Category Archives: System Process Scanners

Runscanner – Aggressively Queries Your System And Applications For Unauthorized Changes

image

The developers of Runscanner describe this freeware utility as having been designed to “detect changes and misconfigurations in your system caused by spyware, viruses, or human error.”

Sounds a bit like HijackThis, the free utility from Trend Micro, which has a well deserved reputation for being aggressive in tracking down unauthorized changes that have been made to your system/applications.

Runscanner though, takes this process miles beyond HijackThis, and does so by  using an intuitive approach that casual users*, and experienced users alike, should find easy to work with.

*The only difficulty I see, that casual users might have a problem with is – the enormous volume of information this application is capable of producing. This could make it difficult for a casual user to interpret results.

Runscanner is a simple executable, and no installation is required. Just click on the file, and then choose your mode – beginner or expert.

image

The following screen capture shows the results of a full scan I ran on a Win 7 (32 bit), machine. The only entry I was unfamiliar with was Staropen.sys. Runscanner was right on the job though, with the right click context menu providing access to “lookup” services, as the screen shot below illustrates.

image

I took a look at Staropen.sys using a Google link to the Prevx file investigation site, and found the following: The filename Staropen.sys is used by objects that are classified as safe. It has not yet been seen to be associated with malicious software.

I then uploaded the file to VirusTotal (another context menu option),and VirusTotal reported the following – as shown in the screen shot below.

image

I suspected that this system driver was a component of CDBurner XP, and opening the location (another context menu option), then reading the driver with NotePad, indicated this was correct.

The next part of the test involved generating an online malware analysis report, which generates a massive report on all items which are considered safe, unsafe, whitelisted and additionally, verification of each file’s digital signature.

The screen capture below shows only a tiny (and I do mean tiny), portion of this report. The report is the most comprehensive of any I’ve ever seen, produced by this type of utility.

When you click on the screen capture below, to expand to the original size, you’ll notice that I’ve queried  Nitro PDF Spool Service. Rather than go directly to the site, instead, I’ve used COOL Previews to gather the relevant information. If you’re not yet familiar with COOL Previews – you can read a review of this outstanding time saver here – Surf Smarter – Take A Sneak Peek At Links With CoolPreviews Firefox Add-on.

image

Fast facts:

100+ start/hijack locations

Online malware analysis

Import and export of .run files

Powerful process killer

Save to text log file

Powerful file filtering

Host file editor

History backup / restore

Explorer jump

Analysis of file certificates

Beginner, Expert mode

Bit9 FileAdvisor MD5 lookup

Systemlookup.com lookup

Upload file to VirusTotal

Analyze loaded modules

Google lookup

Runscanner database lookup

Regedit jump

If you are a casual user, one caveat from the developer you should be aware of: Runscanner requires advanced Windows knowledge. If you delete an item, without knowing what it is, it can lead to major Windows problems. If you are not sure what to delete, post your Run file to a helper forum.

A list of helper forums is available directly from within the application, or here.

System requirements: Windows 2003, Windows 2000, Windows Vista, Windows XP, Windows 7 (according to the developers, the application is x 64 compatible).

Download at: Download.com

Public process list is an additional service provided by the developers. In this list you will be able to browse all processes and files found by Runscanner. Extra information for top processes is added to the database and optional security info is provided by research.

Runscanner has additional capabilities not reviewed here, so I recommend that you take a close look at this freebie. I think you’ll find that it’s worth the effort.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Comments Off on Runscanner – Aggressively Queries Your System And Applications For Unauthorized Changes

Filed under 64 Bit Software, downloads, Freeware, Geek Software and Tools, Malware Removal, Manual Malware Removal, Software, System Process Scanners, System Utilities, Utilities, Windows Tips and Tools

Process Hacker 1.9 – Easier Control Over Windows Processes

If you’re running on Windows 7, no doubt you’ve noticed significant benefits in running this operating system over previous versions of Windows. One of the small improvements, in my view , is an improvement in the Windows Task Manager tool, which finally shows “running processes”.

Still, Windows Task Manager continues to fall far short of providing me with all the information that I really need to control my system more effectively.

Process Hacker 1.9 (release date, December 30, 2009), is  a free (open source), Windows Task Manager replacement which takes up the challenge where Windows Task Manager leaves off.

Installation and setup is simple – just follow the bouncing ball.

Process Hacker 1

Process Hacker 2

A very simple interface makes it easy to use Process Hacker (for both novices and pros alike), to manage computer resources and yet, this application is packed with features.

Process Hacker 3

Fast facts:

Presents information clearly – A simple, customizable tree view with highlighting which shows the processes running on your computer.

Comprehensive information for all processes.

Provides a range of process termination methods – Process Hacker can terminate, suspend, resume, restart and set the priority of processes. Processes are highlighted to provide additional information such as whether they are elevated or in a job. More interesting things you can do with processes include injecting DLLs and even replacing security tokens (XP only).

Detailed performance graphs.

A list of network connections – since I like to check my ports and connections frequently, I found this very helpful.

Finds hidden processes and allows you to terminate them. Process Hacker detects processes hidden by simple rootkits such as Hacker Defender and FU.

Modules – It can display the modules loaded by each process and their properties. It can also find the address of any exported function in a module, change page protection of the module’s memory region, and read the module’s memory.

Threads – It can also terminate, suspend, resume and set the priority of threads. Symbolic start addresses are provided, and double-clicking a thread will show its call stack.

Additionally, GUI threads (threads which have made at least one call to a GUI function) are highlighted.

Search – Process Hacker also supports saving memory search results and even intersecting (finding common items between) two sets of search results.

Handles – It can display the handles opened by processes and can close them.

Memory – It can display the memory regions in a process’ virtual memory space, and even read/write data using a built-in hex editor.

Token – It can display each process’ primary token and its user, source, groups and privileges. It even allows you to enable and disable privileges.

Following an earlier review of Process Hacker, a reader familiar with this application commented:

“Very useful tool, Bill. I really like the way in which the information is presented, it’s very easy to understand and has plenty of very useful features. The “search online”  feature is particularly useful to have, better than ProcessQuickLink, for me”.

The following is from a PC World review:

“Process Hacker is an astoundingly useful and full-featured tool for monitoring and, yes, hacking ongoing processes on your PC. There is an astonishing amount of functionality crammed into a clean, well-designed, interface”.

Systems Requirements: Windows XP, Windows Vista, Windows 7 – 32-bit or 64-bit.

Additional Requirements: Microsoft .NET Framework 2.0

Note: Certain functionality including detection of hidden processes, full control over all processes, and the ability to protect/unprotect processes is only available on 32-bit systems.

Recommendation: If you need information on what’s running on your system, system resource usage, or evaluating application performance, then Process Hacker is definitely worth taking a look at.

Overall I think this is a terrific free application and I have added it to my geek toolbox. Since malware can often restrict access to the Windows Task Manager, this application is good insurance to have handy.

Special note: Provides full control over all processes, even processes protected by rootkits or security software. You can find hidden processes and terminate them. Process Hacker detects processes hidden by simple rootkits such as Hacker Defender and FU.

Download at: SourceForge

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

5 Comments

Filed under downloads, Freeware, Geek Software and Tools, Open Source, Software, System Process Scanners, Utilities, Windows 7, Windows Task Manager Replacement, Windows Tips and Tools

Anvir Task Manager – Portable and Free

Popular guest writer Rick Robinette, is more than a little enthusiastic about Anvir Task Manager Free; a task manager with an insane list of options and features that gives you full control of your computer.

image

I love playing around with the various task managers and this one is no exception. As a matter of fact, I put Anvir Task Manager into the exceptional category for task managers.

If you dare to try this task manager, I encourage you to download the portable version that requires no installation. Simply download [ link ] AnVir Task Manager Free Portable, unzip the archive and run.

What I find interesting about this task manager is that it it like finding easter eggs. In conjunction with the normal monitoring features you find in a task manager (such as Startup, Applications, Processes, Services, etc…), AnVir has some hidden features such as a tweaker that gives you access to hundreds of Windows XP and Vista settings.

Another feature for example; Anvir Task Manager, when running in the background, places (3)-three small buttons adjacent to the minimize, restore and close button at the top right corner any window you have open.

One button allows you to minimize the window to the system tray, another allows you to pin the window so that it stays on top and another minimizes the window to a square floating icon on your desktop. Another easter egg buried in this task manager is the ability to generate a HiJackThisPro log that can be used for online troubleshooting assistance.

Anvir Task Manager, when running will place a couple icons in your system tray. One icon readily gives you your CPU Usage and Processes; and another icon readily gives you a drive listing, disk load of each drive and free space on each drive. If you “right mouse click” on either of the icons, you can preview a list of most recently launched programs.

An option to definitely explore is that you can “Check any file with AntiViruses on Virus Total” which is handy when you need to analyze a suspicious file. Analysis of suspicious files can be quickly accomplished when troubleshooting file sources in the startup, processes and services areas.

For a complete feature list (see below). Anvir Task Manager is available in a FREE edition and several paid editions (Task Manager, Task Manager Pro, Security Suite). Click [ here ] to compare the various editions. For everyday use, the AnVir Task Manager Free Portable Edition should be sufficient to meet your diagnostic needs.  Overall this app is my choice task manager.

image

Features of the FREE edition:

Basic Security analysis of processes, startup programs and Windows services

Startup monitor: alerts on new startups, block undesired startup programs

Check files on VirusTotal.com with 30+ antivirus engines

Startup manager: manage all programs running on startup including services and Internet Explorer toolbars

Save HijackThis log with additional info

Tweaker that gives direct access to hundreds of XP / Vista settings including settings that cannot be accessed in Windows at all without editing the registry directly

Drive’s free space as a colored horizontal bar in Windows “My Computer” (Vista style icons on Windows XP)

Click on title of any application:

  • hide window to system tray
  • make window semi-transparent
  • pin window ‘always on top’
  • change window size to 640×480, 800×600, 1024×768
  • change priority of the process

List of recently used folders in “Open”/”Save” dialogs

Minimize windows to system tray and save taskbar space

Quick access to last launched programs and last opened folders in system tray

Monitor processes, services, Internet connections, CPU, disk, memory, DLLs, drivers,locked files, windows

Icons and tooltips in tray for CPU, memory, network, disk load, HDD temperature, and battery

Find locked files and DLL

Log of processes start and stop

Graph of processor, memory and disk activity for each process and for computer

Compatible with all popular antivirus, complement antivirus software or make it unnecessary

Can replace Windows Task Manager

Can run as portable application

This is a guest post by Rick Robinette, who brings a background as a security/police officer professional, and as an information technology specialist to the Blogging world.

Why not pay a visit to Rick’s site at What’s On My PC. Like me, you’re sure to become a frequent visitor.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

4 Comments

Filed under Anti-Malware Tools, Computer Maintenance, downloads, Freeware, Manual Malware Removal, Software, System Process Scanners, System Utilities, Utilities, Windows Tips and Tools

Process Hacker 1.5 – A Worthwhile Windows Task Manager Replacement

As I have mentioned here previously, running on Windows 7 has loads of benefits over running on Windows XP Pro, including an improvement in the Windows Task Manager tool, which finally shows “running processes”. Still, Windows Task Manager continues to fall far short of providing you with all the information that you really need.

Process Hacker 1.5 is yet another free (open source), Windows Task Manager replacement which takes up the challenge where Windows Task Manager leaves off.

Installation and setup is simple – just follow the bouncing ball.

Process Hacker 1

Process Hacker 2

A very simple interface makes it easy to use Process Hacker 1.5, for both novices and pros, to manage computer resources, yet this application is packed with features.

Process Hacker 3

Fast facts:

Presents information clearly – A simple, customizable tree view with highlighting which shows the processes running on your computer.

Comprehensive information for all processes.

Provides a range of process termination methods – Process Hacker can terminate, suspend, resume, restart and set the priority of processes. Processes are highlighted to provide additional information such as whether they are elevated or in a job. More interesting things you can do with processes include injecting DLLs and even replacing security tokens (XP only).

Detailed performance graphs.

A list of network connections – since I like to check my ports and connections frequently, I found this very helpful.

Finds hidden processes and allows you to terminate them. Process Hacker detects processes hidden by simple rootkits such as Hacker Defender and FU.

Modules – It can display the modules loaded by each process and their properties. It can also find the address of any exported function in a module, change page protection of the module’s memory region, and read the module’s memory.

Threads – It can also terminate, suspend, resume and set the priority of threads. Symbolic start addresses are provided, and double-clicking a thread will show its call stack.

Additionally, GUI threads (threads which have made at least one call to a GUI function) are highlighted.

Search – Process Hacker also supports saving memory search results and even intersecting (finding common items between) two sets of search results.

Handles – It can display the handles opened by processes and can close them.

Memory – It can display the memory regions in a process’ virtual memory space, and even read/write data using a built-in hex editor.

Token – It can display each process’ primary token and its user, source, groups and privileges. It even allows you to enable and disable privileges.

Systems Requirements: Windows XP, Windows Vista, Windows 7 – 32-bit or 64-bit.

Additional Requirements: Microsoft .NET Framework 2.0

Note: Certain functionality including detection of hidden processes, full control over all processes and the ability to protect/unprotect processes is only available on 32-bit systems.

Recommendation: If you need information on what’s running on your system, system resource usage, or evaluating application performance, then Process Hacker is definitely worth taking a look at.

Overall I think this is a terrific free application and I have added it to my geek toolbox. Since malware can often restrict access to the Windows Task Manager, this application is good insurance to have handy.

Download at: PC World

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

10 Comments

Filed under downloads, Freeware, Geek Software and Tools, Open Source, Software, System Process Scanners, System Utilities, Utilities, Windows 7, Windows Task Manager Replacement, Windows Tips and Tools, Windows Vista, Windows XP

Maintain Your Machine – 10 + 1 Free Computer System Tools

Renovate Your Computer With 10 + 1 Free System Tools

As well as keeping your machine physically clean, it is always good practice to keep your computer’s operating system and subsystems clean, so that you can get maximum performance from your machine.

With that in mind, I retested some of the free system tools I’ve rated and recommended over the last year or more, that will do a great job of revitalizing your system. These free applications are “the best of breed”, in my view.

If you have favorites that you’d like to see added to this list, then let me know with your comments.

CCleaner

CCleaner is a freeware system optimization, privacy and cleaning tool. It removes unused files from your system – allowing Windows to run faster and freeing up valuable hard disk space. It also cleans traces of your online activities such as your Internet history. Additionally, it contains a fully featured registry cleaner. But the best part is that it’s fast; normally taking less than a few seconds to run.

ccleaner2

Glary Utilities

Glary Utilities, a free all-in-one utility, is a terrific collection of system tools and utilities to fix, speed up, maintain and protect your PC. Personal experience with this application for the last 18 months has convinced me that a typical user can really benefit by having this application on their system. With this free program you can tweak, repair, optimize and improve your system’s performance; and its ease of operation makes it ideal for less experienced users.

glary-utilities 2

Advanced SystemCare Free 3.3.4

Advanced SystemCare Free is a comprehensive PC care utility that takes a one-click approach to help protect, repair, and optimize your computer. It provides an all-in-one and super convenient solution for PC maintenance and protection. All work will be done with 1 click and 1 minute.

image

WinPatrol

Do you want to get a better understanding of what programs are being added to your computer? Then WinPatrol is the program for you. With WinPatrol, in your system tray, you can monitor system areas that are often changed by malicious programs.

You can monitor your startup programs and services, cookies and current tasks. Should you need to, WinPatrol allows you to terminate processes and enable, or disable, startup programs. There are additional features that make WinPatrol a very powerful addition to your security applications.

WinPatrol 2

Revo Uninstaller

Revo Uninstaller is a superior program to uninstall programs from your computer. This free program with its advanced and fast algorithm scans before, and after you uninstall an application. After the program’s regular uninstaller runs, you can remove additional unnecessary files, folders and registry keys that are usually left over on your computer. This feature is a definite plus.

RevoUninstaller

RunAlyzer

If you’re looking to track down spyware, or speed up system startup–and you’re technically astute–then RunAlyzer may be just what you need. Run it, and it performs a thorough analysis of all programs and services that run when you start up your computer.

Note: Recommended for advanced users only.

image

Autoruns

This free utility has the most comprehensive knowledge of auto-starting locations of any startup monitor, in my view, and shows you what programs are configured to run during system boot up or login, and the order Windows processes them.

These programs will include ones in your startup folder, Run, RunOnce, and other Registry keys. You can configure Autoruns to show additional locations, including Explorer shell extensions, toolbars, browser helper objects, Winlogon notifications, auto-start services, and more. Autoruns goes considerably beyond the MSConfig utility bundled with Windows.

Autoruns

Regseeker

The longer you use Windows, the more cluttered your registry can become, especially if you regularly install and uninstall software. Many applications, on being uninstalled, leave behind “orphan” registry entries. They don’t remove all traces of themselves which can cause problems such as sluggish performance, system lockups, or a bloated registry that takes longer to load on startup. With the click of a button, Regseeker will scan your registry for these fragmented files, and safely remove them.

Note: Recommended for advanced users only.

reg-result 2

Wise Registry Cleaner

Wise Registry Cleaner is a free, non aggressive application that, as one of my friends says, hits a home run in the safety department. As it searches the Registry for obsolete/redundant registry keys, it differentiates between those that are “safe to fix”, and those that are “not fully safe to fix”.

To provide the greatest safety factor for those who are uncomfortable, or unfamiliar, with cleaning the Registry, the application’s default removal setting is “safe to fix”.

wise-registry-cleaner 2

Fresh UI

One of the oldest and most well established free Windows tweaking applications, Freshdevices’ Fresh UI is a powerful tool that allows you to configure and optimize your version of Windows.

This small (1.24 MB) program has a clean, easy to understand interface that gives you access to hundreds of system settings, some of which are hidden, and others that are just hard to find. The interface is organized by section for easy navigation, and it is complete with detailed descriptions for easy reference.

FreshUI 2

Auslogics Disk Defrag

The program is extremely easy to use, does not require any analysis phase and is faster than most disk defragmentation software I’ve tested in the past, and it’s free. In my view, it’s one more maintenance process in helping me get the maximum performance out of my hardware.

auslogics_disk_defrag

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

12 Comments

Filed under Cleaning Your Computer, Computer Maintenance, Disk Cleaners, Freeware, New Computer User Software Tools, Older Adult Computer Users, Registry Cleaners, Slow Computer, System Process Scanners, System Tweaks, System Utilities, Uninstall Managers, Uninstall Tools, Utilities, Windows Tips and Tools

Replace Task Manger with Free System Explorer

Windows Task Manager falls far short of providing me with the information that I really need to monitor activity such as running tasks, processes, modules, system performance, open files, and particularly open Internet connections on my computer systems.

While there are a number of free tools available, that taken together, can provide information on any of the above, my preference has always been for an all-in one application that provides me with all the information.

Recently, I came across just such a free application; one that gives me all that I need, and more; all in a small package. System Explorer, not only monitors activity as described above but in addition, with a right menu click, provides online information including virus checking for any process, driver or service, from VirusTotal or Jotti.

(Click image for larger image)

Since I am by nature a security freak when it comes to system security on the Internet, System Explorer’s ability to provide me with details on file and process via online databases, and automatic security checking of processes, modules and selected files, is a real bonus.

If you are the type of computer user whose comfort level demands full knowledge of your system’s operations then this neat little program shouldn’t disappoint.

For those users’ who like to carry diagnostic programs on a USB flash drives a portable version is also available.

(Clck image for larger image)

Fast facts:

Detailed information on Tasks, Processes, Modules, Startups, IE Add-ons, Uninstallers, Services, Drivers, Connections and Opened Files

Easy check of suspicious files via VirusTotal or Jotti

Easy search details on file/process via online databases

Security Extension for automatic check on processes, modules and selected files

Action History for monitoring processes activities

Performance graphs for monitoring usage of system resources

System Snapshots to monitor system changes

System Report builds rich text report on system

Multilanguage

Plugins Support

System Requirements: Windows XP, Vista

System Explorer is free for both personal and commercial use.

Download at: FileForum

1 Comment

Filed under Diagnostic Software, Freeware, Geek Software and Tools, Portable Applications, Security Rating Applications, Software, Spyware - Adware Protection, System Process Scanners, System Security, System Utilities, USB, Windows Tips and Tools

Risk Rate Running Processes – Free Security Process Explorer

Glarysoft, the developer’s of the powerful, free system tool Glary Utilities (which should be part of every casual/intermediate computers users’ toolbox), also offers a free enhanced task manager; Security Process Explorer. This application though, is better suited to experienced or advanced computer users.

Security Process Explorer operates very much like A-squared HiJackFree but with an additional twist. Operating as an enhanced task manager, the program provides advanced risk information about programs, and processes, running on your computer.

The program displays all the usual task manager information, including file name, directory path, description, CPU usage, and so on. What sets the application apart is the unique security risk rating that is applied to running programs and processes.

The major caveat here however is, the user must make the decision whether a particular process, or program, should be terminated or removed. Thankfully, you can get help in making that decision by clicking on the More Info Tab. Doing so, opens Glarysoft’s web based database where additional information about the specific program/process can be obtained, along with a risk factor for that inquiry.

If you make a mistake, the application offers a way out. Just go to the Edit Tab and reverse the action.

Using Security Process Explorer you can easily find and remove unnecessary background processes. As well, you can assign more resources to demanding processes like games, real-time multimedia applications and CD writing software, where necessary.

Quick facts:

Provides detailed information about all running processes

Specifies whether a process is safe or not

Single click process termination

Block unneeded processes or malware

Simple user interface

If you are an experienced/advanced computer user (sometimes know as a geek), and you’re looking for a program to strengthen your anti-malware resources, then Security Process Explorer is one that’s worth taking a look at.

Download at: Download.com

1 Comment

Filed under Anti-Malware Tools, Freeware, Geek Software and Tools, Manual Malware Removal, Security Rating Applications, Software, System Process Scanners, System Security, System Utilities, Utilities, Windows Tips and Tools