avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Sunday February 25, 2024, 8:12 pm
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - Lusher [ switch to compact view ]

Pages: [1] 2next

MD5 calculation now uses the windows api for improved speed.
Added warning when access denied on reading/writing hosts file.
Fixed bug with copying MD5 hashes to clipboard.
Fixed bug with incorrect files not found.
Fixed bug when fixing some items, the items were fixed but not removed from the selection list
Fixed problem with invalid datatype for the internet explorer search page.
Added more safe publishers to the list.

Added Launch/hijack locations:

153 HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\ Midi, Midi1 -> Midi9 (used by the silentbanker worm)
220 HKCU\Software\Classes\*\ShellEx\ContextMenuHandlers
221 HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers
222 HKCU\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers
223 HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers
224 HKCU\Software\Classes\Folder\ShellEx\ContextMenuHandlers
225 HKCU\Software\Classes\Folder\ShellEx\ContextMenuHandlers
226 HKCU\Software\Classes\Directory\ShellEx\ContextMenuHandlers
227 HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers
228 HKCU\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
229 HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
230 HKCU\Software\Classes\Folder\Shellex\ColumnHandlers
231 HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
240 HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
241 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers

General Software Discussion / Re: Free security freeware versus paid
« on: February 05, 2008, 08:08 AM »
Look at the urls, and look for entries with a  :up: , I have used and/or are still using those (as well as others without a  :up:) on my systems.

"Probably the report from last year:"

Not quite my point.


Well you might not have heard of healthcheck but surely you heard of Fsecure!
Actually... No :)

But i also only have already heard about secunia because they say good things about opera (when compared to other browsers ;) )

Secunia doesn't say good things about Opera! Less vulnerabilities != safer browser!

I never heard about HealthCheck, thus i'd go for Secunia :)

Well you might not have heard of healthcheck but surely you heard of Fsecure!

Which is better Secunia Software Inspector or HealthCheck?

Secunia's version looks more comprehensive while F-Secure's site is geared more to casual users. best to run your system through both sites and compare the results. maybe after that, you can do a small write-up on the comparison.. :)

Actually that is what I did! See my review above.

My quick test shows that the Secunia's version covers slightly less than F-Secure', but it probably isn't that significant.

Secunia personal inspector (PSI)  as opposed to the java based Secunia version is a totally different kettle of fish though and is far far more comprehensive than either.

General Software Discussion / Free security freeware versus paid
« on: February 04, 2008, 09:19 AM »


Above is perhaps the most comprehensive list of top class freeware security products. How do they compare to the best $$ware in each category. If 10 is the best in the $$ category, here are my ratings for the corresponding best freeware. I.e 10 = the best freeware is as good (if not better) than the best payware.

Antivirus 8.5/10 - Each of the freeware antivirus as certain minor weaknesses compared to their paid bigger brothers
Antispyware 8/10 - Most of the freeware antispyware has no on-access scan except Spyware terminator.
Antitrojan 9/10 - Not quite sure, very few self declared anti-trojans these days... Trojanhunter vs BOclean?
Antikeylogger 7.5/10 - Possibly higher if we include sandboxes and behavior blockers against keylogger
Antirootkit 10/10 - The best generic antirootkits are free!
Firewall 10/10 - Comodo firewall , Webroot firewall , Online armor free etc help to raise the score.
Behavior blocker 9.5/10 - Many excellent choices depending on what you are looking for. Eqsecure,threatfire, SSM free, DSA etc etc are all top notch
Sandbox 9/10 - GesWall, sandboxie etc. Also SafeSpace lately.
Virtualization 10/10
Other misc security 10/10

This is just my estimation, what is yours? In short , i believe it is more than possible to use only freeware and remain as safe as one using $$ware only.


[This Just In...] The Storm Worm, latest of the great (overly hyped) interweb deamons...has a few interesting requirements to infect ones machine:
A. Somebody Must open & run (with scissors...) the Attachment!
B. That someone Must also be running with administrative credentials, so ... the bugg will have PeRmiSsiOn ... to install itself as a Windows System Service. (Ding! Ding! Ding! Ding! ...Hello!!!)
C. Be running a web server that is behind on security updates so it can inject itself  into a new distro point.

Q. Which security products would have protected the user from (themselves...) and prevented this little pandemic?
A. None of them.

While I agree in general that most infections are self-inflicted and/or totally avoidable, I disagree with your answer. If you are talking typical AV/AS product then yes. But if you are using more "advanced" security software like sandboxes, HIPS, "behaviorial anti-malware" etc, you have a far better chance of avoiding this.

The primary objective is to avoid getting infected in the first place. The outbound firewall game is a nothing more than a plan B attempt to save face after Plan A failed.
Common sense and a condom beats the hell out of a lengthy discussion about if we should keep "it".

Agreed. The problem here I think is people don't understand in general how they get infected.

I wrote this little piece a while back that might be helpful

However another way of seeing things might be to realize that in essence you get infected because either I) You chose to run the infected content (infecting yourself) , II) you mis-configured software settings so that they automatically run infected content without your consent or III) The infected content ran because of a security exploit in a program you were using.

It goes on in length to address each of the 3 scenarios and provides detailed (too detailed) ways to reduce the possibility of each scenario from happening...

Which is better Secunia Software Inspector or HealthCheck?

Selected interesting new freeware additions in the last month
<ul><li> <a href="http://downloads2.ka...m/devbuilds/AVPTool/">Kaspersky virus removal tool (beta)</a> - Kaspersky on demand only tool. This one cleans and scans. <b><a href="">Comment/Review</a></b><br />
<ul><li> <a href="http://www.greatis.c...ecurity/download.htm">RegRun Reanimator</a> - Antirootkit tool with boot-time scan.<b><a href="">Comment/Review</a></b>
<ul><li> <a href="">OSAM</a> - Autoruns, RunScanner etc competitor, however this tool claims to be able to find registry keys hidden by rootkits. <b><a href="">Comment/Review</a></b>
<ul><li> <a href="http://www.moosoft.c...heCleaner/TheCleaner">The Cleaner</a> - In the early 2000s this was one of the more well known (but niche) Anti-trojans, along side BOclean, Trojanhunter etc. Now a free version on demand only is released. <b><a href="">Comment/Review</a></b>
<ul><li> <a href="http://www.trendsecu...urity_tools/rubotted">Trend Micro RUBotted (beta)</a>
- "Trend Micro RUBotted (Beta) is a small program that runs on your
computer, watching for bot related activities. RUBotted intelligently
monitors your computer's system behavior for activities that are
potentially harmful to both your computer and other people's computers.
RUBotted monitors for remote command and control (C&C) commands
sent from a bot-herder to control your computer. Additionally, RUBotted
watches for an array of potentially malicious bot-related activities,
including mass mailing - a common activity performed by a bot-infected
computer." <b><a href=""> Comment/Review</a></b>
<ul><li> <a href="http://www.rootkit.c...AntiRootkitTools.rar">rootkitdetect(direct download)(alpha)</a> - New alpha release of a anti-rootkit. Source is unknown, use with <b> extreme caution </b><b><a href=""> Comment/Review</a>
<ul><li> <a href="">F-Secure HealthCheck</a> - An online service (Activex needed) to check for software with known vulnerabilities.  Very similar to <a href="">Secunia Software Inspector</a>. <b><a href=""> Comments/Review </a></b>

edit by jgpaiva:fixed links

Me thinks Gimzo is over-rated, particularly when he pretends to be an expert on computer security.

i meant this setting here in the IE security options..
 (see attachment in previous post)

My point is Runscanner does not "lock" out anything. Runscanner scans typical points changed by malware, and that registry skill isn't one changed by malware.

Lusher: an option to lock-out downloads from IE would be very useful..

Not sure what you mean here, Lanux.

This is one of my current favourites. Have being using it back when it was cyberhawk in late 05, early 06.

I highly recommend it.

General Software Discussion / Re: The great defrag shootout
« on: December 23, 2007, 06:21 AM »
What do you guys think of defraggler?

General Software Discussion / Re: How many of you use encryption?
« on: December 23, 2007, 06:16 AM »
i use truecrypt too.

I read the next version released next year will have system partition/boot drive encryption. Very very interesting ,though i doubt i will use that.

Interesting debate.

Personally I think if you have no intention of running AV in the background, you might as well use either online scanners, or one of those local smaller "on demand" AV packages that do the same job.

There is very reason to install a full AV with "shield" /services and all that, when all you want to do is to run on demand scans. Seems to me that even with AV resident shield off, there is still a cost in terms of drivers loading at bootup etc..

Relatively minor update 1.6.1

Bug fixed: Bitmap image is not valid. (corrupt embedded icon)
Bug fixed: malware analysis after import not working in expert mode
Bug fixed: Lookup at Runscanner when no MD5 available popupmenu
Sub run folders are now only scanned on windows 2000

Download at

New items in 1.6:
Restrictions for internet explorer:
080 HKLM\Software\Policies\Microsoft\Internet Explorer (+subfolders)
081 HKCU\Software\Policies\Microsoft\Internet Explorer (+subfolders)

Startup/Shutdown/logon/logoff scripts
090 HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon
091 HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon
092 HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup
093 HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Shutdown
094 HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff

110 HKLM\System\CurrentControlSet\Control\BootVerificationProgram\ImagePath
174 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\VmApplet
200 HKLM\System\CurrentControlSet\Control\Session Manager\Execute
201 HKLM\System\CurrentControlSet\Control\Session Manager\SetupExecute

Shell hijacking (removed from general policies)
162 HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell
163 HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell

Terminal server related
190 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AppSetup
191 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run
192 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Runonce
193 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx
194 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\LogoffApp

Debugger hijacking
176 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AeDebug\Debugger (thanks to Tony Klein)

Denying access to websites/IP addresses by setting a wrong static route (thanks to Bruce Harrison - nosirrah)
177 HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes

Hijacking of standard windows tools
210 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\BackupPath
211 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\Cleanuppath
212 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\DefragPath
213 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Utility Manager\Magnifier
214 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Utility Manager\Narrator
215 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Utility Manager\On-Screen Keyboard

Thanks for the welcome Mouser.

I'm also planning a mini-review/comparison between this and others like Hijackthis!, AutoRuns and a2squared Hijackfree.

What conclusion did you come to in the usefulness of these 4 programs?  Does one seem to be more handy than the rest?

I never did manage a formal review, but In terms of functionality and handyness, RunScanner beats them all hand downs.

AutoRuns at that time (compared to runscanner 1.0.x) is/was more stable , but the current version has removed some of the worse bugs in runscanner (some reported by yours truly).

Hi all,

Runscanner 1.5 is released today :

Feature overview : http://www.runscanne.../why-runscanner.aspx

What are the most important changes in this release:
Classic mode : looks similar to HJT
Integration with virustotal, Fileadvisor (MD5), Castlecops (MD5)
All authenticode certificates are now analysed for all files.
This makes is easier to seperate the "real" microsoft files from the "bad"

Really really cool, right click on a suspect entry, and it automatically uploads to virustotal for checking!!!

Do the same and it will check the hash of the file against Fileadvisor (500 million clean entries) and castlecops databases!

Runscanner makes narrowing down suspicious entries much much easier!

General Software Discussion / Re: New Webroot Firewall - Free Download
« on: November 01, 2007, 09:42 AM »
I have posted about this. As well as online armor free

I fully agree. The so called antispyware crusaders, e.g HJT! log helpers are the worse of the bunch.

What's the Best? / Re: Anti-Virus Package
« on: October 16, 2007, 11:31 PM »
Kasparsky used to be very good, it still is, but it's become too high profile for my taste. Too many people gunning for it.

I wouldn't use it.

What's the Best? / Re: Anti-Virus Package
« on: October 16, 2007, 11:25 PM »
In my view Panda is *greatly* underestimated.
I'm working on a mini-review on Kaspersky, since I just switched to it after an infection bad enough that I had to pave over my whole system. I had been using Panda, but the virus managed to deactivate it. So I no longer have any confidence in that package.

Well it's even easier to deactivitate Kaspersky by simply changing the system time as done by many malware... :) The vendors are aware of the problem, but refuse to fix it, if you think hard enough, you will realise why.

The point here is, every antivirus can be beaten... I know of people who keep switching antivirus brands because no matter what they use, they are still infected. lol.

Pages: [1] 2next