Version history for RunScanner

<<Back to software description

Changes for v2.0.0.50 - v2.0.0.60

Fixed bugs in 64 bit software scanning.

Changes for v2.0.0.47 - v2.0.0.50

Fixed an important problem where some malware files prevented Runscanner from starting.
Fixed a problem where the scanning was locked during process scanning.

Changes for v1.9.0.9 - v2.0.0.47

Fixed a bug where the scanning process freezes after loaded modules.
Added 4 command line parameters:
/beginner : start the program in beginner mode
/beginnerscan : start the program in beginner mode and start scanning
/expert : start the program in expert mode
/expertscan : start the program in expert mode and start scanning
64 bit windows support !
Enhanced whitelisting
Updated to virustotal 2.0 uploader
Minor bug fixes
Added Launch/hijack locations:
012 S-1-5-XX\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys)
013 S-1-5-XX\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce (+subkeys)
014 S-1-5-XX\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx (+subkeys)

Changes for v1.8.1.0 - v1.9.0.9

Enhanced whitelisting
Windows 7 support (32 bit)
Run files now include the list of installed software on the computer.
Minor bug fixes

Changes for v1.8.0.0 - v1.8.1.0

Enhanced whitelisting
Minor bug fixes

Changes for v1.7.0.0 - v1.8.0.0

Switched to Delphi 2009 unicode
Run files have a new slightly smaller format
Added new certificates to the whitelist
Added filename lookup to systemlookup.com
Removed Castlecops.com search
Bugs fixed :
Fixed several unicode issues
Canvas does not allow drawing error
Online analysis sometimes not working
Fixed several access violation errors
AppInit_Dlls value now recognizes spaces and commas as delimiter. (used to hide malware)
Fixed bug where some startup items with parameters could not be restored
Fixed bug when some important registry settings could not be restored (LSA authentication packages)
Added Launch/hijack locations:
250 HKCU\Software\Classes\Directory\Shellex\DragDropHandlers
251 HKLM\Software\Classes\Directory\Shellex\DragDropHandlers
252 HKCU\Software\Classes\Directory\Shellex\PropertySheetHandlers
253 HKLM\Software\Classes\Directory\Shellex\PropertySheetHandlers
254 HKCU\Software\Classes\Directory\Shellex\CopyHookHandlers
255 HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers

Changes for v1.6.3.0 - v1.7.0.0

Full unicode support!
New layout to fit more items on the screen
Removed classic mode and merged it with the expert mode.
New and faster scan engine
Runscanner now scans all loaded modules by default
Runscanner text logfiles are redesigned to better fit in forums
Filepaths are no longer converted into lowercase
Run files now include all loaded modules
Old run files are no longer compatible with the new version.
Bug fixed: some incorrect "file not found" fixed for filenames
Bug fixed: no description shows for some items
Bug fixed: drwtsn32 -p %ld -e %ld -g could not be parsed
Fixed error with some unknown datatypes (systemcheck2 error)
Fixed error some items could not be deleted when a certain filter was set
Added new publishers to the whitelist.
Online whitelisting improved
History database no longer uses MSaccess (no more mdac errors)

Changes for v1.6.0.4 - v1.6.1.0

Bug fixed: Bitmap image is not valid. (corrupt embedded icon)
Bug fixed: malware analysis after import not working in expert mode
Bug fixed: Lookup at Runscanner when no MD5 available popupmenu
Sub run folders are now only scanned on windows 2000

Changes for v1.5.0.39 - v1.6.0.4

Restrictions for internet explorer:
080 HKLM\Software\Policies\Microsoft\Internet Explorer (+subfolders)
081 HKCU\Software\Policies\Microsoft\Internet Explorer (+subfolders)
Startup/Shutdown/logon/logoff scripts
090 HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon
091 HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon
092 HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup
093 HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Shutdown
094 HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff
Various
110 HKLM\System\CurrentControlSet\Control\BootVerificationProgram\ImagePath
174 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\VmApplet
200 HKLM\System\CurrentControlSet\Control\Session Manager\Execute
201 HKLM\System\CurrentControlSet\Control\Session Manager\SetupExecute
Shell hijacking (moved from general policies)
162 HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell
163 HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell
Terminal server related
190 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AppSetup
191 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run
192 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Runonce
193 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx
194 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\LogoffApp
Debugger hijacking (thanks to Tony Klein)
176 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AeDebug\Debugger
Denying access to websites/IP addresses by setting a wrong static route (thanks to Bruce Harrison - nosirrah)
177 HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes
Hijacking of standard windows tools
210 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\BackupPath
211 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\Cleanuppath
212 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\DefragPath
213 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Utility Manager\Magnifier
214 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Utility Manager\Narrator
215 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Utility Manager\On-Screen Keyboard

Changes for v1.0.3 - v1.5.0.39

New features in this version:
New design in all modes
Layout is now shown correctly for people with "large fonts" enabled
Certificates of files are now analysed in all modes for signer/issuer
Certificates are now shown as a certificate image in the grid instead of the green/red icons
Virusscanner integration with Virustotal (upload file for scanning)
Integration with Bit9 FileAdvisor (lookup MD5 hash)
Integration with CastleCops (lookup MD5 hash)
New Classic mode : This mode is targetted at removing hijacks, it only shows non-whitelisted items and there is an easy "Fix selected items" button, all other "safe" startup items can still be found in the expert mode.
Added "Item fixer" tab in expert mode.
Added "classic mode / hijack" tab in expert mode.
Quick scan is removed in expert mode.
New in expert mode : loaded modules analyzer.
Warning if windows version is not supported. (Only win2000 or higher is supported)
Added drivers with type = 2
Disabled drivers and services are now automatically whitelisted in classic mode.
Runscanner now finds drivers with undefined imagepath.
Scanning is done a bit faster, the most processor intense part of the scan is still calculating the MD5 hashes
No internet connection is needed anymore during the scan.
Vista : Process killer now shows also protected processes
Bug fixes:
Fixed bug with corrupt MDAC installation in windows XP (used by history database)
Fixed visual bug with screen flash after quit.
Fixed bug with EOleSysError on incorrect/corrupt startup shortcuts.
Fixed bug with corrupt taskscheduler service.
Fixed bug with corrupt .run files.
Whitelist added:
A list of safe certificate publishers (56)
Standard search pages
Standard start pages
Standard safe zones (microsoft,...)
Blacklisted dangerous policies (DisableTaskMgr,DisableRegistryTools,DisableCMD,...)

Version history for RunScanner

Top downloads

Latest updates

Help us

Sections:

Follow us: