0

I'm trying to resolve a problem when I start up my PC. However, the GMER application closes before completing the scan.

I'm not sure if, it's due to a virus or not but half the time I start my computer it and all the programs are launched then it appears the computer becomes stuck and I have to perform a hard restart, nothing else works.

...please help,

3
Contributors
7
Replies
8
Views
5 Years
Discussion Span
Last Post by gerbil
0

Try downloading and installing ClamWin, and then scanning your system (both files and memory) with that. It is free, open source, and works quite well.

0

thanks Rubberman,

Part of the purpose of the GMER program is to perform a scan and create a log for inspection by a volunteer, see below. I don't know if, ClamWin can perform this function in sufficiently the same way. Can you advise?

Quoted Text HereAllow the scan as long as it needs and then click the save button and name the log GMER Two.log and save it to the desktop with the first GMER log.

0

Gmer can stick occasionally on some systems that are clean. Try running it in Safe mode firstly to see if you have a good copy, then properly in Normal mode... it can only detect rootkits that are running, many do not start in safe mode.

0

I can manage to start GMER initially at start a copy of the initial scan is here.

===============================================================
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-07-24 19:15:03
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3500418AS rev.CC35
Running: zu1uzu6f.exe; Driver: C:\Users\ejohnson\AppData\Local\Temp\awtcqkow.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\tdx \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

---- EOF - GMER 1.0.15 ----

====================================================================

I did perform a further scan by unchecking everything except system in Safe Mode and got a message "no changes" or similar.

I don't know what else is required to check for virus infection?

I'm trying to resolve a problem when I start up my PC. However, the GMER application closes before completing the scan.
I'm not sure if, it's due to a virus or not but half the time I start my computer it and all the programs are launched then it appears the computer becomes stuck and I have to perform a hard restart, nothing else works.
...please help,

0

You might try this online scan [it will not interfere with your TM AV]...
==Eset Online Scanner using IE only: http://www.eset.com/home/products/online-scanner
-with another browser it must install.
And MBAM, of course:
Please download Malwarebytes' Anti-Malware
from: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
=Dclick that file, mbam-setup.exe, to install the application,
-ensure that it is set to update and start, else start it via the icon, and UPDATE it.
Select "Perform QUICK Scan", then click Scan; the application will guide you through the remaining steps.
ENSURE that EVERYTHING found has a CHECKMARK against it, then click Remove Selected.
And then get a fresh copy of GMER, and try to run it in Normal mode.

0

Gerbil,

I ran Malwarebytes as you suggested after an update and a full scan, finding 4 files I deleted.

Then after re-installing GMER as well as unchecking devices and the unchecking the items suggested in the "readme", GMER ran successfully, the log is below.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-29 17:40:03
Windows 6.0.6002 Service Pack 2 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3500418AS rev.CC35
Running: GMER.exe; Driver: C:\Users\ejohnson\AppData\Local\Temp\awtcqkow.sys


---- System - GMER 1.0.15 ----

SSDT  881FFBE0                                                                     ZwCreateKey
SSDT  88236B40                                                                     ZwCreateMutant
SSDT  881FE6E0                                                                     ZwCreateProcess
SSDT  881FE9E0                                                                     ZwCreateProcessEx
SSDT  88236F00                                                                     ZwCreateSymbolicLinkObject
SSDT  88236480                                                                     ZwCreateThread
SSDT  882001E0                                                                     ZwDeleteKey
SSDT  88200AE0                                                                     ZwDeleteValueKey
SSDT  882370E0                                                                     ZwDuplicateObject
SSDT  88236840                                                                     ZwLoadDriver
SSDT  881FEFE0                                                                     ZwOpenProcess
SSDT  882360C0                                                                     ZwOpenSection
SSDT  881FF2E0                                                                     ZwOpenThread
SSDT  882004E0                                                                     ZwRenameKey
SSDT  882007E0                                                                     ZwRestoreKey
SSDT  88236D20                                                                     ZwSetSystemInformation
SSDT  881FFEE0                                                                     ZwSetValueKey
SSDT  881FF5E0                                                                     ZwTerminateProcess
SSDT  881FF8E0                                                                     ZwTerminateThread
SSDT  882362A0                                                                     ZwWriteVirtualMemory
SSDT  88236660                                                                     ZwCreateThreadEx
SSDT  881FECE0                                                                     ZwCreateUserProcess

---- Registry - GMER 1.0.15 ----

Reg   HKLM\SOFTWARE\Classes\.b64\ShellEx\{8895B1C6-B41F-4C1C-A562-0D564250836F}    
Reg   HKLM\SOFTWARE\Classes\.b64\ShellEx\{8895B1C6-B41F-4C1C-A562-0D564250836F}@   {E0D7930A-84BE-11CE-9641-444553540002}
Reg   HKLM\SOFTWARE\Classes\.mim\ShellEx\{8895B1C6-B41F-4C1C-A562-0D564250836F}    
Reg   HKLM\SOFTWARE\Classes\.mim\ShellEx\{8895B1C6-B41F-4C1C-A562-0D564250836F}@   {E0D7930A-84BE-11CE-9641-444553540002}
Reg   HKLM\SOFTWARE\Classes\.mime\ShellEx\{8895B1C6-B41F-4C1C-A562-0D564250836F}   
Reg   HKLM\SOFTWARE\Classes\.mime\ShellEx\{8895B1C6-B41F-4C1C-A562-0D564250836F}@  {E0D7930A-84BE-11CE-9641-444553540002}
Reg   HKLM\SOFTWARE\Classes\.tz\ShellEx\{8895B1C6-B41F-4C1C-A562-0D564250836F}     
Reg   HKLM\SOFTWARE\Classes\.tz\ShellEx\{8895B1C6-B41F-4C1C-A562-0D564250836F}@    {E0D7930A-84BE-11CE-9641-444553540002}

---- EOF - GMER 1.0.15 ----

So, please tell me if this log indicates anything?

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.