Running GMER on one of my computer I get this report:
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior
Anything to worry about? I have checked with other rootkit progs and they report nothing like this. Suggestions?!
Thanks, CBA
Postscript: did some disk house cleaning and ran a few rootkit progs and the issue seems to be resolved. The above error message is gone and the GMER report is 'normal'. Issue is now an non-issue.
Hi Ed, thanks. As noted in the postscript to my 1st posting, the issue has been resolved.
Postscript: did some disk house cleaning and ran a few rootkit progs and the issue seems to be resolved. The above error message is gone and the GMER report is 'normal'. Issue is now an non-issue.
Not sure what made the difference, but, I deleted a large number of old files in RECYCLER, possibly stuck there after a frozen system close-down. Also, I ran additional Rootkit and MBR check programs .. all of which gave me a clean bill of health.
As for GMER, no, I don't use it much .. and, yes, I'm aware of the fact that the output is not always easy to interpret. Scary, some people say. As I have numerous other on-demand malware/rootkit scanners and all showed 'system okay', I was just checking on the basis of 'better safe than sorry'.
Other than that, I did download a fresh copy of GMER .. same version number, but, that's when I got a normal report back. Nothing about the Disk Sectors, just this:
---- Devices - GMER 1.0.15 ----
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
---- EOF - GMER 1.0.15 ----
Thanks for your comments, though. Best, CBA
Running GMER on one of my computer I get this report:
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior
Anything to worry about? I have checked with other rootkit progs and they report nothing like this. Suggestions?!
Thanks, CBA
Postscript: did some disk house cleaning and ran a few rootkit progs and the issue seems to be resolved. The above error message is gone and the GMER report is 'normal'. Issue is now an non-issue.
Go to VirusTotal @ http://www.virustotal.com and select the file in question and click on Scan. It will appear that nothing is happening as they redesigned their site recntly. Be patient your file is uploading and will be scanned by 43 different antivirus programs. P/ost a link to the VirusTotal result's here and someone will be able to help you better. Also download HijackThis from http://www.filehippo.com/download_hijackthis/ . Install it then right click on HijackThis! in the start menu and select Run As Adminstrator. Click on Main Menu , click on Do a full system scan and save a log file. A file will open up in Notepad on your desktop. Right-click starting to the left of the 1st word and drag your mouse down to the bottom of the text in Notepad. Right-click where the area is blue and select Copy. Now go to this website http://hijackthis.de/en and you se a white box with Analyze below it. In that empty box right-click and select Paste, then click on Analyze. Scroll down the list and look for anything that has a red X to the right. Make a note of those lines with the Red X's and click on the HijackThis program that's open on your pc. Scroll and anywhere that websiite has a Red X , place a check mark in the box to the left of that line in HijackThis and click on Fix and let it restart your pc, if need be. That will remove those bad files from your pc.
Hi again CBA
You wrote..........................
Thanks for your comments, though. Best, CBA
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------
You're welcome CBA.....Happy to hear you got it sorted ....As you rightly say ....Always better to be safe than sorry 
Cheers.............Ed
Hello brkkab123,
Go to VirusTotal @ http://www.virustotal.com and select the file in question and click on Scan. It will appear that nothing is happening as they redesigned their site recntly. Be patient your file is uploading...
There is no file to upload and/or to scan.
Also download HijackThis from http://www.filehippo.com/download_hijackthis/ . Install it then right click on HijackThis! in the start menu and select Run As Adminstrator...
HijackThis is always a good thing to run and I do so frequently. This time, nothing suspicious at all. I know every single entry in my logfile by heart.
Thanks, CBA
Kind of doesn't make sense, but any update Norton, download Malwarebytes free (http://www.malwarebytes.org) and SUPERAntiSpyware free (http://www.superantispyware.com). Install both and let both update themselves. Now go into Safe Mode and run full scan's with all 3. Then download and run Norton Power Eraser and let it scan your pc. To get Power Eraser do a quick scan with Norton and don't click Finish click on the llink where it asks if you still think you have threats. Power Eraser is on the left and Norton Bootable Recovery Tool is on the right click either button to download each.
Kind of doesn't make sense, but any update Norton, download Malwarebytes free (http://www.malwarebytes.org) and SUPERAntiSpyware free (http://www.superantispyware.com). Install both and let both update themselves. Now go into Safe Mode and run full scan's with all 3. Then download and run Norton Power Eraser and let it scan your pc.
Hi again.,
NAV 2012, MBAM, SAS and PE are all part of my package of protective programs. None flagged the issue at hand as 'bad', so, I assume it was a false positive by GMER. Or the actions taken removed the Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior 'flag'. At any rate, from my perspective, the issue is resolved. Thanks for your suggestions. Best, CBA
Your welcome.