Author Topic: Avast! With GMER  (Read 10648 times)

0 Members and 1 Guest are viewing this topic.

SAMEE

  • Guest
Avast! With GMER
« on: December 10, 2010, 09:43:10 AM »
:) Is GMER Anti-Root Kit engine using by Avast! Free 5.0...?

SafeSurf

  • Guest
Re: Avast! With GMER
« Reply #1 on: December 10, 2010, 09:48:17 AM »
GMER is a rootkit scanner.

Avast does have a boot-time scanner, but I do not know what they use for their detection.  This would be a question for one of the Avast developers. 

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: Avast! With GMER
« Reply #2 on: December 10, 2010, 10:12:33 AM »
Yes, GMER technology is used in avast! to detect and eliminate rootkits and other hidden software. Though it has been highly modified so i'm not sure how much of the original GMER remained in it.
Visit my webpage Angry Sheep Blog

SAMEE

  • Guest
Re: Avast! With GMER
« Reply #3 on: December 10, 2010, 10:32:06 AM »
GMER is a rootkit scanner.
Avast does have a boot-time scanner 

::) I have known about that you said. However, I need to recognize that GMER technology is already included in Avast or Not.

SAMEE

  • Guest
Re: Avast! With GMER
« Reply #4 on: December 10, 2010, 10:42:19 AM »
Yes, GMER technology is used in avast! to detect and eliminate rootkits and other hidden software. Though it has been highly modified so i'm not sure how much of the original GMER remained in it.

 :DOH!Nice to hear about that RejZoR and thanks for update.

Offline Infratech Solutions

  • Avast Reseller
  • Super Poster
  • *
  • Posts: 2395
  • Mayorista e integrador de Avast en España
    • Ciberseguridad Avast para empresas y MSPs en España.
Re: Avast! With GMER
« Reply #5 on: December 10, 2010, 10:59:59 AM »

SAMEE

  • Guest
Re: Avast! With GMER
« Reply #6 on: December 10, 2010, 11:14:09 AM »
Here is some information about AVAST & GMER:

http://www.avast.com/pr-avast!-gmer-technology-gets-top-score-in-rootkit-detection-tests

 :D “GMER is fully integrated and optimized within avast!,” said Przemyslaw Gmerek, founder, GMER."  8) Avast! is the Best!

Thanks Edj!!!

s4u

  • Guest
Re: Avast! With GMER
« Reply #7 on: December 10, 2010, 11:27:29 AM »
Wow, I missed that information. Great!!!

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Avast! With GMER
« Reply #8 on: December 10, 2010, 03:59:40 PM »
Wow, I missed that information. Great!!!

Well, you missed it long time before... ;)
http://blog.avast.com/2009/07/17/avast%E2%80%99s-top-5-hidden-gems/
asyn

Quote
4. Strong antirootkit shield. Starting with version 4.8, avast has a built-in antirootkit scanner. It is based on GMER, one of the most respected specialized antirootkit applications available (in fact, the guy who created the original GMER now works for us). We’re constantly improving the internals of this component so that it’s able to detect and remove even the latest threats, including e.g. the infamous MBR rootkit.

Normally, it’s not necessary to perform any manual rootkit scans as these are done automatically each time you restart your computer. Uses of the Professional Edition can run a manual rootkit scan by creating a task in the Enhanced User Interface and selected Rootkit scan in the Scan Areas section.

« Last Edit: December 10, 2010, 04:01:36 PM by Asyn »
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

stxNTrm06

  • Guest
Re: Avast! With GMER
« Reply #9 on: December 11, 2010, 01:00:34 AM »
Sorry to disappoint someone, but my experience with GMER is not among the brightest.

I had no problems with GMER version 1.0.14.14536. This is an installation version - it places 4 files in WINDOWS folder, one driver in drivers folder and registers gmer service and I am still using it at present. 

Disappointment came with the newer version GMER 1.0.15.15281 which caused system instability and crashes. This is portable version and gmer.exe file is UPX compressed.



This picture is taken from Sysinternals Process Explorer while GMER 1.0.15.15281 is performing a scan and shows how the system in the backgroung gradualy is getting overloaded to 50 % by two threads and within the next 3-4 minutes the overload rises to 100 %, the system becomes inresponding, further investigation impossible and GMER continues scanning without proplems.

The svchost.exe threads in Process Explorer:

kernel32.dll!CreateThread+0x22 (26 % overload)
ntdll.dll!Rt!AllocateHeap+0x18c (25 % overload)

This situation occured just the same way in different modes:

1. In normal mode
2. In safe mode
3. With firewall enabled (PC Tools).
4. With firewall disabled
5. With used Operating System - Windows XP SP3.
6. With newly installed and updated (including drivers) Operating System - Windows XP SP3 and no other software installed.

And there was no support for GMER and none of my E-mails were ever answered.

Quote
"... Avast! is the Best! ..."

Maybe, but not the GMER technology. That is the reason I am still afraid to perform full scans in Avast, because of the GMER crashing technology.

The cause for my system instability using GMER 1.0.15.15281 remained uncleared but I suppose it was because of that version some incompatibility with systems based on Intel Processors supporting Hyper-Threading Technology (Two Virtual Processors) enabled in BIOS which is my case.

So, if those anti-malware-test.com tests were performed on my system, GMER would have been at the bottom of the list because of inability to perform any scans at all and that might have been the case with some others too:

GMER?
http://www.wilderssecurity.com/showthread.php?t=262268

Thanks.  ::)

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: Avast! With GMER
« Reply #10 on: December 11, 2010, 01:19:38 AM »
In all the time I have had avast5 with the (GMER based) anti-rootkit built in I have not had a single problem with any of the scans incorporating it.

I think that because of the way the avast anti-rootkit module is built even with GMER technology it is a world of difference as the avast module isn't the same raw data gathering and leave it up to the user to decide what is or isn't a rootkit. The idea of the avast anti-rootkit module is where ever possible to have taken those decisions for the user.

I have had problems running the stand alone GMER anti-rootkit scan in the past, I can't recall the version now, yet none with any avast scan incorporating the anti-rootkit scan.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

SAMEE

  • Guest
Re: Avast! With GMER
« Reply #11 on: December 11, 2010, 09:59:01 AM »
I had no problems with GMER version 1.0.14.14536. This is an installation version - it places 4 files in WINDOWS folder, one driver in drivers folder and registers gmer service and I am still using it at present. 

Disappointment came with the newer version GMER 1.0.15.15281 which caused system instability and crashes. This is portable version and gmer.exe file is UPX compressed.

 :o Would this be a GMER Version problem?

SafeSurf

  • Guest
Re: Avast! With GMER
« Reply #12 on: December 11, 2010, 12:17:00 PM »
Would this be a GMER Version problem?
Perhaps.  But I agree with DavidR in that I have never had a problem on any of the machines I run using Avast 5.0+ with a Boot-time scan using any OS.  So please feel confident that it is fine to run. 

Offline SpeedyPC

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3398
  • Avast shall conquer the whole world
Re: Avast! With GMER
« Reply #13 on: December 11, 2010, 03:02:52 PM »
I had no problems with GMER version 1.0.14.14536. This is an installation version - it places 4 files in WINDOWS folder, one driver in drivers folder and registers gmer service and I am still using it at present.  

Disappointment came with the newer version GMER 1.0.15.15281 which caused system instability and crashes. This is portable version and gmer.exe file is UPX compressed.

 :o Would this be a GMER Version problem?

May I ask what firewall are you currently using? I had a similar problem related to system instability and crashes using Comodo and I've managed to solved to the problem, only if you're using Comodo Firewall which is related to an Execution Control Setting problem and a few minor things in the Comodo settings.

I just need to know what firewall are you currently using before I give you further instruction.

(Edited) Forgot I didn't have any further problem using the latest GMER version with my current system setup below my sig.
« Last Edit: December 11, 2010, 04:59:41 PM by SpeedyPC »
Gigabyte 670 LGA1200 Full ATX MB | Intel Core i9-13900 CPU/LGA 1700 | GeForce Nvidia RTX-4070/12GB | 32GB DDR4 | 2 x 1TB Samsung SSD | W11 Home 64bit | Avast Premium v23.11.6090 | Avast SecureLine VPN | Avast Secure Browser | Avast Driver Updater | Avast BreachGuard | Firefox 64bit | MalwareBytes Premium | Adguard Premium | CCleaner Portable | Macrium Reflect | 7-Zip

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Avast! With GMER
« Reply #14 on: December 11, 2010, 04:55:21 PM »
But I agree with DavidR in that I have never had a problem on any of the machines I run using Avast 5.0+ with a Boot-time scan using any OS.  So please feel confident that it is fine to run. 

+1
Also keep in mind that avast performs a root kit scan every time you start of your machine...!! (about 8 mins after boot-up)
asyn
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0