I've been checking and talking with colleagues. The consensus is that GMER didn't run to completion. That's why the Save Button
wasn't available. When the scan finishes you should get a pop up box saying "The scan finished successfully."
with an OK
button to click.
I spent the day yesterday running GMER on my machine. The screenshot you posted in post#73 shows that GMER was still doing the initial Quick scan
and that it was processing the C:\Windows\system32\ks.sys
file. That's why the Save
button wasn't available.
Gmer can take hours and hours to run to completion even when it runs properly. And on some systems it just won't run properly....don't know why.
I just wanted to look for rootkits with a different tool. But since we know TDSSKiller will run let's run it again. If it doesn't show anything, and I don't think it will, you should be good to go.Step-1. TDSSKillerPlease read carefully and follow these steps.
Download the latest version of TDSSKiller from here
and save it to your Desktop.
- Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters. (See the image below)
- Make sure the boxes under Objects to scan are checked like the image below.
- In the Additionak options section, check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system. (See the image below)
- Click OK
- Click the Start Scan button.
- If a suspicious object is detected, the default action will be Skip. DO NOT change the default action, click on Continue. (See the image below)
- If malicious objects are found, they will show in the Scan results and offer three (3) options.
- Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
- Get the report by clicking Report
- Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt"
. Please copy and paste its contents on your next reply.Step-2.Things For Your Next Post:Please post the logs in the order requested. Do Not
attach the logs unless I request it.1.
The TDSSKiller log