Has anyone tried RunScanner yet, it seems to be a new alternative to HiJackThis.
Here's the tutorial page.

There's not much posted about it anywhere yet.

If any advice helps, please post back as it might help others.

Is this a test to see if you should add it to your website?
I tried it, but it sure doesn't make much sense to me yet.

hijackthis is quite easier as far as I can see so far.

Some HELP in posting on Cnet plus free progs and instructions Glad to Help!

Hi XPUser4Real
As you know I run the Free computer security website nowyoudo.co.uk the final version of RunScanner was released on the 17th, I have tried it and have found it to be more detailed and there is also the RunScanner online malware analysis report included by clicking the link at the top which I think is good for the novice user, and yes I was thinking of adding it to the site, but as it's new not everyone is aware of it's existence and there's not a lot of feedback as to what people think of it.

Cheers Smifff

If any advice helps, please post back as it might help others.

In my view it has the potential to surpass Hijackthis!, as well as AutoRuns.

In beginner mode, it runs like Hijackthis! and allows simple posting of txt logs. There is an added feature of allowing exporting of a binary "run" file.

The idea here is that the novice sends the "run" file to the expert. The expert loads it up via runscanner, marks entries that are bad, and reexports the run file.

The beginner then runs that "run" file in runscanner, and the entries that have being marked bad by the expert will be automatically indicated and marked in runscanner.

In expert mode it is very much useful than Hijackthis! in helping power users.

The main problem with RunScanner is that it lists a *lot* of locations (one of the most comprehensive since it draws from various sources and lists), but this makes it difficult for even an expert to handle.

As such it borrows from autoruns the smart feature of being able to filter out microsoft signed files (since these are almost always safe).

In addition you can also choose to filter out signed files. Altough in theory signed code doesn't mean that you can automatically
trust it (it depends on whether you trust the signer), in practice malware usually isn't signed.

Lastly, you can filter out entries that are whitelisted marked safe in RunScanner's own online database. There are plans to expand this to support free online sources like the databases at Castlecops, maybe even Fileadvisor.

There is also an added function to upload your logs online, but IMHO this function is not very useful, because it doesn't add any useful information. It does however give you a "secret" url, that you can give to an expert, who wants to review the log. Also, unknown entries are periodically monitored and checked by RunScanner experts and if safe are whitelisted.

Other feature like a quick jump to the registry entry, smart formatting of google queries for searching entries, are also similar to Autoruns.

Autoruns also has a ton of other features, including host files listing, process listing and killing abilities (you can kill several mutually protecting processes simultaneously) but they are not as well developed as say Process Explorer obviously.

It is also just one tool in the arsenal, for example it doesn't do Ad streams, port mapping, and like any normal tool it is easily fooled by rootkits (autoruns is slightly less vulnerable).

The main concern with RunScanner is that it is still a fairly immature tool, and is less well tested than older tools like Hijackthis.
So it is likely there might be more bugs.

But as it becomes more popular (a couple of tech forums like geektogo have started to test it), this problem should be reduced.

I have been testing it some. I am not ready to give up having my members run a Hijackthis log just yet. I may however have some of my more computer savy members run it in addition to hijackthis and compare for awhile. Has promise though.

Thanks XpUser4Real, Lusher & ScoobyDoo for your reply's.

I think that the program shows promise from the testing I have done, I've just got to find some poor souls computer that's riddled with spyware now, as detecting it, is not the same as removing it.

A lot of thought has obviously gone into the making of this program, not just in the program itself, but in the aftercare side as well, the online malware analysis, the links to forums to post your logs etc

I like the right click options but I would still like to see a fix the checked button added.

I've added RunScanner to the nowyoudo website as I think it's another useful tool in the fight against malware

Smifff

If any advice helps, please post back as it might help others.

Given that RunScanner is a new tool, I would second the opinion of ScoobyDoo to run it along side other similar tools like AutoRuns, Hijackfree, Hijackthis! and carry out a comparison with RunScanner.

I have carried out some comparisons, and several bugs (not just in RunScanner) have being uncovered as a result.

Testgfdjghjghgfd