Question: Do I have a rootkit ?
Answer: You can scan the system for rootkits using GMER. Run gmer.exe, select Rootkit tab and click the “Scan” button.
If you don’t know how to interpret the output, please Save the log and send it to my email address.
Warning ! Please, do not select the “Show all” checkbox during the scan.
Question: How to install the GMER software ?
Answer: Just run gmer.exe. All required files will be copied to the system during the first lanuch.
Question: My computer is infected and GMER won’t start:
Answer: Try to rename gmer.exe to test.exe and click test.exe.
Question: How do I remove the Rustock rootkit ?
Answer: When GMER detects hidden service click “Delete the service” and answer YES to all questions.
Question: How do I show all NTFS Streams ?
Answer: On the “Rootkit Tab” select only: Files + ADS + Show all options and then click the Scan button.
Question: Can I launch GMER in Safe Mode ?
Answer: Yes, you can launch GMER in Safe Mode, however rootkits which doesn’t work in Safe Mode won’t be detected.
Question: I am confused as to use delete or disable the hidden “service”.
Answer: Sometimes “delete the service” option wont work because the rootkit protects its service. So, in such case use: 1) “disable the service”, 2) reboot your machine, and 3) “delete the service”.