Release Notes
What's New in FreeFixer 0.54
- FreeFixer now scans
Winlogon.exe modules.
- Minor updates to the code to support the upcoming 64-bit version of FreeFixer.
What's New in FreeFixer 0.53
What's New in FreeFixer 0.52
- FreeFixer now scans Autorun.inf files.
- FreeFixer will now check the
NoChangingWallpaper,
NoActiveDesktopChanges,
NoSetActiveDesktop and
Wallpaper settings.
- FreeFixer no longer checks for the WSPStartup and NSPStartup
exports while deleting dynamic link libraries. This was previously used to identify
transport and namespace service provider
and prevent deletion of these library since it could break the Internet connection. However, since FreeFixer can
remove missing transport and namespace service providers from the provider chain
this check is no longer needed.
- If a missing transport or namespace service provider
.DLL is identified, FreeFixer reports that removing the missing provider can repair a broken Internet connection.
- Files identified as a UserInit will only have a delete checkbox when presented under the UserInit section of the scan result.
This will allow FreeFixer to properly restore the UserInit registry value if necessary.
What's New in FreeFixer 0.51
- FreeFixer now scans the Windows Security providers.
- FreeFixer will now ask the user to upload a crash dump when an
assertion fails.
Previously the assertion message was displayed in a message box. This change will be of great help to
track down remaining defects in the FreeFixer application.
- Fixed a bug where FreeFixer halted the scan with an assertion message saying
string(value.get()).size() == valueSize
, when trying to enumerate a registry value
with an embedded ASCII 0.
- Fixed a minor issue where FreeFixer halted the scan with the following
assertion failed message:
_key != 0
. This problem only appeared
on systems infected with a particular rootkit that was hooking the Windows
Registry functions.
What's New in FreeFixer 0.50
- FreeFixer will now check if there's a
settings.txt file located in the same directory
as freefixer.exe. If so, that settings file will be used instead of
C:\Documents and Settings\%USERNAME%\Application Data\FreeFixer\settings.txt.
This feature is added to better support FreeFixer as a portable application. Now you can put FreeFixer
on your USB stick and all settings will be loaded and saved to the USB.
- FreeFixer now opens the default browser instead of Internet Explorer when clicking the "more info" links
in the scan result.
- Added the following companies to the trusted list. Files signed by these companies will appear
greenlisted in FreeFixer scan result: AT&T Services, Inc., ATI Technologies, Inc, Agnitum Ltd., Authentium, Inc., Authentium, inc, Autodesk, Inc,
BITDEFENDER LLC, BillP Studios, BitTorrent Inc, Blizzard Entertainment, Cisco Systems, Inc., Cisco-Linksys LLC, Citrix Systems, Inc,
Comodo Security Solutions, Comodo Security Solutions, Inc., Computer Associates International, Creative Labs Inc, Dell Inc, Dell Inc.,
Dell Incorporated, Doctor Web Ltd., Hewlett-Packard, InstallShield Software Corporation, Lenovo (United States) Inc., Lexmark International, Inc.,
Macromedia, Inc., Malwarebytes Corporation, Microsoft Corporation MSN, Microsoft Windows 2000 Publisher, Motorola,
NVIDIA Corporation, National Instruments Corporation, Nero AG, Nitro PDF Software, Nokia, Norman ASA, Opera Software ASA,
PGP Corporation, Panda Security S.L, Panda Software International, Prevx, Raxco Software, Inc., Secunia,
Sony Corporation, Sony Ericsson Mobile Communications AB, Sophos Plc, Spotify Ltd, Synaptics Incorporated, Sysinternals,
TOSHIBA CORPORATION, TeamViewer GmbH, Valve, WinZip Computing and Zone Labs, Inc.
- FreeFixer will now add
c:\windows\system32\userinit.exe, to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, UserInit, if it is missing, while
removing unwanted programs from the UserInit startup location.
- Fixed a minor bug in the history section of the FreeFixer log,
where an extra carriage return was added between the items.
- Version information is now added to the freefixersetup.exe file.
- The installer no longer shows language options.
What's New in FreeFixer 0.49
- FreeFixer now tracks the changes it does to the registry and file deletions.
These changes are reported in the
end of the FreeFixer log, located under 'History'.
- Added settings to enable and disable scan locations.
- FreeFixer now adds
End of FreeFixer log
to clearly show where the log file ends.
- FreeFixer now ignores NTFS reparse points when scanning
recently modified or created files. This fixes
three issues: 1) where FreeFixer never finished the scan when running into
a drive that has itself mounted. For example, if C:\ had been mounted into C:\mydrive\.
2) where scanning of recently modified or created files
moved on to scan files that were not really on any of the system's fixed drives. 3)
where FreeFixer reported an access denied message (on Windows Vista/2008/7) for
some reparse points, such as
Problems opening folder 'c:\Documents and Settings' to enumerate files.
System error message: Access is denied. Error code: 5.
- Fixed a bug in FreeFixer's icon extraction code which could result in
reading inaccessible memory when extracting an icon from a malformed executable file.
- Fixed a bug in FreeFixers's scan for
recently modified or created files which under some
conditions never finished. This could occur when the FindNextFile API failed with
another error code than ERROR_NO_MORE_FILES.
What's New in FreeFixer 0.48
- FreeFixer now support third-party definitions to detect malware.
- Many small improvements throughout the codebase to properly handle low memory conditions.
- FreeFixer now uses EnumProcesses instead of CreateToolhelp32Snapshot, Process32First and Process32Next to
enumerate processes.
What's New in FreeFixer 0.47
- FreeFixer now scans the Shell settings.
- Fixed a bug where FreeFixer in some cases did not do complete bounds-checking while extracting export names from dynamic link libraries.
This bug could under some conditions cause FreeFixer to crash.
- FreeFixer's crash dumps now include the version number in the file name.
What's New in FreeFixer 0.46
- Fixed a number of bugs in FreeFixer's parsing and extraction of icons from scanned executables. These bugs could under some conditions cause FreeFixer to crash.
- Fixed a bug where FreeFixer did not correctly handle the file format for 64-bit dlls. This bug could under some conditions cause FreeFixer to crash.
What's New in FreeFixer 0.45
- FreeFixer now catches critical errors in the application and offers the possibility to send a dump file
to the freefixer.com server. This will be of great help while identifying and fixing remaining defects
in the FreeFixer application.
- Fixed a bug where FreeFixer failed to enumerate the system's page files on Windows 2000. FreeFixer failed
during startup with the following error message:
The Procedure entry point EnumPageFilesA could not be located in the dynamic link library PSAPI.DLL
.
- Fixed a minor bug which appeared when FreeFixer scanned a file of zero bytes size. The bug
caused the following error message to appeared in the scan result:
Failed to calculate hash for '%FILENAME%' using 'CryptCATAdminCalcHashFromFileHandle'
while verifying trust. System error message: The volume for a file has been externally
altered so that the opened file is no longer valid. Error code: 1006.
What's New in FreeFixer 0.44
- Added a settings tab in FreeFixer's user interface.
- Added setting to optionally add the MD5 or SHA256 hash to the FreeFixer log. This will improve
the collaboration possibilities with third party developers. By default, hashes are not included
in the log.
- Settings are now saved on disk in "C:\Documents and Settings\%USERNAME%\Application Data\FreeFixer",
instead of the Windows Registry.
- Fixed a bug where FreeFixer did not remember the dialog size and position between runs.
- Fixed a minor formatting bug in the FreeFixer log.
- Fixed a minor bug where the whitelist report number was incorrect for the "AppInit_DLLs" and
"Suspicious file names" in the FreeFixer log.
- Fixed a minor problem where some errors that appeared in the user interface code was not reported to the user.
What's New in FreeFixer 0.43
- Fixed a bug which sometimes halted the scan for recently modified or created files
with the assertion message
strlen(startdir) <= MAX_PATH
.
This happened when the currently scanned drive had a directory whose absolute representation exceeded 260 characters.
- Fixed minor issue where "global errors" encountered during the scan were displayed in the beginning of the scan result. These
error messages are now displayed at the end of scan result.
- Fixed a minor bug where FreeFixer did not display a hidden process when the associated executable file was a
critical system file
(like svchost.exe).
- Fixed a bug where FreeFixer during the scan for recently modified or created files
tried to close down handles to the page file, which could result in a
stop error.
This bug only appeared on systems with a customized name for the page file. FreeFixer
now completely ignores all paging files during the scan for recently modified or created files.
What's New in FreeFixer 0.42
What's New in FreeFixer 0.41
- FreeFixer now scans the Windows XP Firewall Authorized Applications.
- FreeFixer can now unlock files that are locked by another process. This feature is used when FreeFixer
runs into a file which cannot be read. FreeFixer then closes all handles in the process that
locks or has opened the file in an exclusive mode. This should reduce or completely eliminate errors saying:
The process cannot access the file because it is being used by another process.
- The AppInit_DLL plugin and the Suspicious file names plugin now show the number of whitelisted items in the log file.
- Fixed a bug on the FreeFixer web site where searching for the
CustomizeSearch and
SearchAssistant Internet Explorer settings, resulted in an error message saying
Insufficient input
.
- Fixed a minor issue where the scan result gave an incorrect number of whitelisted drivers.
What's New in FreeFixer 0.40
- Fixed a severe flaw in the malware removal code which under some circumstances could
cause another item than the one the user selected to be removed. Many thanks to Mr Mita
for reporting in this problem.
What's New in FreeFixer 0.39
- FreeFixer now supports Windows 7 RC1.
- FreeFixer now correctly displays file and registry information for all languages in both the log file
and the scan result. Characters from languages such as Russian, Chinese, Hindi, Arabic and Japanese should no longer cause any problems.
- The FreeFixer.com web site and FreeFixer file database
now correctly handle characters from all languages.
- Added glossary item for Vendor and version information.
- Fixed a bug where some whitelisted files did not appear as whitelisted in the scan result.
- Fixed minor issue where whitespace BootExecute items appeared in the scan result.
- FreeFixer now correctly sets the locale. This fixed a bug that could halt the program
before showing the scan result with the error message:
An error occurred when trying to open the file for writing.
Filename: 'C:\Documents and Settings\%USERNAME%\Local Settings\Application Data\FreeFixer\icons\%MD5%.ico'
.
- Fixed bug where FreeFixer did not check revocation lists while verifying certificate chains for files
with embedded certificates.
What's New in FreeFixer 0.38
- FreeFixer will now whitelist files from trusted software publishers, such Microsoft, Kaspersky, Symantec, TrendMicro, etc.
The trusted files will appear with a green background in the scan result without the delete option. Trusted files will not appear in the FreeFixer log,
in order to reduce the noise and simplify inspection of the logs.
- The Start Page
http://www.microsoft.com/ is now whitelisted and will no appear in the scan result.
What's New in FreeFixer 0.37
- FreeFixer now scans the Terminal Server AutoRuns
Run, Runonce and RunonceEx, located under
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion.
- Improved the scan for files that have the same name as legitimate system files.
These files where added:
bfsvc.exe, fveupdate.exe, HelpPane.exe, ACW.exe, AdapterTroubleshooter.exe, AtBroker.exe, audiodg.exe, auditpol.exe,
bcdedit.exe, bitsadmin.exe, bridgeunattend.exe, bthudtask.exe, certreq.exe, certutil.exe, clip.exe, cmdkey.exe,
cofire.exe, colorcpl.exe, CompMgmtLauncher.exe, ComputerDefaults.exe, consent.exe, credwiz.exe, csrstub.exe, DeviceEject.exe,
DeviceProperties.exe, DFDWiz.exe, dfrgifc.exe, dfrgui.exe, dfsr.exe, dialer.exe, diskraid.exe, dispdiag.exe, dnscacheugc.exe,
dpapimig.exe, DpiScaling.exe, drvinst.exe, dwm.exe, efsui.exe, FirewallControlPanel.exe, FirewallSettings.exe, fltMC.exe,
forfiles.exe, hdwwiz.exe, icacls.exe, icardagt.exe, icsunattend.exe, ieUnatt.exe, InfDefaultInstall.exe, iscsicli.exe,
iscsicpl.exe, ktmutil.exe, lpksetup.exe, lpremove.exe, lsm.exe, mblctr.exe, mcbuilder.exe, MdRes.exe, MdSched.exe,
mfpmp.exe, MigAutoPlay.exe, mrt.exe, msconfig.exe, msdt.exe, msfeedssync.exe, msinfo32.exe,
msra.exe, MuiUnattend.exe, NAPSTAT.EXE, netbtugc.exe, netcfg.exe, netiougc.exe, Netplwiz.exe,
newdev.exe, ntprint.exe, ocsetup.exe, OptionalFeatures.exe, p2phost.exe, pcaelv.exe,
pcalua.exe, pcaui.exe, PkgMgr.exe, plasrv.exe, PnPUnattend.exe, PnPutil.exe, poqexec.exe,
powercfg.exe, PresentationHost.exe, prevhost.exe, printfilterpipelinesvc.exe, printui.exe,
RacAgent.exe, raserver.exe, rdrleakdiag.exe, rekeywiz.exe, RelPost.exe, RMActivate.exe,
RMActivate_isv.exe, RMActivate_ssp.exe, RMActivate_ssp_isv.exe, RmClient.exe, Robocopy.exe,
RpcPing.exe, rrinstaller.exe, rstrui.exe, RunLegacyCPLElevated.exe, sbunattend.exe,
sdchange.exe, sdclt.exe, SearchFilterHost.exe, SearchIndexer.exe, SearchProtocolHost.exe,
secinit.exe, setupcl.exe, setupSNK.exe, setupugc.exe, setx.exe, SLLUA.exe, SLsvc.exe,
SLUI.exe, SndVol.exe, snmptrap.exe, SoundRecorder.exe, srdelayed.exe, sxstrace.exe, SystemPropertiesAdvanced.exe,
SystemPropertiesComputerName.exe, SystemPropertiesDataExecutionPrevention.exe,
SystemPropertiesHardware.exe, SystemPropertiesPerformance.exe,
SystemPropertiesProtection.exe, SystemPropertiesRemote.exe,
tabcal.exe, takeown.exe, TapiUnattend.exe, taskeng.exe, timeout.exe,
TpmInit.exe, tssetup.exe, TSTheme.exe, ucsvc.exe, UI0Detect.exe,
unattendedjoin.exe, unregmp2.exe, vds.exe, vdsldr.exe,
verclsid.exe, waitfor.exe, wecutil.exe, wercon.exe, WerFault.exe,
WerFaultSecure.exe, wermgr.exe, wevtutil.exe, where.exe,
whoami.exe, WindowsAnytimeUpgrade.exe, WinFXDocObj.exe, wininit.exe,
winload.exe, winresume.exe, winrs.exe, winrshost.exe, WinSAT.exe, wisptis.exe,
wlanext.exe, wlrmdr.exe, wpcer.exe, wpcumi.exe, WPDShextAutoplay.exe, WSManHTTPConfig.exe,
wsqmcons.exe, wuapp.exe, WUDFHost.exe and wusa.exe.
What's New in FreeFixer 0.36
- Fixed bug in the user interface HTML generator and log generation code that
could result in the error message
Cannot convert registry data of the REGISTRY_DATA_INVALID type to a string
.
This error could appeared under some conditions when FreeFixer failed to read a registry key.
What's New in FreeFixer 0.35
- FreeFixer now verifies the digital signature for all files in the scan result.
It also checks that the certificate chains ends in a trusted root.
See Dwm.exe and
VMwareTray.exe as an example of two legitimate files
with a valid digital signature. The signature information
on the FreeFixer web site is now continuously updated when users press the
"more info" link in the scan result.
- FreeFixer now starts automatically after finishing the installer.
What's New in FreeFixer 0.34
- FreeFixer now scans the BootExecute registry setting.
- FreeFixer now supports Windows Server 2008
- Fixed bug in UserInit plugin where FreeFoxer
did not determine full path for userinit specified as filename only.
- The Start Page
res://iesetup.dll/HardAdmin.htm is now whitelisted
and will no appear in the scan result.
What's New in FreeFixer 0.33
- FreeFixer now supports Windows Vista 32-bit
- FreeFixer now displays the full path of the AppInit_DLLs in the FreeFixer log.
What's New in FreeFixer 0.32
- Fixed bug where FreeFixer was unable to modify a read-only HOSTS file.
What's New in FreeFixer 0.31
- Fixed bug where FreeFixer was unable to extract properties from files lacking a translation table.
The error message
Error getting translation table with 'VerQueryValue'..
should
no longer appear when FreeFixer scan this type of file.
- Disabled the Hidden Process plugin for users running FreeFixer on a 64-bit platform. This will be
enabled again as soon as I have located and fixed a bug in this plugin
that interrupts the scan.
What's New in FreeFixer 0.30
What's New in FreeFixer 0.29
What's New in FreeFixer 0.28
- Fixed a defect where FreeFixer sometimes stopped during scan with the error message:
Assertion failed. Message: bitmapSize == SizeofResource(dll.getModule(), hRsrc)
.
This occurred when scanning a file with a malformed icon resource.
What's New in FreeFixer 0.27
What's New in FreeFixer 0.26
- FreeFixer now shows icons for executable files and
other known file types.
- HOSTS file
redirections to the 0.0.0.0 IP address is now ignored and does
not show up in the scan result.
- Fixed a minor issue in the user interface.
What's New in FreeFixer 0.25
- FreeFixer now scans the UserInit setting.
- FreeFixer now use the common names for the operating systems when generating a log file.
For example,
Windows XP
is used instead of Windows NT 5.1
.
- Service pack number is now listed in the log file.
What's New in FreeFixer 0.24
- FreeFixer now adds experimental support for Windows Vista.
- Support for the new IPv6 format on addresses when they appear in the HOSTS file.
- FreeFixer now puts a more reasonable size on its window when it is launched for the first time.
- Fixed an bug where FreeFixer sometimes failed to terminate multi value strings (REG_MULTI_SZ).
What's New in FreeFixer 0.23
What's New in FreeFixer 0.22
- FreeFixer now scans the TCP/IP settings.
- Fixed a defect in the code that reads file properties. The defect made
FreeFixer stop with the message
Assertion failed. Message: cbTranslate >= 4
.
- Fixed a problem in FreeFixer's code that reads the registry. The bug made
FreeFixer stop with the message
Assertion failed. Message: lastInBuf == 0
.
What's New in FreeFixer 0.21
What's New in FreeFixer 0.20
- Fixed a defect where an error message was displayed when an Internet Explorer toolbar
specified a CLSID which did not exists under 'HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\'.
- Fixed a number of problems related to scanning with a limited user account.
- FreeFixer no longer halt the process and hidden process scan if a problem occur while extracting information
from one of the processes.
What's New in FreeFixer 0.19
- FreeFixer now scans drivers installed on the system.
- Fixed a defect which under some conditions halted the scan of the
autostart shortcuts,
with an error messages saying
Assertion failed. Message: initialDirectory != ""
.
What's New in FreeFixer 0.18
- The delayed file deletion feature has been improved to
deal with files that cannot be deleted once the Win32 subsystem
is started. This is done by FreeFixer's Native Deleter (ffnd.exe),
a native program that runs before the log on box appears.
- FreeFixer does no longer display files protected by the Windows File Protection (WFP) feature
in the scan result. WFP protects critical operating system files, such as
.dll, .exe and .sys files.
This will help users to quickly identify and remove unwanted third-party programs, rather than legitimate
Microsoft files.
- Scan time reduced by approximately 50%
Hot files
sshnas21.dll,
monnid32,
wwwpos32.exe,
aqlb.hjo,
incognito.exe,
rarype32.exe,
netuza32.exe,
9fo3ar0j.exe,
kbdsock.dll,
freddy84.exe,
freddy82.exe,
freddy81.exe,
freddy80.exe,
extrac64_cab.exe,
wmpscfgs .exe,
cliconfg64.exe,
winhlp64.exe,
siszyd32.exe,
sshnas.dll,
IS2010.exe,
smss32.exe,
winlogon32.exe,
helper32.dll,
IS15.exe,
richtx64.exe,
settdebugx.exe,
sr882388.exe,
questservice111.exe,
ccdrive32.exe,
av_md.exe,
essledv.exe,
msa.exe,
algqeh32.exe,
ld16.exe,
freddy79.exe,
photo_id.exe,
winupdate86.exe,
kwanzy131.exe,
wind7upd.exe,
mstre26.exe,
winlogon86.exe,
AVR10.exe,
webserver.exe,
ihaupd32.exe,
wyeke.exe,
wyeke.dll,
AdobeARM.exe,
WLIDSVC.EXE,
ssscheduler.exe,
getPlus_Helper.dll,
wscsvc32.exe,
zavupd32.exe,
herss.exe,
ie3sh.exe,
pp14.exe,
zwangi.exe,
msb.exe
filterpipeline..,