Hi all,

Runscanner 1.6.3 is released today : http://www.runscanner.net

Feature overview : http://www.runscanner.net/why-runscanner.aspx

Changelog:

MD5 calculation now uses the windows api for improved speed.
Added warning when access denied on reading/writing hosts file.
Fixed bug with copying MD5 hashes to clipboard.
Fixed bug with incorrect files not found.
Fixed bug when fixing some items, the items were fixed but not removed from the selection list
Fixed problem with invalid datatype for the internet explorer search page.
Added more safe publishers to the list.

Added Launch/hijack locations:

153 HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\ Midi, Midi1 -> Midi9 (used by the silentbanker worm)
220 HKCU\Software\Classes\*\ShellEx\ContextMenuHandlers
221 HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers
222 HKCU\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers
223 HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers
224 HKCU\Software\Classes\Folder\ShellEx\ContextMenuHandlers
225 HKCU\Software\Classes\Folder\ShellEx\ContextMenuHandlers
226 HKCU\Software\Classes\Directory\ShellEx\ContextMenuHandlers
227 HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers
228 HKCU\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
229 HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
230 HKCU\Software\Classes\Folder\Shellex\ColumnHandlers
231 HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
240 HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
241 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers

Hi,

thx for this very useful tool.
Good design (no installation required, backup/restore of deleted items)

I use it most often to search for nasty uninstall remains.
Else I like the online Database, with MD5/Guid/CLSID search features.

Cheers

Thanks a lot. This one is must have tool to everybody.

Most interesting additions, just curious how they could been overlooked so easily earlier, but no matter, very generous of you to make this tool available and especially grateful for the attention you,ve obviously given it in effort at your own expense of time.

Thanks EASTER

-{ Quote: "Most interesting additions, just curious how they could been overlooked so easily earlier" }-

a) As with most software most people only start testing and using it if it is recommended by experts
b) experts only test it if it is recommended by other experts
c) go back to a ;)

One of my favorite tools! :o made even better!
I recommend it and I use it!

I highly Recommend it here: http://www.hermes-computers.ca/index.php?pid=35 scroll to the bottom!

Microsoft must be sitting back in their chairs laughing their heads off knowing full well there are so many vectors of potential disruption areas still yet to be realized by violent structured malware.

Thanks for the great tool, it's a real help.

-{ Quote: "Microsoft must be sitting back in their chairs laughing their heads off knowing full well there are so many vectors of potential disruption areas still yet to be realized by violent structured malware.

Thanks for the great tool, it's a real help." }-

You would think that with the resources, manpower/Brainpower at their disposal, things would have improved at light speed... :dry: Little guys working part time on a pet programing project seem to have a better handle on things than they do...

Think what could be possible if types like Mark Rossinovitch and Geert Moernaut got together... The work they could do and the shame on Microsoft...

-{ Quote: "You would think that with the resources, manpower/Brainpower at their disposal, things would have improved at light speed... :dry: Little guys working part time on a pet programing project seem to have a better handle on things than they do...

Think what could be possible if types like Mark Rossinovitch and Geert Moernaut got together... The work they could do and the shame on Microsoft..." }-

Exactly Hermescomputers

And i been badgering away over this what seems like years now and they keep going in the opposite direction. I dunno, i give up, unless they are bought out by a better entity willing to really set it on fire, it looks like $M will remain to be a skeleton maker O/S and quite content with that and making Xboxes. 8)

Does any one else find it strange that huge comglomerates like Microsoft, Symantec and others like them seem quite content to ravish themselves on their past successes with their revelling in their present profits whereby in contrast other firms for one example, the security producers are ever vigilent and consistently moving forward in an effort to improve and delight their customers as best they can?

-{ Quote: "Exactly Hermescomputers

Does any one else find it strange that huge comglomerates like Microsoft, Symantec and others like them seem quite content to ravish themselves on their past successes with their revelling in their present profits whereby in contrast other firms for one example, the security producers are ever vigilent and consistently moving forward in an effort to improve and delight their customers as best they can?" }-

I think like many large over sized corporations they become practically unable to make anything truly innovative due to internal management issues, besides being able to obliterate those who are innovative as they are perceived as standing in their way or as fodder to purchase and assimilate. Without small companies to absorb many seem unable to grow or re invent themselves...

Perhaps, I suffer from an inability to re invent myself as well but a lack of capital is my excuse for them it's probably simply innertia... ::)

IMHO capitalist monopolies when not reinvesting in themselves for sake of the greater good being new creative innovations and winning loyalty from established customers as well as speading word of their dependability to solicit new customers, but instead choose to overtake to consume what they see as their competition, they become useless and turn to complaceny and for all practical purposes become thieves themselves and rob by virtue of their cash flow in an effort to reduce or even eliminate even better new potential innovators that serve the greater purpose of sharing.

WoW did i steer OT, but i can't help it, i take great pride in talented developers who are not as resourceful but contribute far more even in face of small returns for their efforts, For that they are to be highly commended and in reality are more valuable then their revenue rich counterparts who practice the grab and smash policy.

Now that Microsoft bought sysinternals:

The sysinternals tools are still free and updated regularly, i'm happy with that.

On the other hand, if they integrated great new tools into windows (tools like sandboxie, hips tools, ...) they will have the european union commission on their ass.

A quick note (non security related, but useful for administrators)

Windows system administrators should check out my new Lansweeper version 3.0 http://www.lansweeper.com (freeware)

What does it do:
- Inventory of all your windows computers, servers.
- No need to install an agent on your computers.
- Software and operating system licensing reports and cost calculation.
- Console for your helpdesk to manage all your clients
... much more
Full feature list (http://www.lansweeper.com/lansweeperpro.pdf) (pdf)

It's very scalable, the largest installation that i'm aware of manages 20.000 clients+servers with it.

The installation gives some problems at the moment for people that don't know what they are doing (i'm working on it)

Check it out, you'll like it, I promise ;)

-{ Quote: "Hi all,

Runscanner 1.6.3 is released today : http://www.runscanner.net

Feature overview : http://www.runscanner.net/why-runscanner.aspx

Changelog:

MD5 calculation now uses the windows api for improved speed.
Added warning when access denied on reading/writing hosts file.
Fixed bug with copying MD5 hashes to clipboard.
Fixed bug with incorrect files not found.
Fixed bug when fixing some items, the items were fixed but not removed from the selection list
Fixed problem with invalid datatype for the internet explorer search page.
Added more safe publishers to the list.

Added Launch/hijack locations:

153 HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\ Midi, Midi1 -> Midi9 (used by the silentbanker worm)
220 HKCU\Software\Classes\*\ShellEx\ContextMenuHandlers
221 HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers
222 HKCU\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers
223 HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers
224 HKCU\Software\Classes\Folder\ShellEx\ContextMenuHandlers
225 HKCU\Software\Classes\Folder\ShellEx\ContextMenuHandlers
226 HKCU\Software\Classes\Directory\ShellEx\ContextMenuHandlers
227 HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers
228 HKCU\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
229 HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
230 HKCU\Software\Classes\Folder\Shellex\ColumnHandlers
231 HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
240 HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
241 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" }-

Thanks,

Updated my Comodo protected registry items.

Hmm, done the same for Tiny Watcher & EQS.

Thanks