| Question: |
Do I have the rootkit
? |
| Answer: |
You can scan the system for
rootkits using GMER. Run gmer.exe, select
Rootkit tab and click the
"Scan" button.
If you don't know how to interpret the output, please copy
it using Copy button and send it using the feedback
form.
Warning ! Please, do not select the
"Show all" checkbox during the scan.
|
| Question: |
How to install GMER
software ? |
| Answer: |
Just run gmer.exe.
All required files ( gmer.dll and gmer.sys ) will by
copied to the system during the first lanuch.
|
| Question: |
How to uninstall GMER
software ? |
| Answer: |
Start C:\WINDOWS\gmer_uninstall.cmd script and reboot.
|
| Question: |
My computer is infected with Gromozon rootkit and GMER can't start: |
| Answer: |
Try to rename gmer.exe to test.exe and click test.exe. |
| Question: |
How to remove Rustock rootkit ?
? |
| Answer: |
When GMER detects hidden service click "Delete the service" and answer YES to all questions.
|
| Question: |
How to show all NTFS Streams ? |
| Answer: |
On the "Rootkit Tab" select only: Files + ADS + Show all options and click Scan button.
|
| Question: |
How to check what processes
are launched during WINDOWS boot-up ? |
| Answer: |
You should modify gmer.ini
file by adding the following section:
[GMERSYS]
Process=1
ProcessLog=1
LogFile=gmer.log
or you can check the following optiont on the
"Settings" tab:
All information about running process will be save to the
log file (e.g. C:\WINDOWS\gmer.log ).
|