Runscanner 1.5 released

Hi all,

Runscanner 1.5 is released today : http://www.runscanner.net

Feature overview : http://www.runscanner.net/why-runscanner.aspx

What are the most important changes in this release:
Classic mode : looks similar to HJT
Integration with virustotal, Fileadvisor (MD5), Castlecops (MD5)
All authenticode certificates are now analysed for all files.
This makes is easier to seperate the "real" microsoft files from the "bad"

New features:
----------------
New design in all modes
Layout is now shown correctly for people with "large fonts" enabled
Certificates of files are now analysed in all modes for signer/issuer
Certificates are now shown as a certificate image in the grid instead of the green/red icons
Virusscanner integration with Virustotal (upload file for scanning)
Integration with Bit9 FileAdvisor (lookup MD5 hash)
Integration with CastleCops (lookup MD5 hash)
New Classic mode : This mode is targetted at removing hijacks, it only shows non-whitelisted items and there is an easy "Fix selected items" button, all other "safe" startup items can still be found in the expert mode.
Added "Item fixer" tab in expert mode .
Added "classic mode / hijack" tab in expert mode.
Quick scan is removed in expert mode.
New in expert mode : loaded modules analyzer
Warning if windows version is not supported. (Only win2000 or higher is supported)
Added drivers with type = 2
Disabled drivers and services are now automaticly whitelisted in classic mode.
Runscanner now finds drivers with undefined imagepath.
Scanning is done a bit faster, the most processor intense part of the scan is still calculating the MD5 hashes
No internet connection is needed anymore during the scan.
Vista : Process killer now shows also protected processes

Bug fixes:
-----------
Fixed bug with corrupt MDAC installation in windows XP (used by history database)
Fixed visual "bug" with screen flash after quit.
Fixed bug with EOleSysError on incorrect/corrupt startup shortcuts.
Fixed bug with corrupt taskscheduler service.
Fixed bug with corrupt .run files.

Whitelist added:
------------------
A list of safe certificate publishers (56)
Standard search pages
Standard start pages
Standard safe zones (microsoft)
Blacklisted dangerous policies (DisableTaskMgr,DisableRegistryTools,DisableCMD,...)

 

Thankyou

 

hi,

nice app and excellent work.

a higher resolution CATscan indeed.

 

Brillant

 

This is a fantastic superduper essential program and it's even free. I realised of a program way back to check md5 hashes but thought it be not pratical to implement and huge trying to maintain all hashes for the ever changing windows files. A sure way to know your system files like svchost.exe are clean.

A big wow from me.

 

Only good replies so far, now let me hear the bad ones so I can start on the next version.

 

The old versions work fine here but am getting a "EOleSysError" with the new version.

I do thin out XP quite a bit and services run at a minimum.

 

Could you mail me the bug report, this will make it easier to investigate.

 

it goes to castlecops hash but know specific hash detail

 

Woooo, scary stuff. Tried to download from the link above 3 times but Firefox froze up three times. Had to kill it in task manager then AOL got hosed and I've spent the last 2 hours trying to get that up and running again.

Gonna try it in Opera the brave soldier I am!

Edit: Froze Opera up for 10 seconds or so too. Strange thang my PC.

 

any badies?

 

Thanks for the email Runscanner.

Extracted those files relating to mdac from a ghost image back to where they should be and RS is working fine now.

Edit:
Executed the older version by mistake which works OK.

No go with the new version.Sorry for the mixup.

 

i testing it now in x64 xp and it dosent seem to work properly unless i'm mistaken. i getting lots of file not found under Hijack Items which are there. i'm getting a long list of programs that are safe. is it only designed mainly for x86?

 

New version 1.610 working perfectly,thanks.

 

Same here. Runscanner is a excellent tool! Thank you!

 

Great for use with an uninstaller to get rid of hidden leftovers

 

I'm completely new to this tool, just giving 1.6.1.0 a spin. I've a couple of questions though:-

1) Why is it that SSM's running process (SysSafe.exe) is displayed in red as file not found, when Process Explorer etc has no trouble in displaying the file path? Is it because it is unable to calculate the MD5 on the file?

2) Is it possible to configure the tool to display empty positions, so we can see every location it is examining?

The app certainly seems to give a lot of info.

 

Great tool indeed to get rid of leftovers.