Download Free Runscanner – HijackThis On Steroids!

imageIf you’re a malware hunter, and you’re in the market for a free system utility which will scan your system for running programs, autostart locations, drivers, services and hijack points, then Runscanner should make your shortlist.

The developers of Runscanner describe this freeware utility as having been designed to “detect changes and misconfigurations in your system caused by spyware, viruses, or human error.”

Sounds a bit like HijackThis, the free utility from Trend Micro, which has a well deserved reputation for being aggressive in tracking down unauthorized changes that have been made to your system/applications.

Runscanner though, takes this process miles beyond HijackThis, and does so by  using an intuitive approach that casual users*, and experienced users alike, should find easy to work with.

*The only difficulty I see, that casual users might have a problem with is – the enormous volume of information this application is capable of producing. This could make it difficult for a casual user to interpret results.

Runscanner is a simple executable, and no installation is required. Just click on the file, and then choose your mode – beginner or expert.

image

The following screen capture shows the results of a full scan I ran on a Win 7 (32 bit), machine. The only entry I was unfamiliar with was Staropen.sys. Runscanner was right on the job though, with the right click context menu providing access to “lookup” services, as the screen shot below illustrates.

image

I took a look at Staropen.sys using a Google link to the Prevx file investigation site, and found the following: The filename Staropen.sys is used by objects that are classified as safe. It has not yet been seen to be associated with malicious software.

I then uploaded the file to VirusTotal (another context menu option),and VirusTotal reported the following – as shown in the screen shot below.

image

I suspected that this system driver was a component of CDBurner XP, and opening the location (another context menu option), then reading the driver with NotePad, indicated this was correct.

The next part of the test involved generating an online malware analysis report, which generates a massive report on all items which are considered safe, unsafe, whitelisted and additionally, verification of each file’s digital signature.

The screen capture below shows only a tiny (and I do mean tiny), portion of this report. The report is the most comprehensive of any I’ve ever seen, produced by this type of utility.

image

Fast facts:

100+ start/hijack locations

Online malware analysis

Import and export of .run files

Powerful process killer

Save to text log file

Powerful file filtering

Host file editor

History backup / restore

Explorer jump

Analysis of file certificates

Beginner, Expert mode

Bit9 FileAdvisor MD5 lookup

Systemlookup.com lookup

Upload file to VirusTotal

Analyze loaded modules

Google lookup

Runscanner database lookup

Regedit jump

If you are a casual user, one caveat from the developer you should be aware of: Runscanner requires advanced knowledge about Windows. If you delete an item, without knowing what it is, it can lead to major Windows problems. If you are not sure what to delete, post your Run file to a helper forum.

A list of helper forums is available directly from within the application, or here.

System requirements: Windows 2003, Windows 2000, Windows Vista, Windows XP, Windows 7 (according to the developers, the application is x 64 compatible).

Download at: Download.com

Public process list is an additional service provided by the developers. In this list you will be able to browse all processes and files found by Runscanner. Extra information for top processes is added to the database and optional security info is provided by research.

Runscanner has additional capabilities not reviewed here, so I recommend that you take a close look at this freebie. I think you’ll find that it’s worth the effort.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

11 Comments

Filed under 64 Bit Software, Anti-Malware Tools, Diagnostic Software, downloads, Freeware, Geek Software and Tools, Malware Removal, Software, System Utilities, Utilities, Windows 7, Windows Tips and Tools, Windows Vista, Windows XP

11 responses to “Download Free Runscanner – HijackThis On Steroids!

  1. John

    Hi Bill,

    I couldn’t resist the temptation but you know that already.

    I ran this through VT first before downloading and it came up with 1 positive probably false of course but it says ParetoLogic is a malaware site.

    This ParetoLogic has come up quite a few times lately when I run VT first before downloading a new app. Is this something to worry about at all?

    Cheers
    John

    • Hi John,

      You’re misreading the results. ParetoLogic is a site scanner on VirusTotal, and it’s reporting Download.com as a malware site. How crazy is that.

      Do this search again, but this time click on “View downloaded file analysis”, and you get a clean report for the application from all 43 engines. BTW, the ParetoLogic web site is rated as “dangerous” by WOT,

      Best,

      Bill

  2. Mal

    Hey Bill,

    This looks really good, I will try it out for sure.

    Cheers

  3. Gof

    Hello 🙂

    In same case, do you know ZHPDiag ? it allows to generate log for boards, and it can be analysed with a another tool of same autor : ZHPHelpProcess.

    You can find it :
    – ZHPDiag : http://www.premiumorange.com/zeb-help-process/zhpdiag.html
    – ZEB Help Process : http://www.premiumorange.com/zeb-help-process/zhp_tutoriel.html

    It is a french tool of Nicolas Coolman. Many languages available.

    Thanks 🙂

  4. srpgmt

    Hi Bill,
    This is indeed an excellent additional layer of protection since it scans fast & provides detailed information about processes using the combined info & research expertise of Google, Systemlookup, Runscanner, File Advisor & special forums! Many malware get caught out by using such collective expertise. For example one useful caution was – “Some malware might rename itself to gsservice.exe. Always make sure that your file is from a verified publisher”. Thanks for suggesting this

    srp

  5. Pingback: Runscanner a comprehensive review « TTC Shelbyville – Technical Blog