GMER - detect and remove rootkits

[JimDriskill]

GMER detects rootkits and more, check the homepage for details:
http://www.gmer.net/index.php
There is no install, just unzip to the location of your choice and run.

[theboydanny]

Not entirely portable imho, considering it creates gmer.exe, gmer.dll, gmer.ini and gmer_uninstall.cmd in C:\WINDOWS... And a quick scan of my registry shows that it installs a service, gmer.sys...
So after running GMER you'd have to UNINSTALL it. There's more info here http://www.gmer.net/faq.php.
Nevertheless I have used this app before and it's a good one, along with sysinternals RootKitRevealer (which is portable!). I have a zipped copy of gmer on my pendrive in case of emergencies. Besides, you won't run it on a daily basis...

[Midas]

GMER version v2.1.19357 released (changelog at http://www.gmer.net/#files).

• GMER is an application that detects and removes rootkits.

  • 

Apparently GMER has been endorsed by AVAST:

• Avast! antivirus integrated with GMER actively protecting over 200 million PCs

There's an article at PCWorld explaining how to use GMER:

• Detect and remove rootkits with GMER
  http://www.pcworld.com/article/2023718/ ... -gmer.html

[TP109]

Be aware that the "how-to instructions" are vague don't provide any details on how to use this tool besides performing a scan - this is also the case on the gmer home page and on many other sites. I've been aware of this app for some time and have used it, but finding out how to interpret the results is difficult. This site provides the reason for all the "mystery":

Discussions pertaining to how GMER works, what it can or cannot do, what the log results mean, etc is not available to the public in order to safeguard and protect the integrity of the tool from malware writers. As such, our discussion in public areas is limited and sometimes may appear vague or not fully address a specific question .....

Many sites just recommend sending the results to the developer for interpretation.

[Midas]

Security through obscurity it seems, then... not my favorite.

An easier alternative I found mentioned in the PCW article's comments would be Kaspersky's TDSSKiller, freely available from http://support.kaspersky.com/viruses/disinfection/5350.

I haven't really tested for portability, but TDSSKiller does appear to consist of a single executable with no settings, so the odds are good...

[webfork]

Security through obscurity it seems, then... not my favorite.

Agreed. I prefer my security tools open or at least more open than this. When someone says "how does it work?" and the answer is "trust us," that is to me a meaningless answer. Who is working on it? Why are they doing anti-rootkit work in the first place? Do they have a reputation to protect (like SysInternals)?

That's not to say this isn't a great tool created by some real badasses who want to stay behind a shield of anonymity, but I don't know how to evaluate that.

Edit: here we go: https://en.wikipedia.org/wiki/GMER

[Midas]

Edit: here we go: https://en.wikipedia.org/wiki/GMER

• It still doesn't enlighten me or the general public about the inner workings of the tool. In view of its public record, I'm more than willing to trust GMER -- but I'd like to at least know where I'm threading...

[Wolfghost]

Updated GMER 2.2.19882

Windows XP/Vista/7/8/10
32-Bit and 64-Bit

GMER 2.2 Change Log:

Added support for Windows 10
Improved files & disk scanning

Download: http://www.bleepingcomputer.com/download/gmer/