AfterDawn | News | Guides | Software downloads | Tech Support | Forums | HIGH.FI

Version history for RunScanner

<<Back to software description

Changes for v2.0.0.50 - v2.0.0.60

  • Fixed bugs in 64 bit software scanning.

Changes for v2.0.0.47 - v2.0.0.50

  • Fixed an important problem where some malware files prevented Runscanner from starting.
  • Fixed a problem where the scanning was locked during process scanning.

Changes for v1.9.0.9 - v2.0.0.47

  • Fixed a bug where the scanning process freezes after loaded modules.
  • Added 4 command line parameters:
  • /beginner : start the program in beginner mode
  • /beginnerscan : start the program in beginner mode and start scanning
  • /expert : start the program in expert mode
  • /expertscan : start the program in expert mode and start scanning
  • 64 bit windows support !
  • Enhanced whitelisting
  • Updated to virustotal 2.0 uploader
  • Minor bug fixes
  • Added Launch/hijack locations:
  • 012 S-1-5-XX\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys)
  • 013 S-1-5-XX\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce (+subkeys)
  • 014 S-1-5-XX\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx (+subkeys)

Changes for v1.8.1.0 - v1.9.0.9

  • Enhanced whitelisting
  • Windows 7 support (32 bit)
  • Run files now include the list of installed software on the computer.
  • Minor bug fixes

Changes for v1.8.0.0 - v1.8.1.0

  • Enhanced whitelisting
  • Minor bug fixes

Changes for v1.7.0.0 - v1.8.0.0

  • Switched to Delphi 2009 unicode
  • Run files have a new slightly smaller format
  • Added new certificates to the whitelist
  • Added filename lookup to
  • Removed search
  • Bugs fixed :
  • Fixed several unicode issues
  • Canvas does not allow drawing error
  • Online analysis sometimes not working
  • Fixed several access violation errors
  • AppInit_Dlls value now recognizes spaces and commas as delimiter. (used to hide malware)
  • Fixed bug where some startup items with parameters could not be restored
  • Fixed bug when some important registry settings could not be restored (LSA authentication packages)
  • Added Launch/hijack locations:
  • 250 HKCU\Software\Classes\Directory\Shellex\DragDropHandlers
  • 251 HKLM\Software\Classes\Directory\Shellex\DragDropHandlers
  • 252 HKCU\Software\Classes\Directory\Shellex\PropertySheetHandlers
  • 253 HKLM\Software\Classes\Directory\Shellex\PropertySheetHandlers
  • 254 HKCU\Software\Classes\Directory\Shellex\CopyHookHandlers
  • 255 HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers

Changes for v1.6.3.0 - v1.7.0.0

  • Full unicode support!
  • New layout to fit more items on the screen
  • Removed classic mode and merged it with the expert mode.
  • New and faster scan engine
  • Runscanner now scans all loaded modules by default
  • Runscanner text logfiles are redesigned to better fit in forums
  • Filepaths are no longer converted into lowercase
  • Run files now include all loaded modules
  • Old run files are no longer compatible with the new version.
  • Bug fixed: some incorrect "file not found" fixed for filenames
  • Bug fixed: no description shows for some items
  • Bug fixed: drwtsn32 -p %ld -e %ld -g could not be parsed
  • Fixed error with some unknown datatypes (systemcheck2 error)
  • Fixed error some items could not be deleted when a certain filter was set
  • Added new publishers to the whitelist.
  • Online whitelisting improved
  • History database no longer uses MSaccess (no more mdac errors)

Changes for v1.6.0.4 - v1.6.1.0

  • Bug fixed: Bitmap image is not valid. (corrupt embedded icon)
  • Bug fixed: malware analysis after import not working in expert mode
  • Bug fixed: Lookup at Runscanner when no MD5 available popupmenu
  • Sub run folders are now only scanned on windows 2000

Changes for v1.5.0.39 - v1.6.0.4

  • Restrictions for internet explorer:
  • 080 HKLM\Software\Policies\Microsoft\Internet Explorer (+subfolders)
  • 081 HKCU\Software\Policies\Microsoft\Internet Explorer (+subfolders)
  • Startup/Shutdown/logon/logoff scripts
  • 090 HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon
  • 091 HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon
  • 092 HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup
  • 093 HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Shutdown
  • 094 HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff
  • Various
  • 110 HKLM\System\CurrentControlSet\Control\BootVerificationProgram\ImagePath
  • 174 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\VmApplet
  • 200 HKLM\System\CurrentControlSet\Control\Session Manager\Execute
  • 201 HKLM\System\CurrentControlSet\Control\Session Manager\SetupExecute
  • Shell hijacking (moved from general policies)
  • 162 HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell
  • 163 HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell
  • Terminal server related
  • 190 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AppSetup
  • 191 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run
  • 192 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Runonce
  • 193 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx
  • 194 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\LogoffApp
  • Debugger hijacking (thanks to Tony Klein)
  • 176 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AeDebug\Debugger
  • Denying access to websites/IP addresses by setting a wrong static route (thanks to Bruce Harrison - nosirrah)
  • 177 HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes
  • Hijacking of standard windows tools
  • 210 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\BackupPath
  • 211 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\Cleanuppath
  • 212 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\DefragPath
  • 213 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Utility Manager\Magnifier
  • 214 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Utility Manager\Narrator
  • 215 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Utility Manager\On-Screen Keyboard

Changes for v1.0.3 - v1.5.0.39

  • New features in this version:
  • New design in all modes
  • Layout is now shown correctly for people with "large fonts" enabled
  • Certificates of files are now analysed in all modes for signer/issuer
  • Certificates are now shown as a certificate image in the grid instead of the green/red icons
  • Virusscanner integration with Virustotal (upload file for scanning)
  • Integration with Bit9 FileAdvisor (lookup MD5 hash)
  • Integration with CastleCops (lookup MD5 hash)
  • New Classic mode : This mode is targetted at removing hijacks, it only shows non-whitelisted items and there is an easy "Fix selected items" button, all other "safe" startup items can still be found in the expert mode.
  • Added "Item fixer" tab in expert mode.
  • Added "classic mode / hijack" tab in expert mode.
  • Quick scan is removed in expert mode.
  • New in expert mode : loaded modules analyzer.
  • Warning if windows version is not supported. (Only win2000 or higher is supported)
  • Added drivers with type = 2
  • Disabled drivers and services are now automatically whitelisted in classic mode.
  • Runscanner now finds drivers with undefined imagepath.
  • Scanning is done a bit faster, the most processor intense part of the scan is still calculating the MD5 hashes
  • No internet connection is needed anymore during the scan.
  • Vista : Process killer now shows also protected processes
  • Bug fixes:
  • Fixed bug with corrupt MDAC installation in windows XP (used by history database)
  • Fixed visual bug with screen flash after quit.
  • Fixed bug with EOleSysError on incorrect/corrupt startup shortcuts.
  • Fixed bug with corrupt taskscheduler service.
  • Fixed bug with corrupt .run files.
  • Whitelist added:
  • A list of safe certificate publishers (56)
  • Standard search pages
  • Standard start pages
  • Standard safe zones (microsoft,...)
  • Blacklisted dangerous policies (DisableTaskMgr,DisableRegistryTools,DisableCMD,...)

<<Back to software description