PDA

Просмотр полной версии : How to make a log with antirootkit GMER



Rene-gad
12.08.2009, 10:17
1. Download the last version of the program from http://www.gmer.net/#files
2. Save the file on the hard disk in any non-temporary directory. The best of all - make a new directory for GMER.
3. Close/disable all resident security programs (firewall, antivirus etc.). We recommend you to disconnect your PC from network just before.
4. Start the file gmer.exe with double click.
5. After starting wait a couple of minutes and let GMER scanning the active processes and services.
6. Press the button SCAN and let GMER to make a FULL SCAN of your system. It takes some time: in dependence from the quantity of files, system and CPU - 30 ... 300 minutes.
7. After scanning press the button SAVE an save the logfile anywhere, the best of all - in the same directory with gmer.exe.
8. Close GMER, reactivate your security programs, go online, attach the log file to your new message.

Rene-gad
20.11.2009, 15:00
If in your gmer-log should be found one or more malicious items, you'll be advised to execute a sequence of commands. There are DOS-Commands, they are transparent and you can understand What is gmer doing now also without special IT-knowledges.
You'll become a code in such form:

gmer.exe* -del service maliciousservicename
gmer.exe -del reg "maliciousregistrykeyname"
gmer.exe -del file "maliciousfilename"
gmer.exe -reboot
Another commands could be included by Helpers, too.
Pls. don't add or remove any letter from the given code!!!
In the worst case your system could be dismantled.
Now:
- close all applications
- disable your antivirus and firewall
- start gmer.exe (or the same file with random generated name) with double click.
- press the button >>>>>>
- open the register CMD
- copy the content of CODE you'd receive from your Helpers in the upper window.
- press the button RUN

You PC should be rebooted automatically. After reboot pls. activate your security applications and follow the further recommendation of your Helpers.
===============================================
*) Instead of gmer.exe the random generated name of gmer could be used.