24 replies to this topic

[LUSHER]

RunScanner

RunScanner is a completely free windows system utility which scans your system for all configured running programs. You can use runscanner to detect autostart programs, spyware, adware, homepage hijackers, unverified drivers and other problems. You can import and export your results and let other people help you to solve your problems.

 mainscreen.png   140.44K   17 downloads

Very comprehensive autostart list

*Scanning of 80+ hijack locations ,Host file editor

Covers everything from autoruns, HJT, silentrunners and more. Malware will find it harder than ever to hide.

Easier to use

*Online malware analysis of results

*Verification of file signatures (Microsoft signed, Other Signed, Whitelisted by online database )

*MD5 hash calculation of files + online file rating

*Online lookup of scanned entries. (Runscanner database + Google)

RunScanner makes it easier to determine which entries are likely to be malicious.

Log analysis made easy

*Saving and importing of text files (all information available)

*A user with problems can save the .run file, an expert can mark the items that need fixing and send the .run file back to the user

If you are really worried, RunScanner also exports a easily readable textfile of all finding that can be sent to an expert for checking.

Malware removal abilities and misc

*Powerful process killer
-Kill multiple processes at once
-Kill and rename
-Kill and delete
-Delete at next reboot
*Regedit jump
*Explorer jump
*Extended filters
*Marking of items.

Many other features that experts have come to expect in malware inspection and killing tools.

[Humpty]

Yes that is quite a good app but I think Hijackthis is firmly entrenched as the mainstay app for security analysis.

[LUSHER]

Humpty, on Jul 18 2007, 04:49 PM, said:

Yes that is quite a good app but I think Hijackthis is firmly entrenched as the mainstay app for security analysis.

You are probably right inertia will definitely play a role. Plus currently it is a bit too complicated (too many buttons!), for use on ASAP forums where you want the user to be able to follow simple short steps/instructions and all you want is something barebones.

But capability wise (barring bugs) it is already more capable than Hijackthis, particularly since it provides a more through "scan". Plus other helpful capabilities.

but then again sometimes less is more.

[DennisD]

Hi LUSHER, nice find.

I've downloaded that and I'm gonna give it a try.

Thanks.

[LUSHER]

DennisD, on Jul 18 2007, 09:36 PM, said:

Hi LUSHER, nice find.

I've downloaded that and I'm gonna give it a try.

Thanks.

Hi Dennis, thanks for trying it out. Feel free to post any comments on the runscanner forum or here if you wish.

[fireryone]

I just tried it again yesterday, had it a while back and its nice.
Was going to post but here it is, you beat me to it.

[LUSHER]

Runscanner 0.9.6.0 released (almost final version)
http://www.runscanner.net

New feature : "Beginner mode" is targetted at "novice" forum users.

Let me know your thoughts/remarks

I'm looking for some people to test this on "real" infected machines.

Changelog 0.9.6.0

Fixed bug with links to folders in global startup.
Fixed description bug with internet explorer buttons (added buttontext)
Fixed bug with incorrect host file path
Fixed bug with importing of existing .run file (history)
Fixed bug 063 fix not working
Fixed bug difference string / expandstring in registry
Signed executable with authenticode certificate
Changed icons for signatures (green, blue)
Changed textlog for tasks items (added description)

Added : Beginner, expert mode (wizard)
Added : Backup & restore function
Added : Scheduled jobs now show the application started by the job
Added : free filter/search (you can now search on part of words ex: "f-secure" show all items with the phrase "f-secure")
You can search in path,executable,company,md5
Added : filesize to .run file
Added : extra info window (easy for debugging and to copy/paste)
Added : basic tutorial to the site
Added : extra backup info window in the history tab
Added extra vista UAC support
Added vista support : now program asks to run as administrator by default

Added item : 001 : hosts file location
Added item : 001 : hosts file entries <> 127.0.0.1 (count)
Added item : 047 IE trusted zones
Added item : 048 IE ESC trusted zones
Added item : 008 Autorun registry entries .default user
Added item : 009 Autorun registry entries System user
__________________

[Andavari]

LUSHER, on Aug 14 2007, 01:30 AM, said:

Let me know your thoughts/remarks

I'm looking for some people to test this on "real" infected machines.

Is this your program developed by you?
If so something I've seen on other forums under your username could be very helpful like: RunScanner Developer

[login123]

Thanks, Lusher.

Got it, will try it soon.

[LUSHER]

Build 0.9.6.1 uploaded (minor release)

Changed : restricted sites/zones are now ignored
Redesigned the beginner screen
Fixed performance issues with uploading

As to the question able whether I'm the developer, the answer is no. I'm just one of the 'agents' (er shrills) of RunScanner. Sorry for the confusion, I was just using the template the author developed. As penance for not doing the quotes thing I will not post here in the future.

[fireryone]

Hey, you don't have to leave

[login123]

lusher: "Let me know your thoughts/remarks"

Nice application. Very complete.

The only reservation I have about it is that it wants store and show information in the online database. Of course, for all I know that may be a good thing. . .maybe I'm just paranoid.

The screenshot shows the Comodo firewall message.

ps, I agree with Fireyone: don't leave, stay around.

[Andavari]

LUSHER, on Aug 15 2007, 02:08 AM, said:

Sorry for the confusion, I was just using the template the author developed. As penance for not doing the quotes thing I will not post here in the future.

You don't have to leave.
I for one would not know about RunScanner had you not started this thread about it.

[LUSHER]

login123, on Aug 15 2007, 11:14 AM, said:

lusher: "Let me know your thoughts/remarks"

Nice application. Very complete.

The only reservation I have about it is that it wants store and show information in the online database. Of course, for all I know that may be a good thing. . .maybe I'm just paranoid.

runscan_scr3.jpg

"The outbound traffic is to clr.microsoft.com and to verisign to check the authenticode signatures of the files. (there is a warning on the top of the first screen)

A "Quick scan" is expert mode doesn't do this check."

This is harmless, don't believe me, use a packet sniffer and you can see exactly what is being "sent".

This is actually one of the best features of runscanner actually, so you can filter out obviously safe entries.


And no it doesn't store information on the online database, not unless you select online malware analysis.

Even then any and all personal indentifying marks will be stripped and it will store it for a maximum of 30 days , and the url will be a unique url that you can give to some expert to look (no one else will know the url). It's exactly the same as posting on a forum , except the forum will keep your postings of logs forever!

[LUSHER]

RunScanner 1.0 is finally out! Final release!

Changelog 1.0 (final release)
Rewrite of the "beginner - wizard" screen
Added version check in beginner mode
Added list of specialist helper forums
Removed "no zone defined" entries from trusted zones
Whitelisted microsoft trusted zones in textlog:
Whitelisted 063 default items
Whitelisted 036 default items
Whitelisted "::1 localhost" in vista hosts file
Whitelisted default 180 entries in log file
Whitelisted default 106 entries in log file
Fixed bug with incorrect "file not found"
Several other small bug fixes

 mainscreen.png   206.95K   3 downloads

http://www.runscanner.net/

[fireryone]

New version is quite nice:

Here is an example of a log (mine) if anyone wants to see a clean one:

http://www.runscanner.net/report.aspx?repo...51-80b813ff71eb

[LUSHER]

fireryone, on Aug 17 2007, 12:53 PM, said:

New version is quite nice:

Here is an example of a log (mine) if anyone wants to see a clean one:

http://www.runscanner.net/report.aspx?repo...51-80b813ff71eb

Again I would like to stress that uploading your report online is strictly OPTIONAL. It works fine without doing this, you can also save a txt file (.run) locally.

[LUSHER]

1.0.1 release out.

This fixes a fairly serious bug that makes it miss appinitdll entries.

http://www.runscanner.net/

[airport101]

well done
it is very easy to use and it is free
the best bit its not a big download

AIRPORT101

[LUSHER]

airport101, on Aug 20 2007, 09:06 AM, said:

well done
it is very easy to use and it is free
the best bit its not a big download

AIRPORT101

It's a bit slow compared to AutoRuns though. And AVG detects RunScanner as a trojan.