RunScanner 0.9.5

[LUSHER]

RunScanner

 

RunScanner is a completely free windows system utility which scans your system for all configured running programs. You can use runscanner to detect autostart programs, spyware, adware, homepage hijackers, unverified drivers and other problems. You can import and export your results and let other people help you to solve your problems.

 

 

Very comprehensive autostart list

 

*Scanning of 80+ hijack locations ,Host file editor

 

Covers everything from autoruns, HJT, silentrunners and more. Malware will find it harder than ever to hide.

 

Easier to use

 

*Online malware analysis of results

 

*Verification of file signatures (Microsoft signed, Other Signed, Whitelisted by online database )

 

*MD5 hash calculation of files + online file rating

 

*Online lookup of scanned entries. (Runscanner database + Google)

 

RunScanner makes it easier to determine which entries are likely to be malicious.

 

Log analysis made easy

 

*Saving and importing of text files (all information available)

 

*A user with problems can save the .run file, an expert can mark the items that need fixing and send the .run file back to the user

 

If you are really worried, RunScanner also exports a easily readable textfile of all finding that can be sent to an expert for checking.

 

Malware removal abilities and misc

 

*Powerful process killer

-Kill multiple processes at once

-Kill and rename

-Kill and delete

-Delete at next reboot

*Regedit jump

*Explorer jump

*Extended filters

*Marking of items.

 

Many other features that experts have come to expect in malware inspection and killing tools.

[Humpty]

Yes that is quite a good app but I think Hijackthis is firmly entrenched as the mainstay app for security analysis.

[LUSHER]

Yes that is quite a good app but I think Hijackthis is firmly entrenched as the mainstay app for security analysis.

 

You are probably right inertia will definitely play a role. Plus currently it is a bit too complicated (too many buttons!), for use on ASAP forums where you want the user to be able to follow simple short steps/instructions and all you want is something barebones.

 

But capability wise (barring bugs) it is already more capable than Hijackthis, particularly since it provides a more through "scan". Plus other helpful capabilities.

 

but then again sometimes less is more.

[DennisD]

Hi LUSHER, nice find.

 

I've downloaded that and I'm gonna give it a try.

 

Thanks.

[LUSHER]

Hi LUSHER, nice find.

 

I've downloaded that and I'm gonna give it a try.

 

Thanks.

 

Hi Dennis, thanks for trying it out. Feel free to post any comments on the runscanner forum or here if you wish.

[fireryone]

I just tried it again yesterday, had it a while back and its nice.

Was going to post but here it is, you beat me to it.

[LUSHER]

Runscanner 0.9.6.0 released (almost final version)

http://www.runscanner.net

 

New feature : "Beginner mode" is targetted at "novice" forum users.

 

Let me know your thoughts/remarks

 

I'm looking for some people to test this on "real" infected machines.

 

Changelog 0.9.6.0

 

Fixed bug with links to folders in global startup.

Fixed description bug with internet explorer buttons (added buttontext)

Fixed bug with incorrect host file path

Fixed bug with importing of existing .run file (history)

Fixed bug 063 fix not working

Fixed bug difference string / expandstring in registry

Signed executable with authenticode certificate

Changed icons for signatures (green, blue)

Changed textlog for tasks items (added description)

 

Added : Beginner, expert mode (wizard)

Added : Backup & restore function

Added : Scheduled jobs now show the application started by the job

Added : free filter/search (you can now search on part of words ex: "f-secure" show all items with the phrase "f-secure")

You can search in path,executable,company,md5

Added : filesize to .run file

Added : extra info window (easy for debugging and to copy/paste)

Added : basic tutorial to the site

Added : extra backup info window in the history tab

Added extra vista UAC support

Added vista support : now program asks to run as administrator by default

 

Added item : 001 : hosts file location

Added item : 001 : hosts file entries <> 127.0.0.1 (count)

Added item : 047 IE trusted zones

Added item : 048 IE ESC trusted zones

Added item : 008 Autorun registry entries .default user

Added item : 009 Autorun registry entries System user

__________________

[Andavari]

Let me know your thoughts/remarks

 

I'm looking for some people to test this on "real" infected machines.

Is this your program developed by you?

If so something I've seen on other forums under your username could be very helpful like: RunScanner Developer

[login123]

Thanks, Lusher.

 

Got it, will try it soon.

[LUSHER]

Build 0.9.6.1 uploaded (minor release)

 

Changed : restricted sites/zones are now ignored

Redesigned the beginner screen

Fixed performance issues with uploading

 

As to the question able whether I'm the developer, the answer is no. I'm just one of the 'agents' (er shrills) of RunScanner. Sorry for the confusion, I was just using the template the author developed. As penance for not doing the quotes thing I will not post here in the future.

[fireryone]

Hey, you don't have to leave

[login123]

lusher: "Let me know your thoughts/remarks"

 

Nice application. Very complete.

 

The only reservation I have about it is that it wants store and show information in the online database. Of course, for all I know that may be a good thing. . .maybe I'm just paranoid.

 

The screenshot shows the Comodo firewall message.

 

ps, I agree with Fireyone: don't leave, stay around.

 

[Andavari]

Sorry for the confusion, I was just using the template the author developed. As penance for not doing the quotes thing I will not post here in the future.

You don't have to leave.

I for one would not know about RunScanner had you not started this thread about it.

[LUSHER]

lusher: "Let me know your thoughts/remarks"

 

Nice application. Very complete.

 

The only reservation I have about it is that it wants store and show information in the online database. Of course, for all I know that may be a good thing. . .maybe I'm just paranoid.

 

 

 

"The outbound traffic is to clr.microsoft.com and to verisign to check the authenticode signatures of the files. (there is a warning on the top of the first screen)

 

A "Quick scan" is expert mode doesn't do this check."

 

This is harmless, don't believe me, use a packet sniffer and you can see exactly what is being "sent".

 

This is actually one of the best features of runscanner actually, so you can filter out obviously safe entries.

 

 

And no it doesn't store information on the online database, not unless you select online malware analysis.

 

Even then any and all personal indentifying marks will be stripped and it will store it for a maximum of 30 days , and the url will be a unique url that you can give to some expert to look (no one else will know the url). It's exactly the same as posting on a forum , except the forum will keep your postings of logs forever!

[LUSHER]

RunScanner 1.0 is finally out! Final release!

 

Changelog 1.0 (final release)

Rewrite of the "beginner - wizard" screen

Added version check in beginner mode

Added list of specialist helper forums

Removed "no zone defined" entries from trusted zones

Whitelisted microsoft trusted zones in textlog:

Whitelisted 063 default items

Whitelisted 036 default items

Whitelisted "::1 localhost" in vista hosts file

Whitelisted default 180 entries in log file

Whitelisted default 106 entries in log file

Fixed bug with incorrect "file not found"

Several other small bug fixes

 

 

http://www.runscanner.net/

[fireryone]

New version is quite nice:

 

Here is an example of a log (mine) if anyone wants to see a clean one:

 

http://www.runscanner.net/report.aspx?repo...51-80b813ff71eb

[LUSHER]

New version is quite nice:

 

Here is an example of a log (mine) if anyone wants to see a clean one:

 

http://www.runscanner.net/report.aspx?repo...51-80b813ff71eb

 

Again I would like to stress that uploading your report online is strictly OPTIONAL. It works fine without doing this, you can also save a txt file (.run) locally.

[LUSHER]

1.0.1 release out.

 

This fixes a fairly serious bug that makes it miss appinitdll entries.

 

http://www.runscanner.net/

[airport101]

well done

it is very easy to use and it is free

the best bit its not a big download

 

AIRPORT101

[LUSHER]

well done

it is very easy to use and it is free

the best bit its not a big download

 

AIRPORT101

 

It's a bit slow compared to AutoRuns though. And AVG detects RunScanner as a trojan.

[airport101]

mine AVG detects it also But im not afraid

You may want to contact them and say it is not

 

AIRPORT101

[LUSHER]

mine AVG detects it also But im not afraid

 

 

AIRPORT101

 

That's your choice. I'm just presenting facts.

[LUSHER]

Changelog 1.0.2

Fixed bug with "problem with shortcut , searching for file gui"

Fixed false positive warning with AVG antivirus

(Thanks to Lusher for reporting the bug)

 

 

Hmm the author "fixed" it so it is no longer detected by AVG. Plus fixing another bug I found

[login123]

. . .This is harmless, don't believe me, use a packet sniffer and you can see exactly what is being "sent". . . .

 

Thanks, LUSHER, for the information.

[LUSHER]

http://www.runscanner.net/download.aspx

 

Changelog 1.0.3

Added trusted zones HKLM

Added HKCU\Software\Classes\Folder\Shellex\ColumnHandlers

Added HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components

Added HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

Added HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

Added 105 HKCU\Software\Microsoft\Internet Explorer\MenuExt

Fixed minor bug with incorrect filter

Fixed minor sorting bug in text log file

Changed behaviour with 068 -> download lsp-fix

Changed ctrl+c (copy) formatting

Google lookup now also searches for GUID, registry entry if no exename available.