Go Back   Technibble Forums > Technical Discussions > Security, Viruses and Trojans
Reload this Page What GMER found on my bench machine
Register FAQ Forum Rules Search Today's Posts Mark Forums Read

  Technibble Sponsor

Reply
 
Thread Tools Display Modes
  #1  
Old 05-12-2012, 08:50 PM
TechLady's Avatar
TechLady TechLady is offline
 
Join Date: Sep 2011
Location: CA
Posts: 518
TechLady is on a distinguished road
Default What GMER found on my bench machine
So I ran GMER on my test bench machine just for ha ha's...and it found this:


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-12 13:46:29
Windows 6.1.7600
Running: nr7knxxh.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d3 6e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{C941EA10-6499-4293-ABBE-823E71A6FB60}?\Device\{8A7DF796-2B36-47A5-9FF7-6054DA4D5AC7}?\Device\{5226AEFD-382A-43D7-AE76-D66A12518BB4}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d3 6e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{C941EA10-6499-4293-ABBE-823E71A6FB60}"?"{8A7DF796-2B36-47A5-9FF7-6054DA4D5AC7}"?"{5226AEFD-382A-43D7-AE76-D66A12518BB4}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d3 6e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{C941EA10-6499-4293-ABBE-823E71A6FB60}?\Device\TCPIP6TUNNEL_{8A7DF796-2B36-47A5-9FF7-6054DA4D5AC7}?\Device\TCPIP6TUNNEL_{5226AEFD-382A-43D7-AE76-D66A12518BB4}?
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Epoch@Epoch 585
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Epoch2@Epoch 477
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Param eters\Interfaces\{14A4C815-30A4-487B-A65C-B991E0733348}@LeaseObtainedTime 1336844439
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Param eters\Interfaces\{14A4C815-30A4-487B-A65C-B991E0733348}@T1 -810639210
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Param eters\Interfaces\{14A4C815-30A4-487B-A65C-B991E0733348}@T2 1873715350
Reg HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Para meters\Interfaces\{08fe8736-b5be-4326-8391-b8df0917ff84}@Dhcpv6State 0
Reg HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Para meters\Interfaces\{2ad5242c-6a7b-4071-ac2a-53df72bb0f90}@Dhcpv6State 0

---- EOF - GMER 1.0.15 ----

Not sure what to make of it, if anything.

UPDATE: Interestingly, when I run it on my C: drive alone it finds nothing. All the above seems to be from my clone of the machine, on B:. Also, none of the entries are in red.
__________________
* * * * * * * * * * * *
builtbymom.com (NEW website!)
Everything tech with a mom's touch

G+ | Facebook | Twitter
Last edited by TechLady; 05-12-2012 at 11:40 PM.
Reply With Quote
  #2  
Old 06-20-2012, 02:38 AM
PcTek9's Avatar
PcTek9 PcTek9 is offline
 
Join Date: Nov 2009
Location: Mobile, AL
Posts: 933
PcTek9 will become famous soon enough
Send a message via AIM to PcTek9 Send a message via Yahoo to PcTek9 Send a message via Skype™ to PcTek9
Default
What are you using to clone this drive?
__________________
First in Research & Development of Magical Technology.
http://www.technibble.com/forums/image.php?type=sigpic&userid=11296&dateline=127803 7559
Reply With Quote
Reply

Tags
gmer, rootkits

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 09:18 AM.

Contact Us - Technibble - Archive - Top

Powered by vBulletin®
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Technibble.com is based out of MELBOURNE, AUSTRALIA.