LUSHER Posted December 4, 2007 Share Posted December 4, 2007 RunScanner is a completely free windows system utility which scans your system for all configured running programs. You can use runscanner to detect autostart programs, spyware, adware, homepage hijackers, unverified drivers and other problems. 1) Very comprehensive autostart list * Freeware. * Scanning of 80+ hijack locations, hosts file editor, process killer, online malware/whitelist analysis. * One executable, no installation required. * Backup / restore of deleted items. Malware will find it harder than ever to hide. 2) For beginner and expert users ** Beginner mode ** This is for novice users that want to do a scan and upload their results to a malware specialist forum. You cannot make any changes in this mode! ** Classic mode ** Classic scan mode with easy click and fix all. This mode only shows non whitelist items and it's primary use is to remove malware. ** Expert mode ** This is for advanced users, all startup tweaks, scanning, reporting, filtering and delete features are available. 3) Powerful file inspection RunScanner makes it easier to determine which entries are likely to be malicious. * Authenticode signature analysis - Check all the certificates of your started files and verify if you trust the publisher. * Virustotal integration - Upload suspect files to Virustotal with a click and have them checked by multiple anti-virus engines. * FileAdvisor integration - Compare the MD5 hash of your files with the online Fileadvisor database, just with one click.Currently 4.028.732.854 hashes available. * Castlecops integration. - Compare the MD5 hash of your files with the online Castlecops database, just with one clicj. Currently 31.743.604 hashes available. *Runscanner online database integration. (+ online malware analysis) Compare the MD5 hash of your files with the online Runscanner database. Currently 160.000 (startup file) hashes available. * Powerful filtering. - Show unsigned files, classic mode shows only none-whitelisted (trusted publishers and known clean entries) files. * Google search integration. - Search information for suspicious files on Google. 4) Log analysis made easy *Plain text file logging with only the items that need your attention. * Saving and importing of text files to .run files (all information available) - A user with problems can save the .run file, an expert can mark the items that need fixing and send the .run file back to the user. http://www.runscanner.net/why-runscanner.aspx 5) Malware removal abilities and misc *Powerful process killer. *Kill multiple processes at once. *Kill and rename. *Kill and delete. *Delete at next reboot. *Analysis of loaded modules. *Regedit jump. *Explorer jump. Link to comment Share on other sites More sharing options...
Moderators DennisD Posted December 4, 2007 Moderators Share Posted December 4, 2007 Thanks for the info. Now got the update. Link to comment Share on other sites More sharing options...
CeeCee Posted December 5, 2007 Share Posted December 5, 2007 Here's an online malware scanner: http://virusscan.jotti.org/ Virus definitions are updated every hour. There is a 10Mb limit per file. Path Copy TeraCopy Unlocker Link to comment Share on other sites More sharing options...
TonyKlein Posted December 5, 2007 Share Posted December 5, 2007 Here's an online malware scanner: http://virusscan.jotti.org/ And here are two other ones: http://www.virustotal.com/en/indexf.html http://www.virscan.org/ RunScanner is indeed a laudable effort; kind of HijackThis on steroids... .. Just like with Sysinternals Autoruns, make sure you KNOW what exactly it is you 'fix'... Tony CLSID List - A Collection of Autostart Locations Link to comment Share on other sites More sharing options...
LUSHER Posted December 6, 2007 Author Share Posted December 6, 2007 And here are two other ones: http://www.virustotal.com/en/indexf.html http://www.virscan.org/ Not bad. Tony. But I know of another 2... http://www.viruschief.com/index.html http://scanner.virus.org/ So in total for multi-engine virus scanner online there are actually 5 of them to my knowledge (including jotti). http://wiki.castlecops.com/Online_antiviru...le_engine_scans Link to comment Share on other sites More sharing options...
LUSHER Posted December 6, 2007 Author Share Posted December 6, 2007 RunScanner is indeed a laudable effort; kind of HijackThis on steroids... .. Just like with Sysinternals Autoruns, make sure you KNOW what exactly it is you 'fix'... Just like Hijackthis too.... One wonders why RunScanner is still not as popular as the outdated Hijackthis though. Link to comment Share on other sites More sharing options...
LUSHER Posted December 6, 2007 Author Share Posted December 6, 2007 Here's an online malware scanner: http://virusscan.jotti.org/ RunScanner is not a online (or even local) malware scanner!!!! Link to comment Share on other sites More sharing options...
TonyKlein Posted December 8, 2007 Share Posted December 8, 2007 Not bad. Tony. But I know of another 2... http://www.viruschief.com/index.html http://scanner.virus.org/ I specifically didn't mention virus.org, as the reputation of the people involved is said to be questionable (and I'm putting it mildly) Hadn't heard of viruschief.com, thanks. However, the two I mentioned are useful as both of them use a larger variety of AV engines to test uploaded files than the other three. Tony CLSID List - A Collection of Autostart Locations Link to comment Share on other sites More sharing options...
LUSHER Posted December 8, 2007 Author Share Posted December 8, 2007 I specifically didn't mention virus.org, as the reputation of the people involved is said to be questionable (and I'm putting it mildly) yes, I've heard. Hadn't heard of viruschief.com, thanks. It's new. No doubt it's questionable too. However, the two I mentioned are useful as both of them use a larger variety of AV engines to test uploaded files than the other three. Personally i would just stick with virustotal if it's variety of av engines you want and it's reasonable quick. That's why runscanner loads suspect malware to virustotal (with permission) and not some other site... Link to comment Share on other sites More sharing options...
TonyKlein Posted December 8, 2007 Share Posted December 8, 2007 Personally i would just stick with virustotal if it's variety of av engines you want and it's reasonable quick. I like virscan.org as well, as it submits files to additional Chinese and Korean based AVs. Very useful when uploading malware to be tested that hails from those parts. Tony CLSID List - A Collection of Autostart Locations Link to comment Share on other sites More sharing options...
LUSHER Posted December 10, 2007 Author Share Posted December 10, 2007 I like virscan.org as well, as it submits files to additional Chinese and Korean based AVs. Very useful when uploading malware to be tested that hails from those parts. Why the heck is this thread derailed?? Back to talking about RunScanner okay? What do you like about it? what do you dislike about it? What do you want to see from it in the future? Me? I think it's time for consolidation, for stability and bug fixing... I can always think of more features but that shouldn't be added without further thought. Link to comment Share on other sites More sharing options...
JDPower Posted December 10, 2007 Share Posted December 10, 2007 Why the heck is this thread derailed?? Back to talking about RunScanner okay? Geez, who elected you master of the forums. Way to kill a thread Link to comment Share on other sites More sharing options...
LUSHER Posted December 15, 2007 Author Share Posted December 15, 2007 New launch/hijack items 1.6 Restrictions for internet explorer: 080 HKLM\Software\Policies\Microsoft\Internet Explorer (+subfolders) 081 HKCU\Software\Policies\Microsoft\Internet Explorer (+subfolders) Startup/Shutdown/logon/logoff scripts 090 HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon 091 HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon 092 HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup 093 HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Shutdown 094 HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff Various 110 HKLM\System\CurrentControlSet\Control\BootVerificationProgram\ImagePath 174 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\VmApplet 200 HKLM\System\CurrentControlSet\Control\Session Manager\Execute 201 HKLM\System\CurrentControlSet\Control\Session Manager\SetupExecute Shell hijacking (removed from general policies) 162 HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell 163 HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell Terminal server related 190 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AppSetup 191 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run 192 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Runonce 193 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx 194 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\LogoffApp Debugger hijacking 176 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AeDebug\Debugger (thanks to Tony Klein) Denying access to websites/IP addresses by setting a wrong static route (thanks to Bruce Harrison - nosirrah) 177 HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes Hijacking of standard windows tools 210 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\BackupPath 211 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\Cleanuppath 212 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\DefragPath 213 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Utility Manager\Magnifier 214 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Utility Manager\Narrator 215 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Utility Manager\On-Screen Keyboard Link to comment Share on other sites More sharing options...
LUSHER Posted December 21, 2007 Author Share Posted December 21, 2007 Relatively minor update 1.6.1 Changelog: Bug fixed: Bitmap image is not valid. (corrupt embedded icon) Bug fixed: malware analysis after import not working in expert mode Bug fixed: Lookup at Runscanner when no MD5 available popupmenu Sub run folders are now only scanned on windows 2000 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now