Looks like we have a really nasty little bugger on our hands. We'll have to be a bit more aggressive.
Before we start, I like to exercise a little caution. We'll try to avoid getting caught out by a damaged Windows like before.
Please download & install -
ERUNT (This is a utility that'll replicate a copy of your Registry)
- Start ERUNT, confirm the Welcome message.
- Next, select the backup options:
- System registry
- Current User Registry
- Other open user registry
- Click "OK" and wait until the backup process is complete. (Note that depending on your system configuration this may take some time, and that the first bar is NOT a progress bar, just an indicator that the program is still running.)
# Note: To ensure proper operation of ERUNT, you should be logged in as a system administrator.
If Window crashes again, we can use ERUNT to restore your registry
* * * * *
Now run Gmer again.
Under the 'Processes' tab, select Safe. This will cause Gmer to reboot into Safe Mode
Once there, gmer wil re-open. Select 'Processes' again & then select 'Kill All'
That shall leave a minimal amount of processes running. This ensures that we get a clean enviroment for our rootkit scan
Select the rootkit tab, press scan & when it has finished press save & copy the log back here
< edit/
Gmer does not have an option to save a log. You need to click the 'copy' button to copy the data to memory. After that, this data needs to be pasted onto a text editor (eg Notepad).
Unfortunately, during the Safe Mode, you do not have the luxury of a Desktop. Getting the data to Notepad would be difficult.
To get around this, go to the 'Processes' tab again & locate the little box where it says 'Command'.
Type Notepad into the box & click the 'Run' button. That will bring up Notepad for your use.
** Do not save the file to Desktop. Save it at the root of Drive C. ** /edit >
Note: You shall need to go back to the 'Processes' tab to click 'Restart' to return to Normal Mode.
__________________
Question - what have you done for the community today?