GMER log Parser 4.52 - 12.11.2016

GMER parser is auto analyzer of logs that is created by using GMER tool. It allows to analyze and create a cure script. Currently Parser is able to determine following infections (by KL classification):

1. Kido (active and not active).
2. TDSS (active and not active).
3. Necurs.
4. ZAccess (several detect types).
5. Virut (distinguish u, av, q, ce modifications).
6. Kates.
7. Agent.BTZ (Turla, Uroburos).
8. Stuxnet.
9. PMAX (Alureon, Backdoor.Tranwos).
10. Shows various rootkits (Rootkit).
11. Shows various bootkits (Bootkit).

In some cases Parser shows additional info about suspicious records in the right side of upper window.

How to use:

To use Parser just drag gmer.log file and drop it to Parser's window. Or you can open log, select all, copy to clipboard and then paste its contents in Parser using "Paste log" button. Next, press "Analyze" button and wait completion of Parser's work. When it finish, result including tags will be shown at the lower window. You can copy it by pressing "Copy" button and paste it to answer form at forum where you cure\delete malicious code.

Localization:

Parser supports two localizations: Russian and English. Appropriate language can be chosen through drop down list on the top right corner. Also it is possible to run Parser with chosen localization from command prompt (e.g. add command in shortcut). Following keys are supported (not case sensitive):

Example:
c:\Path\ParseGmer.exe en - for English interface
c:\Path\ParseGmer.exe ru - for Russian interface

Details available in Reame.txt