GMER Questions.

[Cale]

Hi, I'm a long time user of MBAM, but first time poster. I was directed here by a friend, as a possible place i could get some questions answered about the GMER RootKIt detector, since the gmer site doesn't seem to have a forum, and the FAQ is abit limited. Hopefully it is ok to ask here ?

1) When i go the Rootkit/malware tab, many of the options/check boxes on the right hand side of the program window are grayed out, and cannot be selected for use with a scan. Is this normal ? and is there a way to activate them / do i need to activate them ?

2) When i go to the Autostart tab, and click Scan, nothing happens, even when i check the "show all" check box. Is there fix for this ?

3) The gmer site mentions "showing all NTFS Streams" by selecting only the Files + ADS + Show all options in the Rootkit/malware tab and clicking scan. What is "showing all NTFS Streams" ? and do i need to perform this scan method as well as the default scan (eg Selecting Services + Registry + Files + ADS) in order to find all threats ?

4) Occasionally when i perform a "show all NTFS Streams" scan by using the scan method outlined above. Gmer with find this result:

C:\Users\usernamehere\AppData\Local\Temp\flaXXXX.tmp (where XXXX's are random numbers & letters)

Is this anything to be concerned about ?

5) What dose the ADS scan option do / stand for ?

6) And finally, would you say GMER is a good anti-rootkit tool to use ? (i also use tdsskiller) and are there any other anti-rootkit tools i should use aswell, or is tdsskiller & gmer enough for an average user like me ?

PS - also i'm thinking of purchasing the MBAM Pro version, but i wanted to know is the real time protection module just for malicious websites, or is like an actual on execution scanner, eg it's looks at new processes that start and all .exe's that you activate.

Thanks in advance. Cale.

[DarkSnakeKobra]

I can answer some of the questions, but not all of them. A more knowledgeable person should see this thread shortly and be able to clear everything up.

5. ADS stands for Alternate Data Streams. It's a highly advanced topic that involves operating system design.

http://en.wikipedia.org/wiki/Alternate_data_stream

6. Yes and no. It's a good tool, but it should not be used as a regular tool. You need to be specially trained at a Malware Academy to understand how it works and how to interpret the logs it gives.

Both. It blocks malware execution long after your antivirus would have caught it. It should be used with an antivirus.

[Merit_support]

6. Many antivirus engines use GMER as their rootkit detector. Avast is one of them. So if you have a good antivirus program running, you probably do not need GMER too.

As for features gained by upgrading to Malwarebytes Pro, there is a good list here - - http://www.malwarebytes.org/products/malwarebytes_free

[DarkSnakeKobra]

6. Many antivirus engines use GMER as their rootkit detector. Avast is one of them. So if you have a good antivirus program running, you probably do not need GMER too.

As for features gained by upgrading to Malwarebytes Pro, there is a good list here - - http://www.malwareby...lwarebytes_free

Yep, but these antivirus's integrate GMER and have their own way of dealing with the results. As a standalone(by it's self) tool it is generally not recommended as a user can easily screw up there computer.

[Cale]

How is the MBAM Pro with games, as i've always had problems with on access scanning modules causing slowdowns or conflicts with games in the past.

[exile360]

It isn't an on-access scanner like your antivirus, so it shouldn't cause any performance problems. It scans on execution when files try to run in memory, and if they aren't malware, then Malwarebytes Anti-Malware just leaves them alone and lets them do what they do.

I'm a gamer myself (first person shooters mostly) and I have been using Malwarebytes Anti-Malware PRO on my system along with my antivirus for years now and have never had any performance problems because of it.

[Cale]

Thanks for the replys. I haven't been able to get all the scan options & autostart thing working in gmer, but gmer reports that "no system modifications were found" so i guess thats all that matters.

On a side not, when you exit the MBAM real time protection module, i noticed that the mbamservice.exe still remains active/running is that normal ?

[fivealive]

I play a wide range of computer games and Iv only had a problem with mbam when playing a game that uses a peer2peer type system for updating its files ( like wow). The only other time iv seen it block a game is if the server. The game is hosted on is malious in nature ( like I was playing killing floor on steam and. One of the servers/hosts for a multiplayer game was blocked )

[exile360]

On a side not, when you exit the MBAM real time protection module, i noticed that the mbamservice.exe still remains active/running is that normal ?

Yes, that's normal. The service runs in kernel mode, so stopping the protection module's service once it has been started is likely to cause system instability, so we avoid that by not allowing the service to be stopped once the protection module has been enabled.

[Cale]

Yes, that's normal. The service runs in kernel mode, so stopping the protection module's service once it has been started is likely to cause system instability, so we avoid that by not allowing the service to be stopped once the protection module has been enabled.

Ahh i see. Wondered why there was no option to stop the service in services.msc.

I'm currently using the trial version (which i have to say i was glad to see how easy it was to hop into the trial version with no messing around, one click and the trail starts, done.) I assume that MBAM just cuts off the protection module when the trial ends.

Out of interest what anti-virus do you use exile ?

[exile360]

Ahh i see. Wondered why there was no option to stop the service in services.msc.

I'm currently using the trial version (which i have to say i was glad to see how easy it was to hop into the trial version with no messing around, one click and the trail starts, done.) I assume that MBAM just cuts off the protection module when the trial ends.

Yes, it will turn itself off once the trial ends, and prior to that when the end of the trial draws near, it will pop up a small tray notification telling you it will soon expire, and if you wish, you may either purchase the PRO version at that point or end the trial if you wish, or just let it run out on its own.

Out of interest what anti-virus do you use exile ?

I used to use Kaspersky Antivirus, but for the past year or so I've been using Microsoft Security Essentials.