Polski GMER http://www.gmer.net
      all your rootkits are belong to us
Start
News
Rootkit
  Logs
Antivirus
Files
FAQ
Contact

Download

The latest version of  GMER 1.0.14.14536

GMER runs only on Windows NT/W2K/XP/VISTA


GMER application:   gmer.zip ( 792kB )
 
Userland rootkit detector:   catchme.exe ( 25kB )
 
Sample of undetectable rootkit: test.wmv ( 950kB Windows Media Video 9 codec )
 
Gromozon rootkit unhooking :   gromozon.wmv ( 0,6MB Windows Media Video 9 codec )
 
Log samples:   Rustock.B, Gromozon, Haxdoor, hxdef, BadRKDemo
 
IceSword + DarkSpy + GMER + pe386 rootkit :   pe386.wmv ( 0,5MB Windows Media Video 9 codec )
 
Example of rootkit scanning:   sysbus32.avi ( 3,8MB DivX avi file)


Thanks to: MR Team, CastleCops, ...


Version History:

This is list of changes for each release of GMER:

 

  • 1.0.14

    - Improved files scanning
    - Improved registry scanning
    - Improved "delete file" function
    - Added disk browser
    - Added registry browser and editor
    - Added registry exports
    - Added "Kill file" and "Disable service" options to help remove stubborn malware
    - Added new option "gmer.exe -nodriver"
    - Added new option "gmer.exe -killfile"

    gmer.exe -killfile C:\WINDOWS\system32\drivers\runtime2.sys

    gmer.exe -killfile C:\WINDOWS\system32:pe386.sys

    - Simplified displaying of device hooks
    - Added detection and removal of MBR rootkit

  • 1.0.13

    - Added kernel & user IAT hooks detection
    - Added AttachedDevice hooks detection
    - Added detection of hooks outside code sections
    - Added button "Save ..." log

  • 1.0.12

    - Added kernel & user mode code sections scanning ( inline hooks )
    - Added code restoring
    - Added \WINDOWS\gmer_uninstall.cmd script
    - Improved "GMER Safe Mode"
    - Improved hidden process scanning

  • 1.0.11

    - Added "Simple mode"
    - Added threads tab
    - Added hidden Alternate Data Stream ( NFTS Stream ) scanning
    - Added hidden threads scanning
    - Improved hidden process scanning
    - Improved hidden modules scanning
    - Improved hidden files scanning
    - Fixed devices scanning

  • 1.0.10

    - English version
    - Improved process monitoring
    - Added Autostart tab
    - Added "GMER Safe Mode"
    - Added "Files" window
    - Added full path of process
    - Added loaded libraries
    - Added hidden libraries scanning

  • 1.0.9

    - Improved hidden services scanning.
    - Improved ROOTKIT scanning.
    - Improved "Kill all" and "Restart".

  • 1.0.8

    - Added hidden services scanning.
    - Added hidden services deletion.
    - Added hidden files deletion.
    - Added restoring SSDT table.
    - Added Interpretation of the rootkit scanning.
    - Addes CMD tab - executing shell commands
    - Fixed showning registry keys
    - Fixed tracing library loading.

  • 1.0.7

    - Improved hidden files scanning.
    - Added "Services" tab.

  • 1.0.6

    - Fixed hidden registry keys scanning.

  • 1.0.5

    - Added online antivirus scanning.
    - Fixed scanning of rootkits that hooks devices' IRP calling

  • 1.0.4

    - Added rootkit scanning.
    - Added loading devices monitoring.

  • 1.0.3

    - Added log.
    - Fixed NTVDM.EXE tracing. 

  • 1.0.2

    - Added processes tab
    - Added "Kill all" function.
    - Added "Shell" option in the "Process" section, that executes other application instead of Explorer.exe 

    [Process]
Shell=gmer.exe
  • 1.0.1

    - First release.

    • Copyright (c) GMER 2004 - 2007