Runscanner 1.5 released

Discussion in 'other anti-malware software' started by RunScanner, Dec 4, 2007.

Thread Status:
Not open for further replies.
  1. RunScanner

    RunScanner Registered Member

    Joined:
    Feb 27, 2007
    Posts:
    58
    Hi all,

    Runscanner 1.5 is released today : http://www.runscanner.net

    Feature overview : http://www.runscanner.net/why-runscanner.aspx

    What are the most important changes in this release:
    Classic mode : looks similar to HJT
    Integration with virustotal, Fileadvisor (MD5), Castlecops (MD5)
    All authenticode certificates are now analysed for all files.
    This makes is easier to seperate the "real" microsoft files from the "bad"

    New features:
    ----------------
    New design in all modes
    Layout is now shown correctly for people with "large fonts" enabled
    Certificates of files are now analysed in all modes for signer/issuer
    Certificates are now shown as a certificate image in the grid instead of the green/red icons
    Virusscanner integration with Virustotal (upload file for scanning)
    Integration with Bit9 FileAdvisor (lookup MD5 hash)
    Integration with CastleCops (lookup MD5 hash)
    New Classic mode : This mode is targetted at removing hijacks, it only shows non-whitelisted items and there is an easy "Fix selected items" button, all other "safe" startup items can still be found in the expert mode.
    Added "Item fixer" tab in expert mode .
    Added "classic mode / hijack" tab in expert mode.
    Quick scan is removed in expert mode.
    New in expert mode : loaded modules analyzer
    Warning if windows version is not supported. (Only win2000 or higher is supported)
    Added drivers with type = 2
    Disabled drivers and services are now automaticly whitelisted in classic mode.
    Runscanner now finds drivers with undefined imagepath.
    Scanning is done a bit faster, the most processor intense part of the scan is still calculating the MD5 hashes
    No internet connection is needed anymore during the scan.
    Vista : Process killer now shows also protected processes

    Bug fixes:
    -----------
    Fixed bug with corrupt MDAC installation in windows XP (used by history database)
    Fixed visual "bug" with screen flash after quit.
    Fixed bug with EOleSysError on incorrect/corrupt startup shortcuts.
    Fixed bug with corrupt taskscheduler service.
    Fixed bug with corrupt .run files.

    Whitelist added:
    ------------------
    A list of safe certificate publishers (56)
    Standard search pages
    Standard start pages
    Standard safe zones (microsoft)
    Blacklisted dangerous policies (DisableTaskMgr,DisableRegistryTools,DisableCMD,...)
     
  2. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    :) :thumb:
    Thankyou
     
  3. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    hi,

    nice app and excellent work.

    a higher resolution CATscan indeed.
     
  4. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Brillant :)
     
  5. markymoo

    markymoo Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    1,212
    Location:
    England
    This is a fantastic superduper essential program and it's even free. I realised of a program way back to check md5 hashes but thought it be not pratical to implement and huge trying to maintain all hashes for the ever changing windows files. A sure way to know your system files like svchost.exe are clean.

    A big wow from me.
     
    Last edited: Dec 9, 2007
  6. RunScanner

    RunScanner Registered Member

    Joined:
    Feb 27, 2007
    Posts:
    58
    Only good replies so far, now let me hear the bad ones so I can start on the next version.
     
  7. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    The old versions work fine here but am getting a "EOleSysError" with the new version.

    I do thin out XP quite a bit and services run at a minimum.
     
  8. RunScanner

    RunScanner Registered Member

    Joined:
    Feb 27, 2007
    Posts:
    58
    Could you mail me the bug report, this will make it easier to investigate.
     
  9. markymoo

    markymoo Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    1,212
    Location:
    England
    it goes to castlecops hash but know specific hash detail
     
  10. Joliet Jake

    Joliet Jake Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    911
    Location:
    Scotland
    Woooo, scary stuff. Tried to download from the link above 3 times but Firefox froze up three times. Had to kill it in task manager then AOL got hosed and I've spent the last 2 hours trying to get that up and running again.

    Gonna try it in Opera the brave soldier I am!:cool: :D

    Edit: Froze Opera up for 10 seconds or so too. Strange thang my PC.
     
  11. maddawgz

    maddawgz Registered Member

    Joined:
    Aug 13, 2004
    Posts:
    1,276
    Location:
    Earth
    any badies?
     

    Attached Files:

    • test.log
      File size:
      315.7 KB
      Views:
      28
  12. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Thanks for the email Runscanner.

    Extracted those files relating to mdac from a ghost image back to where they should be and RS is working fine now.

    Edit:
    Executed the older version by mistake which works OK.

    No go with the new version.Sorry for the mixup.
     
    Last edited: Dec 12, 2007
  13. markymoo

    markymoo Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    1,212
    Location:
    England
    i testing it now in x64 xp and it dosent seem to work properly unless i'm mistaken. i getting lots of file not found under Hijack Items which are there. i'm getting a long list of programs that are safe. is it only designed mainly for x86?
     
    Last edited: Dec 23, 2007
  14. Hairy Coo

    Hairy Coo Registered Member

    Joined:
    Oct 19, 2007
    Posts:
    1,486
    Location:
    Northern Beaches
    New version 1.610 working perfectly,thanks.
     
  15. Bio-Hazard

    Bio-Hazard Registered Member

    Joined:
    Jan 10, 2007
    Posts:
    529
    Location:
    Cornwall, UK
    Same here. Runscanner is a excellent tool! Thank you!
     
  16. Hairy Coo

    Hairy Coo Registered Member

    Joined:
    Oct 19, 2007
    Posts:
    1,486
    Location:
    Northern Beaches
    Great for use with an uninstaller to get rid of hidden leftovers:thumb:
     
  17. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    I'm completely new to this tool, just giving 1.6.1.0 a spin. I've a couple of questions though:-

    1) Why is it that SSM's running process (SysSafe.exe) is displayed in red as file not found, when Process Explorer etc has no trouble in displaying the file path? Is it because it is unable to calculate the MD5 on the file?

    2) Is it possible to configure the tool to display empty positions, so we can see every location it is examining?

    The app certainly seems to give a lot of info.
     
  18. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Great tool indeed to get rid of leftovers.
     
Loading...
Thread Status:
Not open for further replies.