gmer.exe and mbr.exe are available for download at http://www.gmer.net/. They’re widely recommended as rootkit finders. I’ve run gmer.exe before without problems. This is the first time I’ve tried to run mbr.exe.
I can’t find any operating instructions or documentation for mbr.exe. Is there any? For example what op systems does it support? How is it supposed to work? I’ve asked the author but no response (yet).
When I ran mbr.exe there was an immediate black screen, then computer rebooted, and no log file was generated. Apparently no harm was done, but something wasn’t right. Maybe that’s because I let free avast antivirus run it in the sandbox, which it advised me to do ???
Thanks…but I’ve never run across aswMBR previously. I’m only talking about mbr.exe which is downloadable from http://www.gmer.net/. There is no info about mbr.exe at that site, unless I’m overlooking something. So where is the documentation/info/op instructions for mbr.exe located on the internet - reference link(s)???
It is a specialist tool that is kept purposely vague as it can ruin your day if used improperly
So if you do want to use it you have to ask and therefore reduce the risk of damaging your system
Who keeps it purposely vague? Who is the author of mbr.exe? Where is the documentation? Where are the operating instructions? Who do I ask? The gmer website info-email link is refusing to respond, apparently ???
I’m seeing it recommended for general use in various places, tech support forums, etc, but without any cautions or relevant information. My experience when I ran mbr.exe was: It caused a black screen, reboot, and no log file was generated. That indicates it’s buggy and risky, in lieu of complete documentation and details. So where are they?
I'm seeing it recommended for general use in various places, [b]tech support forums[/b], etc, but without any cautions or relevant information. My experience when I ran mbr.exe was: It caused a black screen, reboot, and no log file was generated. That indicates it's buggy and risky, in lieu of complete documentation and details. So where are they?
So, did he also create the mbr.exe program? If so, what is his name? Where is the URL that gives relevant documentation and operating instructions?
I felt that after the fact, not before, because running mbr.exe obviously did not work properly.
It was recommended to me that I run mbr.exe, by two different tech support gurus on two different forums. That’s why I ran it. But they made no cautions or indications that it was dangerous/risky - which it probably is (based on my experience).
So it seems that the cat’s out of the bag already, running rampant in the wild, and it’s now time to provide full documentation and op instructions for everyone to read! Otherwise expect an increasing stream of complaints and queries about it…
So it seems that the cat's out of the bag already, running rampant in the wild, and it's now time to provide full documentation and op instructions for everyone to read! Otherwise expect an increasing stream of complaints and queries about it.
This programme has been out now for many years and you are the first I have come across that has voiced any concerns about it. As for running rampant I fail to follow you - this is a tool used in malware removal forums by people who know what it does, and when to use it. If you had concerns at the time why did you not ask the person helping you
Thanks for the info. That’s contradicts what I was told elsewhere, that a log would be generated. Who is correct?
[QUOTE author=essexboy]Did you read this page ? http://www2.gmer.net/mbr/
[/quote]
No, I didn’t (thanks for the link). There’s no link to that link from the http://www2.gmer.net homepage that I can find, only a link to download mbr.exe. I guess that answers my main question, except… I’ve searched through it and found some references to mbr.exe near the bottom under “Detection and removal” and “Update”. According to that info, there are several different versions of mbr.exe, and the author is from gmer.net (not avast.com): “Stealth MBR rootkit detector 0.2.2 by Gmer, http://www.gmer.net”; “mbr.exe version 0.3.1 or newer”; etc. Also I see no cautions about its use, i.e. why it’s risky. My impression is that mbr.exe is only used to remove a few known mbr rootkits, not to find/diagnose them, nor to repair the mbr in general. That contradicts the tech guru advice I’m seeing elsewhere that mbr.exe can be used, in general, to repair mbr errors. So are we talking about the same mbr.exe or are there two different authors/software using this same name?
[QUOTE author=essexboy]This programme has been out now for many years and you are the first I have come across that has voiced any concerns about it. As for running rampant I fail to follow you - this is a tool used in malware removal forums by people who know what it does, and when to use it. If you had concerns at the time why did you not ask the person helping you
[/quote]
It has gone beyond malware removal forums, into general purpose forums and newsgroups. Yes, I asked the persons who recommended it for details. I also asked the gmer author for details. None of them responded. At least I’ve got you on the hook… ;D
It will remove mebroot/sinow/TDL 4 there are different specialist tools for TDL 3/Helpassist as they use system files as well as the MBR so it needs a multi pronged approach to the repair
At the moment these are the main MBR infectors
However, it appears that there are now some variants that merge TDL3/TDL4 which makes it a tad more difficult to remove.
the author is from gmer.net (not avast.com):
That is his personal page, who do you think designed the MBR detection routines for Avast (aswMBR) ;D? The different versions are just the change log of the programme, the only one you can download will be the latest
Well, I feel a whole lot better now (emotionally) after that pleasant but challenging exchange, however some of my initial basic questions about mbr.exe remain unanswered…
When I ran mbr.exe it gave me an immediate black screen then my computer auto-rebooted. Is that normal? What exactly did it do to my computer, if anything?
Should I have run it in the avast sandbox, as I was advised to do by avast, or outside of the sandbox? Is that what caused the black screen and autoreboot?
Maybe I shouldn’t be running it at all, and I don’t plan to run it again, but I’d like to know what happened, and why. Apparently a lot of folks are running it these days without knowing the consequences. Give a monkey a banana and he’ll eat it.
When I ran mbr.exe it gave me an immediate black screen then my computer auto-rebooted. Is that normal? What exactly did it do to my computer, if anything?
The programme runs under a command prompt, hence the black box/screen. Replacement of the MBR will require an immediate reboot to ensure safety
Should I have run it in the avast sandbox, as I was advised to do by avast, or outside of the sandbox? Is that what caused the black screen and autoreboot?
No MBR ran the routines - but as it was in a sandbox no changes were made
Maybe I shouldn't be running it at all, and I don't plan to run it again, but I'd like to know what happened, and why. Apparently a lot of folks are running it these days without knowing the consequences. Give a monkey a banana and he'll eat it.
Tell me about it, the amount of systems I see where the user has tried programmes that were found on the net and then wondered why the system did not work anymore. For the majority of infections I would recommend getting help on a reputable forum
