Systemscan [ Win 2000/XP/Vista/Win 7 ]

holifay · **Inviato:** mar 10 ott, 2006 11:45 pm

Download SystemScan (nome random) cliccando sull´immagine
Ultima release 3.6.7 del 15 Novembre 2009 (21.00). Download totali dal 10/10/06:

Download SystemScan (random name) by clicking on the icon
Last release 3.6.7 - 15th November 2009 (21.00). Total downloads from 10/10/06: Immagine

Download SystemScan

La quida di Systemscan è disponibile qui
Systemscan guide and usage notes are available here.

English translation at bottom

Systemscan è una utility freeware di scansione del PC per Windows XP e 2000. Utile per scoprire e rimuovere manualmente eventuali infezioni da adware, trojan, worm e rootkit. Systemscan analizza e riporta:

Cita:

- chiavi di avvio del registro (recuperate direttamente dagli hives)
- lista degli utenti e degli amministratori
- elenco dei file recenti (da 30 a 120 giorni)
- elenco delle cartelle BAK e dei file con nome duplicato
- autoplay settings e ricerca dei file autorun.inf
- scheduled tasks
- lista dei Browser helper objects (BHO)
- urlsearchhooks
- EFS dumping (ricerca dei file criptati)
- componenti attivi installati
- processi in esecuzione con le dll richiamate
- elenco dei servizi e driver di sistema attivi
- lista dei servizi e dei driver di sistema non attivi
- processi contenuti in svchost.exe
- ricerca degli Alternate Data Streams
- oggetti nascosti (file. servizi, processi)
- presenza del kernel rootkit Rustock B
- check presenza rootkit nel Master Boot Record
- file hosts di windows
- impostazioni di rete (DNS usati, Gateway..)
- porte aperte e indirizzi remoti
- elenco delle risorse condivise
- impostazioni RAS per accesso remoto e connessioni RAS
- domini e IP affidabili della "Trusted Zone" di Internet Explorer
- ricerca file compressi con Upx, FSG, Polycrypt, Upack e altri
- elenco delle applicazioni installate
- possibilità di includere il log di Hijackthis (se trovato sul PC)

Il log viene salvato con il nome di report.txt nella cartella suspectfile sul Desktop. Ogni report è archiviato come file zip, con indicazione della data e ora della scansione.

---------------ENGLISH-----------------------

Systemscan is a little utility for Windows XP and 2000 usefull to reveal and manually remove infections from adware, trojan, worm and rootkits. Systemscan can check and list:

Cita:

- registry run keys (from hives)
- users list with administrator privileges
- recent files (from 30 to 120 days)
- duplicate files in BAK folders
- autoplay settings and lists of autorun.inf files
- scheduled tasks and active jobs
- Browser helper objects (BHO)
- urlsearchhooks
- EFS dumping (list of crypted files)
- installed components
- tasks with dlls
- running and NOT running service
- device driver services
- svchost.exe instances
- alternate data streams
- hidden things (files, services and tasks)
- kernel rootkit Rustock B
- checking of rootkit presence in the Maters Boot Record
- windows HOSTS file
- network settings (DNS, gateway)
- open ports and remote addresses
- list of shared resources
- RAS connection and settings
- trusted domains and IPs in the IE Trusted Zone
- suspicious files: compressed with UPX, FSG, Polycrypt, Upack and others
- list of installed applications
- possibility to include HijackThis log (if found on PC)

It creates and popups the report.txt in a suspectfile folder on Desktop. All reports are archived as zip files with indication of the date and scanning time.

holifay · **Inviato:** mar 27 mar, 2007 10:39 am

Release 2.024 (27th march):

- added "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe". This key is used by Linkoptimizer.B http://www.suspectfile.com/blog/?postid=25

- improved RustockB detection

bReAKdOWn · **Inviato:** lun 16 apr, 2007 4:04 pm

Release 3.0 (16th April):

Codice:

- Risolto il  problema del report.txt non creato su alcuni sistemi con problemi nel VB Scripting.

- SystemScan verifica all'avvio  che il gruppo di utenti Administrators possegga il seDebugPrivilege, e lo riabilita ove necessario (richiede un riavvio).

- Implementati accorgimenti  per impedire ad alcuni malware di terminare l'esecuzione del programma .

- Aggiunta all'inizio del log la versione del sistema operativo, comprensiva dei service pack installati.

- La scansione  dei file recenti è ordinata per data e mostra per ogni elemento il numero dei giorni trascorsi dall'ultima modifica e gli attributi.
Sono state aggiunte alla ricerca nuove cartelle di sistema, ed è possibile impostare l'intervallo temporale a 30, 60, 90 o 120 giorni.

- Inserita nel log la lista degli utenti presenti nel sistema, comprensiva dei privilegi di amministratore.

- Cambiato l'ordine delle chiavi di registro incluse nel log e aggiunte molte nuove chiavi e voci.

- Aggiunte al log le voci presenti nel file hosts.

- Aggiunta la ricerca dei duplicati di tutti i file posti nelle cartelle bak.

- Modificato il formato della scansione delle istanze di svchost con una rappresentazione ad albero.

- Aggiunta la scansione con Process Walker nella sezione hidden objects.

- Aggiunto il supporto alla nuova versione di HijackThis.

- Aggiunta l'ora della scansione al nome dell'archivio del report. 

- SystemScan utilizza NSIS NullSoft Scriptable Install System

-------------------------------

- Fixed problem with report.txt not being written correctly on systems with broken scripting support.

- SystemScan now checks if Administrator group has seDebugPrivilege, and restores it if needed. (requires reboot)

- Added some for preventing some malwares from terminating SystemScan process.

- Operating system version and service packs installed have been included at the beginning of the report.

- The recent files list is now sorted by date and shows the age and attributes of each file. New system folders have been added and it's now possible to set the scanning interval to 30, 60, 90 or 120 days.

- Added to the report the list of the user accounts available on the system.

- The registry keys logged into the report have been sorted by relevance. Many new keys and values have been added.

- Added to the report all valid entries in the hosts file.

- Added an option to search for duplicates of files found in bak folders.

- Modified the svchost instances output. (tree view)

- Added a scan with Process Walker to the hidden objects section.

- Added support for the new HijackThis 2.0b version.

- Added the time of scanning to the report file name.

- SystemScan now uses NSIS: NullSoft Scriptable Install System.

holifay · **Inviato:** dom 29 apr, 2007 9:11 pm

Version 3.0.1

Fixed two bugs: one of them related to the AppInit_DLLs value that was not correctly listed.

holifay · **Inviato:** lun 07 mag, 2007 12:04 pm

Version 3.0.2

Fixed some bugs

holifay · **Inviato:** lun 28 mag, 2007 1:23 pm

Version 3.1.0

### Added these keys

Cita:

HKLM\Software\Microsoft\Internet Explorer\AdvancedOptions
HKCU\Software\Microsoft\Internet Explorer\AdvancedOptions\
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2

### Added size of recent files found

### Improved section of Scheduled Tasks: now are listed the active jobs and last executed jobs

### Added "Autoplay settings" section: it will decode the DWORD vaue "noDriveAutorun" and search for all autorun.inf files

### Added "Network settings" section with this features:

Cita:

- winsock dlls list
- DNS, proxy and gateway used
- open ports and connections
- shared resources
- RAS settings

### Added "Installed Applications" list

### Little changes in the GUI and minor bugs fixed

holifay · **Inviato:** sab 02 giu, 2007 6:12 pm

Version 3.1.1 (01 june 2007)

### improved RustockB detection

holifay · **Inviato:** gio 07 giu, 2007 12:50 pm

Version 3.1.2 (07 june 2007)

### improved rootkit detection: updated catchme tool ("hidden objects" option) to 0.3.721 version

holifay · **Inviato:** sab 30 giu, 2007 6:03 pm

Version 3.2.0 (30/06/07)

### services and drivers are now dumped directly from registry hives: this should allow systemscan to see also hidden services. Previous tool (Windows Service Finder) is not used now.

### Searching of suspicious files is now much faster: previous tool (xfind) is not used now.

### addedd %TEMP% and %APPDATA% folders in "Recent files" scanning

holifay · **Inviato:** lun 08 ott, 2007 12:42 pm

Version 3.2.1 (8/10/07)

### improved rootkit detection (catchme updated)
### improved Rustock rootkit detection (new services added)
### added disclaimer at startup*
### added files in Startup folders for all users
### ADS searching tool Streams (sysinternals) replaced now with LADS. The output is now easier to read. Zone.Identifier ADS are now skipped.

*NOTE: As was noticed that in certain circumstances (thanks to "Al è qui" from Alground) SystemScan could report in the final log some data that could be considered "sensitive", we decided to add a disclaimer to inform users about this possibility. No data is obviously sent in any way to external servers or web locations from SystemScan, however it is of common practice uploading SystemScan report.txt to the web for someone to analyze it. With this release all email addresses that could be found and reported during Rootkit scan (most of all when messenger is running) should be masked in the final log.

holifay · **Inviato:** mer 10 ott, 2007 9:00 pm

Release 3.2.2 (10/10/07)

### fixed a minor bug in "PC accounts" scan.

holifay · **Inviato:** mar 08 gen, 2008 10:11 pm

relesase 3.2.3 8 January 2008

### updated the tool catchme to release n° 0.3.1344 for an improved rootkit detection
### added a procedure to allow SystemScan to automatically check for updates
### it is no longer necessary to put SystemScan file in the desktop to run it as a system task
### fixed a bug related to the lack of SeDebugPrivilege, if the case now it should be correctly granted

holifay · **Inviato:** sab 12 gen, 2008 3:51 pm

release 3.3.0 12th January 2008

### removed external tool "LADS" to detect Alternate Data Streams
### added "MBR rootkit detector" by GMER
### added HKLM/Software/Microsoft/Shared Tools/MSConfig/startupreg registry run keys
### fixed a bug of release 3.2.3 in the "Network Settings" section

holifay · **Inviato:** lun 04 feb, 2008 6:08 pm

release 3.5.0 4th February 2008

### added the removal tool "The Avenger" from Swandog46

bReAKdOWn · **Inviato:** sab 05 apr, 2008 1:17 pm

release 3.5.5 5th April 2008

### updated GMER's MBR fix tool
### added complete path to .job files list
### services and drivers are now divided in two separate lists
### removed last FOUR digits of phone numbers found in rasphone.pbk
### report is now saved in a suspectfile folder on desktop instead of %systemdrive%\suspectfile
### added Windows Vista detection
### fixed bug preventing the zip version of the report from being created on systems with certain locale settings
### minor changes to log layout

Warning: Starting from this version, the report file is saved in a "suspectfile" folder on DESKTOP and is no longer available in %systemdrive%\suspectfile (ie: C:\suspectfile, D:\suspectfile, and so on)

Systemscan [ Win 2000/XP/Vista/Win 7 ]

Chi c’è in linea