If you’re a malware hunter, and you’re in the market for a free system utility which will scan your system for running programs, autostart locations, drivers, services and hijack points, then Runscanner should make your shortlist.
The developers of Runscanner describe this freeware utility as having been designed to “detect changes and misconfigurations in your system caused by spyware, viruses, or human error.”
Sounds a bit like HijackThis, the free utility from Trend Micro, which has a well deserved reputation for being aggressive in tracking down unauthorized changes that have been made to your system/applications.
Runscanner though, takes this process miles beyond HijackThis, and does so by using an intuitive approach that casual users*, and experienced users alike, should find easy to work with.
*The only difficulty I see, that casual users might have a problem with is – the enormous volume of information this application is capable of producing. This could make it difficult for a casual user to interpret results.
Runscanner is a simple executable, and no installation is required. Just click on the file, and then choose your mode – beginner or expert.
The following screen capture shows the results of a full scan I ran on a Win 7 (32 bit), machine. The only entry I was unfamiliar with was Staropen.sys. Runscanner was right on the job though, with the right click context menu providing access to “lookup” services, as the screen shot below illustrates.
I took a look at Staropen.sys using a Google link to the Prevx file investigation site, and found the following: The filename Staropen.sys is used by objects that are classified as safe. It has not yet been seen to be associated with malicious software.
I then uploaded the file to VirusTotal (another context menu option),and VirusTotal reported the following – as shown in the screen shot below.
I suspected that this system driver was a component of CDBurner XP, and opening the location (another context menu option), then reading the driver with NotePad, indicated this was correct.
The next part of the test involved generating an online malware analysis report, which generates a massive report on all items which are considered safe, unsafe, whitelisted and additionally, verification of each file’s digital signature.
The screen capture below shows only a tiny (and I do mean tiny), portion of this report. The report is the most comprehensive of any I’ve ever seen, produced by this type of utility.
100+ start/hijack locations
Online malware analysis
Import and export of .run files
Powerful process killer
Save to text log file
Powerful file filtering
Host file editor
History backup / restore
Analysis of file certificates
Beginner, Expert mode
Bit9 FileAdvisor MD5 lookup
Upload file to VirusTotal
Analyze loaded modules
Runscanner database lookup
If you are a casual user, one caveat from the developer you should be aware of: Runscanner requires advanced knowledge about Windows. If you delete an item, without knowing what it is, it can lead to major Windows problems. If you are not sure what to delete, post your Run file to a helper forum.
A list of helper forums is available directly from within the application, or here.
System requirements: Windows 2003, Windows 2000, Windows Vista, Windows XP, Windows 7 (according to the developers, the application is x 64 compatible).
Download at: Download.com
Public process list is an additional service provided by the developers. In this list you will be able to browse all processes and files found by Runscanner. Extra information for top processes is added to the database and optional security info is provided by research.
Runscanner has additional capabilities not reviewed here, so I recommend that you take a close look at this freebie. I think you’ll find that it’s worth the effort.
If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.