Check a system for rootkits with Gmer - gHacks Tech News

Check a system for rootkits with Gmer

Gmer is a free rootkit scannerthat you can make use of to scan a Windows system for rootkit traces.The application is not a one-click solution though like Malwarebytes Anti-Rootkit or BitDefender Rootkit Remover as you do need to look through the findings and dig deeper to make sure that what has been found is indeed a rootkit.

While it helps you with that, by highlighting potential rootkits in red, it is usually necessary to research each finding to come to a conclusion.

The interface looks very user friendly but the settings, options and the results require at last basic knowledge of rootkits and other means of harming the system to apply and understand them in the correct way. Gmer does notify the user if it spots something suspicious and displays those results in red in the main window. The two screenshots below show two typical scan results after performing a scan of your computer with Gmer.

gmer rootkit scanner rootkit scanner

As I said earlier, running Gmer is really easy to use. Just start the application, select the drives you want to scan for rootkits and click on the scan button. You can include or exclude specific scan types on the right, but that is usually only an option if you are looking for specific types of rootkits to speed up the scanning. Gmer does scan the system automatically and displays the results in the main window. If you spot red entries you should try and search the Internet for clues about them. It is possible to kill processes, service and files by right-clicking an entry in the main window.

Next to scanning for Rootkits you can also scan for Autostart entries, check running processes, services and modules and activate the Intrusion Prevention System and the Firewall. Take a look at this nice Gmer tutorial which walks you through a basic process.

Update: The tutorial is no longer available. I did find a video tutorial for Gmer that you can use instead. It runs for about eight minutes and goes through the key features of the rootkit detection program.

Note that while it provides you with information about rootkits and how to use Gmer, you'll still need to use search engines to find out more about hits on your PC.

The program has been updated in 2013 to version 2.0. Check out our review of the new version here.

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:

Comments

  1. skan said on June 12, 2007 at 12:42 pm
    Reply

    Hello.
    One can see all services on the computer (disabled, automatic, manual) using gmer as we can do it with services.msc, but, GMER also shows you boot and system services and lets you to modify them.
    I tried to disable klif.sys (from kaspersky, having that software not running on memory and having it’s service disabled too) but gmer doesn’t seem to work, even in safe mode.
    A popup menu appears when clicking on klif.sys line and I choose disable but it doesn’t change anything.

    Does anybody know how to disable system and boot services?
    I know I could remove some lines from regedit but I’d prefer something reversible.
    I don’t mind to use any other software but usual ones don’t even show you that services.

  2. Mike B said on April 25, 2012 at 12:51 am
    Reply

    “Take a look at this nice Gmer tutorial which walks you through a basic process.” Well, sure I would love to — but I can’t find a link?

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.