How to remove hidden Windows malware with GMER

WindowsGMER is a free anti-malware tool that is useful to have in your Windows PC armoury. The GMER application is a very powerful tool and for the novice might feel daunting. It will work on all PCs (XP or later) but is well suited to those running 64-bit.

You want to remove a hidden malware (mainly rootkits) that hasn’t been completely removed by another Anti-Rootkit application, then you should download GMER. This rootkit remover scans for hidden process, threads, modules, services, files, disk sectors; alternate data streams; registry keys; drivers hooking SSDT; drivers hooking IDT; drivers hooking IRP calls and inline hooks.

  • Download GMER EXE* and run the file ‘2m1tnvv0.exe’ (latest version)
  • Wait for software to load and then click > Scan
  • Optional – you can choose > Quick scan or C:\
  • Optional – on first scan tick all the boxes on the right i.e. System; Sections; IAT/EAT; Devices etc)

*Don’t trust the download file? Why not use to check the hash.  GMER.exe SHA256 can be found at

This scan will take some time and will impact the performance of your PC. GMER uses considerable memory, so I suggest you run this with no other programs running. You can see how much memory processes GMER consumes by opening > Windows Task Manager.

If GMER finds malicious rootkit activity it will displayed in red and you will see a “WARNING!! GMER has found something that has been caused by rootkit activity.” Click > OK to remove the file.

Re-run the scan again to confirm there are no rootkit remnants. Finally, you should reboot your PC.

Note: If you have ever heard of Avast!, you will know they have integrated GMER into their AV engine. So it comes recommended!

Safe surfing folks!


This entry was posted in anti-virus, malware, windows and tagged , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *