topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 3:48 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: RunScanner -autostart and antihijack control/analysis program  (Read 20800 times)

Lusher

  • Participant
  • Joined in 2007
  • *
  • default avatar
  • Posts: 46
    • View Profile
    • Donate to Member
http://www.runscanner.net/


RunScanner is a completely free windows system utility which scans your system for all configured running programs. You can use runscanner to detect autostart programs, spyware, adware, homepage hijackers, unverified drivers and other problems. You can import and export your results and let other people help you to solve your problems.


Very comprehensive autostart list

*Scanning of 80+ hijack locations ,Host file editor

Covers everything from autoruns, HJT, silentrunners and more. Malware will find it harder than ever to hide.

Easier to use

*Online malware analysis of results

*Verification of file signatures (Microsoft signed, Other Signed, Whitelisted by online database )

*MD5 hash calculation of files + online file rating

*Online lookup of scanned entries. (Runscanner database + Google)

RunScanner makes it easier to determine which entries are likely to be malicious.

Log analysis made easy

*Saving and importing of text files (all information available)

*A user with problems can save the .run file, an expert can mark the items that need fixing and send the .run file back to the user

If you are really worried, RunScanner also exports a easily readable textfile of all finding that can be sent to an expert for checking.

Malware removal abilities and misc


*Powerful process killer
-Kill multiple processes at once
-Kill and rename
-Kill and delete
-Delete at next reboot
*Regedit jump
*Explorer jump
*Extended filters
*Marking of items.

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: RunScanner -autostart and antihijack control/analysis program
« Reply #1 on: August 22, 2007, 03:38 PM »
Welcome to the site Lusher,
I actually meant to post about this very interesting looking software earlier.  I haven't tried it but it looks very interesting.  Love to hear some feedback from our members on this.

Lusher

  • Participant
  • Joined in 2007
  • *
  • default avatar
  • Posts: 46
    • View Profile
    • Donate to Member
Re: RunScanner -autostart and antihijack control/analysis program
« Reply #2 on: August 22, 2007, 03:50 PM »
Thanks for the welcome Mouser.

I'm also planning a mini-review/comparison between this and others like Hijackthis!, AutoRuns and a2squared Hijackfree.


wreckedcarzz

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 1,626
    • View Profile
    • Donate to Member
Re: RunScanner -autostart and antihijack control/analysis program
« Reply #3 on: August 22, 2007, 08:04 PM »
Sounds cool! Kind of like a mini, on-demand scanner for badware in common system places. Strange to see all the advanced options, but its always a plus! :Thmbsup:

Lusher

  • Participant
  • Joined in 2007
  • *
  • default avatar
  • Posts: 46
    • View Profile
    • Donate to Member
Re: RunScanner -autostart and antihijack control/analysis program
« Reply #4 on: December 04, 2007, 08:10 AM »
Hi all,

Runscanner 1.5 is released today : http://www.runscanner.net

Feature overview : http://www.runscanne.../why-runscanner.aspx

What are the most important changes in this release:
Classic mode : looks similar to HJT
Integration with virustotal, Fileadvisor (MD5), Castlecops (MD5)
All authenticode certificates are now analysed for all files.
This makes is easier to seperate the "real" microsoft files from the "bad"

*********************************************8
Really really cool, right click on a suspect entry, and it automatically uploads to virustotal for checking!!!

Do the same and it will check the hash of the file against Fileadvisor (500 million clean entries) and castlecops databases!

Runscanner makes narrowing down suspicious entries much much easier!
******************************************


vegas

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 357
    • View Profile
    • Donate to Member
Re: RunScanner -autostart and antihijack control/analysis program
« Reply #5 on: December 05, 2007, 02:10 PM »
Thanks for the welcome Mouser.

I'm also planning a mini-review/comparison between this and others like Hijackthis!, AutoRuns and a2squared Hijackfree.



What conclusion did you come to in the usefulness of these 4 programs?  Does one seem to be more handy than the rest?

Lusher

  • Participant
  • Joined in 2007
  • *
  • default avatar
  • Posts: 46
    • View Profile
    • Donate to Member
Re: RunScanner -autostart and antihijack control/analysis program
« Reply #6 on: December 06, 2007, 08:23 AM »
Thanks for the welcome Mouser.

I'm also planning a mini-review/comparison between this and others like Hijackthis!, AutoRuns and a2squared Hijackfree.



What conclusion did you come to in the usefulness of these 4 programs?  Does one seem to be more handy than the rest?

I never did manage a formal review, but In terms of functionality and handyness, RunScanner beats them all hand downs.

AutoRuns at that time (compared to runscanner 1.0.x) is/was more stable , but the current version has removed some of the worse bugs in runscanner (some reported by yours truly).


Lusher

  • Participant
  • Joined in 2007
  • *
  • default avatar
  • Posts: 46
    • View Profile
    • Donate to Member
Re: RunScanner -autostart and antihijack control/analysis program
« Reply #7 on: December 15, 2007, 04:27 PM »
Download at http://www.runscanner.net

New items in 1.6:
Restrictions for internet explorer:
080 HKLM\Software\Policies\Microsoft\Internet Explorer (+subfolders)
081 HKCU\Software\Policies\Microsoft\Internet Explorer (+subfolders)

Startup/Shutdown/logon/logoff scripts
090 HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon
091 HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon
092 HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup
093 HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Shutdown
094 HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff

Various
110 HKLM\System\CurrentControlSet\Control\BootVerificationProgram\ImagePath
174 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\VmApplet
200 HKLM\System\CurrentControlSet\Control\Session Manager\Execute
201 HKLM\System\CurrentControlSet\Control\Session Manager\SetupExecute

Shell hijacking (removed from general policies)
162 HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell
163 HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell

Terminal server related
190 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AppSetup
191 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run
192 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Runonce
193 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx
194 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\LogoffApp

Debugger hijacking
176 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AeDebug\Debugger (thanks to Tony Klein)

Denying access to websites/IP addresses by setting a wrong static route (thanks to Bruce Harrison - nosirrah)
177 HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes

Hijacking of standard windows tools
210 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\BackupPath
211 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\Cleanuppath
212 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\DefragPath
213 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Utility Manager\Magnifier
214 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Utility Manager\Narrator
215 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Utility Manager\On-Screen Keyboard

Lusher

  • Participant
  • Joined in 2007
  • *
  • default avatar
  • Posts: 46
    • View Profile
    • Donate to Member
Re: RunScanner -autostart and antihijack control/analysis program
« Reply #8 on: December 21, 2007, 09:05 AM »
Relatively minor update 1.6.1

Changelog:
Bug fixed: Bitmap image is not valid. (corrupt embedded icon)
Bug fixed: malware analysis after import not working in expert mode
Bug fixed: Lookup at Runscanner when no MD5 available popupmenu
Sub run folders are now only scanned on windows 2000

Lusher

  • Participant
  • Joined in 2007
  • *
  • default avatar
  • Posts: 46
    • View Profile
    • Donate to Member
Re: RunScanner -autostart and antihijack control/analysis program
« Reply #9 on: December 26, 2007, 07:57 AM »
Lusher: an option to lock-out downloads from IE would be very useful..

Not sure what you mean here, Lanux.

lanux128

  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 6,277
    • View Profile
    • Donate to Member
Re: RunScanner -autostart and antihijack control/analysis program
« Reply #10 on: December 26, 2007, 06:43 PM »
i meant this setting here in the IE security options..

ws-ie-dl.png
http://www.nus.edu.s...etter/may2005/ie.htm


Lusher

  • Participant
  • Joined in 2007
  • *
  • default avatar
  • Posts: 46
    • View Profile
    • Donate to Member
Re: RunScanner -autostart and antihijack control/analysis program
« Reply #11 on: December 27, 2007, 07:12 AM »
i meant this setting here in the IE security options..
 (see attachment in previous post)http://www.nus.edu.s...etter/may2005/ie.htm

My point is Runscanner does not "lock" out anything. Runscanner scans typical points changed by malware, and that registry skill isn't one changed by malware.

Lusher

  • Participant
  • Joined in 2007
  • *
  • default avatar
  • Posts: 46
    • View Profile
    • Donate to Member
Re: RunScanner -autostart and antihijack control/analysis program
« Reply #12 on: February 23, 2008, 01:35 PM »
Changelog 1.6.3.0

MD5 calculation now uses the windows api for improved speed.
Added warning when access denied on reading/writing hosts file.
Fixed bug with copying MD5 hashes to clipboard.
Fixed bug with incorrect files not found.
Fixed bug when fixing some items, the items were fixed but not removed from the selection list
Fixed problem with invalid datatype for the internet explorer search page.
Added more safe publishers to the list.

Added Launch/hijack locations:

153 HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\ Midi, Midi1 -> Midi9 (used by the silentbanker worm)
220 HKCU\Software\Classes\*\ShellEx\ContextMenuHandlers
221 HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers
222 HKCU\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers
223 HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers
224 HKCU\Software\Classes\Folder\ShellEx\ContextMenuHandlers
225 HKCU\Software\Classes\Folder\ShellEx\ContextMenuHandlers
226 HKCU\Software\Classes\Directory\ShellEx\ContextMenuHandlers
227 HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers
228 HKCU\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
229 HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
230 HKCU\Software\Classes\Folder\Shellex\ColumnHandlers
231 HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
240 HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
241 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers