1
Announce Your Software/Service/Product / Re: RunScanner -autostart and antihijack control/analysis program
« on: February 23, 2008, 01:35 PM »
Changelog 1.6.3.0
MD5 calculation now uses the windows api for improved speed.
Added warning when access denied on reading/writing hosts file.
Fixed bug with copying MD5 hashes to clipboard.
Fixed bug with incorrect files not found.
Fixed bug when fixing some items, the items were fixed but not removed from the selection list
Fixed problem with invalid datatype for the internet explorer search page.
Added more safe publishers to the list.
Added Launch/hijack locations:
153 HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\ Midi, Midi1 -> Midi9 (used by the silentbanker worm)
220 HKCU\Software\Classes\*\ShellEx\ContextMenuHandlers
221 HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers
222 HKCU\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers
223 HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers
224 HKCU\Software\Classes\Folder\ShellEx\ContextMenuHandlers
225 HKCU\Software\Classes\Folder\ShellEx\ContextMenuHandlers
226 HKCU\Software\Classes\Directory\ShellEx\ContextMenuHandlers
227 HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers
228 HKCU\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
229 HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
230 HKCU\Software\Classes\Folder\Shellex\ColumnHandlers
231 HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
240 HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
241 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
MD5 calculation now uses the windows api for improved speed.
Added warning when access denied on reading/writing hosts file.
Fixed bug with copying MD5 hashes to clipboard.
Fixed bug with incorrect files not found.
Fixed bug when fixing some items, the items were fixed but not removed from the selection list
Fixed problem with invalid datatype for the internet explorer search page.
Added more safe publishers to the list.
Added Launch/hijack locations:
153 HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\ Midi, Midi1 -> Midi9 (used by the silentbanker worm)
220 HKCU\Software\Classes\*\ShellEx\ContextMenuHandlers
221 HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers
222 HKCU\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers
223 HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers
224 HKCU\Software\Classes\Folder\ShellEx\ContextMenuHandlers
225 HKCU\Software\Classes\Folder\ShellEx\ContextMenuHandlers
226 HKCU\Software\Classes\Directory\ShellEx\ContextMenuHandlers
227 HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers
228 HKCU\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
229 HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
230 HKCU\Software\Classes\Folder\Shellex\ColumnHandlers
231 HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
240 HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
241 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers