking for malicious hooking there, need a bit of knowledge to read the result)
Try running it in safe mode, but be aware that rootkits that don't function in Safe mode won't be detected, but it would be good to see if it will run. You could also try an older version.
Maybe rootkit:
http://www.gmer.net/ - Hit Download EXE button, run it as admin, see if it notices anything when it opens.
It has MBR check integrated now so that other possibility is covered too.
Both of you are correct, it's an excellent tool and owned by Trend Micro.
It's always been an excellent tool, Trend Micro bought them (for the same reason).
If you're going to the trouble of posting logs, please post logs from GMER too, might make it a bit easier to spot rootkits (given you've done a whole reinstall - rootkits can survive this).
Your specs are good, you shouldn't have trouble running the game.
Maybe your antivirus is too heavy ? Or maybe you have a virus ? I once got a nasty gpu virus that was very troublesome to detect and clean...
edit:This was the only one that detected the virus for me http://www.gmer.net/
I would suggest that you install GMER and make sure you have the rootkit removed. I deal with systems at my work, and plenty of people have gotten this recently, and one machine in particular's rootkit could not be found with malwarebytes. You might be overly paranoid, but GMER will tell you what is underneath the OS, and help you to remove it.
GMER - http://www.gmer.net/ (rootkit detector)
apparently though it is a system file and it is not recommended to be deleted - http://www.fileinspect.com/fileinfo/srvcli-dll/
Sounds like you may need to repair your Windows install
Are you logging in as the actual Administrator account and not an account with Admin permissions? There's a difference.
click on the start menu and choose run, if that is gone hold the windows key and press the letter 'r'.
In that box type msconfig
go to the startup tab and disable everything
reboot your pc and reinstall malwarebytes from scratch. (download a new exe file from their website)
if that still doesnt work then you'll need to install malwarebytes to a flash drive and run it that way.
you'll also want to check to make sure your host file wasn't altered. c\windows\system32\drivers\etc\hosts
http://winhelp2002.mvps.org/hostsdefault.gif (it should look like this, and nothing else really)
if both of those fail you might need a rootkit scanner. http://www.gmer.net/ ^^ that one should do it. :)
On Windows 7, you can clean the Master Boot Record and replace it with a standard Windows 7 boot record without affecting the partition table. Boot into the F8 Advanced Recovery Console and login as an Admin user. Select a Command Prompt. Run bootrec.exe /FixMbr. That will get rid of a rootkit if installed. If you want to, you can use GMER or RootkitBuster to verify.
What kind of security software are you running, has your machine been infected before ? Can you message me or post a Gmer and a Hijackthis log ?