Sysinternals Homepage
Forum Home Forum Home > Windows Discussions > Troubleshooting
  New Posts New Posts RSS Feed - GMER is driving me crazy!
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

GMER is driving me crazy!

 Post Reply Post Reply Page  123>
Author
Message
holifay View Drop Down
Senior Member
Senior Member
Avatar

Joined: 22 June 2006
Location: Italy
Status: Offline
Points: 141
Post Options Post Options   Thanks (0) Thanks(0)   Quote holifay Quote  Post ReplyReply Direct Link To This Post Topic: GMER is driving me crazy!
    Posted: 03 July 2006 at 4:34am

I downloaded GMER, a very powerfull tool. Perhaps too powerfull in my hands

I tried to set monitoring of all processes. I have checked any options in Gmer and then I rebooted.

At windows loading gmer asked if it should allow processes to start, from winlogon to lsass. That messages were a little bothering, so i started to say GMER allow and save.

Probably i forgot (I guess so now) to allow explorer.exe to generate other processes, so what is the situation now?

Windows boot regularly and explorer.exe is loaded as well, but no any other application launched from explorer.exe is allowed to start. This in normal mode, but in safe mode too    

I can run nothing in my PC, GMER too doesn't load, regedit.exe, really nothing!!

Please, anyone of you know a way to bypass Gmer restrictions? Is there any possibility (a key combination for example) to show GMER window in order to disable its monitoring? HELP!!

What a sad day...

 

PS: my system is (i should say was  ) W2k sp4

Back to Top
holifay View Drop Down
Senior Member
Senior Member
Avatar

Joined: 22 June 2006
Location: Italy
Status: Offline
Points: 141
Post Options Post Options   Thanks (0) Thanks(0)   Quote holifay Quote  Post ReplyReply Direct Link To This Post Posted: 03 July 2006 at 4:41am

a little thing more:

 

When i try to start an application, the same error i get is similar to this "The instruction at 0x77897800 referenced memory at 0x77897800. The memory could not be read. Click OK to terminate the program"

Back to Top
EP_X0FF View Drop Down
Senior Member
Senior Member
Avatar

Joined: 08 March 2006
Location: Russian Federation
Status: Offline
Points: 4753
Post Options Post Options   Thanks (0) Thanks(0)   Quote EP_X0FF Quote  Post ReplyReply Direct Link To This Post Posted: 03 July 2006 at 4:43am
This monitoring option in very dangerous and not recommended for inexperienced users.

What about safe mode? I know gmer working in safe mode, but? (I'm sorry but, gmer, LOL, should add safe mode for your application)

p.s. You should PM to gmer, maybe he can give you advice.

EDIT: so it is not working in safe mode, should guess (or improve my reading skills), you can try attach your hdd to other computer and remove gmer.sys

Edited by EP_X0FF - 03 July 2006 at 4:44am
Back to Top
holifay View Drop Down
Senior Member
Senior Member
Avatar

Joined: 22 June 2006
Location: Italy
Status: Offline
Points: 141
Post Options Post Options   Thanks (0) Thanks(0)   Quote holifay Quote  Post ReplyReply Direct Link To This Post Posted: 03 July 2006 at 4:50am

i have sent a PM to gmer 

Your solution is not so easy for me: my other PC has Windows NT, i don't think it is PnP and I've never opened a PC box   

Do you know a tool to access a NTSF system from boot? Perhaps i could try in this way to delete gmer.sys....  And when windows won't find it i'll get a blue screen

 

The question is: how can people become expert without trying?

 

 

Back to Top
EP_X0FF View Drop Down
Senior Member
Senior Member
Avatar

Joined: 08 March 2006
Location: Russian Federation
Status: Offline
Points: 4753
Post Options Post Options   Thanks (0) Thanks(0)   Quote EP_X0FF Quote  Post ReplyReply Direct Link To This Post Posted: 03 July 2006 at 4:53am
Quote Do you know a tool to access a NTSF system from boot? Perhaps i could try in this way to delete gmer.sys.... And when windows won't find it i'll get a blue screen

No, no BSOD's if no driver (usual )
NFTS from DOS? It's here on sysinternals.

Quote The question is: how can people become expert without trying?

Perhaps by reading readme.txt and all messages that program shows you?
Back to Top
holifay View Drop Down
Senior Member
Senior Member
Avatar

Joined: 22 June 2006
Location: Italy
Status: Offline
Points: 141
Post Options Post Options   Thanks (0) Thanks(0)   Quote holifay Quote  Post ReplyReply Direct Link To This Post Posted: 03 July 2006 at 5:01am

Originally posted by EP_X0FF EP_X0FF wrote:

Quote Do you know a tool to access a NTSF system from boot? Perhaps i could try in this way to delete gmer.sys.... And when windows won't find it i'll get a blue screen

No, no BSOD's if no driver (usual )
NFTS from DOS? It's here on sysinternals.

Do you mean this? http://www.sysinternals.com/Utilities/NtfsDosProfessional.ht ml

It seems not freeware: it says read/only version


Originally posted by EP_X0FF EP_X0FF wrote:

[
Quote The question is: how can people become expert without trying?

Perhaps by reading readme.txt and all messages that program shows you?

 i know I know...  I'll do it surely in my next PC life! But for now i hope that gmer has some hidden options. Every program have an heaster egg, why gmer not? 



Edited by holifay - 03 July 2006 at 5:03am
Back to Top
LZW2006 View Drop Down
Senior Member
Senior Member


Joined: 11 February 2006
Status: Offline
Points: 244
Post Options Post Options   Thanks (0) Thanks(0)   Quote LZW2006 Quote  Post ReplyReply Direct Link To This Post Posted: 03 July 2006 at 5:43am
hmmm, this is going to get harder before it gets easier... Do I understand right, you cannot run any programs from Explorer? Can you use the Run dialog to start CMD?

I think I ran gmer once but did not know what to do with it so I just closed it and did something else... I don't think people expect you to pay for a program intended to be used in a production enviroment just to recover from a little experiment with a freeware utility but the ntfs problem is a hard one!

The optimal solution for deleting that file is a live cd with ntfs write functions! Do you feel like building your own live cd? (need another properly running computer to do it on)

http://www.nu2.nu/pebuilder/

Windows XP does have a recover console command line (first repair option when boot from cd) but you say you have win2k?

This demo cd might do it:

http://www.bitdefender.com/bd/site/presscenter.php?menu_id=2 5&n_id=58

If you happen to be rich, you could get one of these:

http://www.xplivecd.com/

Now the crazy way... Use a partition resizer to resize your windows installation, install windows again on a second partition, fix the first windows, delete the second windows, then expand the first windows back to full size again!

http://www.linux.com/article.pl?sid=06/04/25/1917228

That article explains how to use a live partition cd called gparted... Note, there are tons of live cd's but most will not help much because they are ntfs read only!
Back to Top
EP_X0FF View Drop Down
Senior Member
Senior Member
Avatar

Joined: 08 March 2006
Location: Russian Federation
Status: Offline
Points: 4753
Post Options Post Options   Thanks (0) Thanks(0)   Quote EP_X0FF Quote  Post ReplyReply Direct Link To This Post Posted: 03 July 2006 at 5:55am
Originally posted by LZW2006 LZW2006 wrote:

Now the crazy way... Use a partition resizer to resize your windows installation, install windows again on a second partition, fix the first windows, delete the second windows, then expand the first windows back to full size again!

LOL, really crazy way.
Back to Top
holifay View Drop Down
Senior Member
Senior Member
Avatar

Joined: 22 June 2006
Location: Italy
Status: Offline
Points: 141
Post Options Post Options   Thanks (0) Thanks(0)   Quote holifay Quote  Post ReplyReply Direct Link To This Post Posted: 03 July 2006 at 6:37am

Thanks for your help and for the suggestions! :)

But most of them are not appliable:

BARTPE: i can not run it and the site has not an ISO image CD. BartPE requires windows file from the user computer: it creates ISO CD, but i should be able to rune the task and i'm not

CMD: doesn't load (the same error)

Linux way: could be a possibility

LIVE XP: why pay?

Double partition: i'll not be able to do this in this life, perhaps in the next, but i doubt a lot.  

 

While i was waiting Gmer in this forum (he is probably sleeping), I tried with explorer (the only things that runs) to search and delete gmer.sys. And it does! I've now deleted that file, but not yet rebooted (blue screen is worrying me). Do you think I should try to reboot?

Shall I go?

 

If I'll do this, please pray for me if I?ll not return here in a coupe of minutes...thx!

 

Back to Top
MP_ART View Drop Down
Senior Member
Senior Member
Avatar

Joined: 08 March 2006
Location: Russian Federation
Status: Offline
Points: 947
Post Options Post Options   Thanks (0) Thanks(0)   Quote MP_ART Quote  Post ReplyReply Direct Link To This Post Posted: 03 July 2006 at 6:41am
I will wait for your return from BSOD
Back to Top
 Post Reply Post Reply Page  123>
  Share Topic   

Forum Jump Forum Permissions View Drop Down