GMER

khanyash · April 28, 2012, 10:14am

GMER is showing this, any info?

Attached is the screenshot

[attachment deleted by admin]

malwarekiller · April 28, 2012, 10:18am

TDSSKiller:

run it and check it out!

khanyash · April 28, 2012, 10:26am

I ran kaspersky tdss, didn’t found anything.

malwarekiller · April 28, 2012, 10:27am

Change the parameters.

Open tdsskiller>>change parameters>>enable detection of TDSS file system>>click OK>>now try running it and delete the TDSS file system if found.

U can also try CCE

khanyash · April 28, 2012, 12:00pm

I already tried what you mentioned, both TDSS with changed parameters & CCE but nothing found. HitmanPro & MBAM too found nothing.

khanyash · April 28, 2012, 1:48pm

I know about the CTM entry.

I asked about the first entry to get some info as it mentioned rootkit like behaviour.

rhgtyink · April 28, 2012, 6:49pm

It’s just detecting the CTM bootloader, nothing to worry about.
the use of the ‘Home’ button at startup is build in the MBR, that’s why GMER detects a ‘changed’ and running other code MBR thus → Suspicious.

Bruja · April 29, 2012, 7:46am

GMER returned the same entry on my PC, when I had OpenHardwareMonitor turned on. Turning it off makes the entry disappear.