*Version numbers only change when serious program updates occur* BugHunter v2.2e February 1st, 2008 1. EngUpd: BugHunter will now display the total amount of directories to be scanned when recursive is turned on. 2. EngUpd: Modified display update routines slightly. 3. EngUpd: Altered management of arrays to improve speed. BugHunter v2.2e January 23rd, 2008 1. EngUpd: BugHunter will stop and let you know if you accidently try to run it directly from read-only media such as a CD-ROM. 2. EngUpd: BugHunter will now display current pass out of total passes on screen. BugHunter makes a pass for each BUGSIG. file found in current directory. This is presented to the lower right hand corner of the screen besides the total percentage done. 3. DocUpd: Documentation Updates, BUGHUNT.TXT, this file. 4. IniUpd: Updated INI configuration file comments. BugHunter v2.2e January 16th, 2008 1. Removed code neutralizing routines. 2. Adjusted minor string handling routines. BugHunter v2.2e Build #3 public - January 7th, 2008 1. Fixed issue with BugHunter possibly being several minutes off on the scantime report. If you start a scan a few minutes before midnight and it doesn't finish with the scan before midnight; the scan time BugHunter estimates will be completly wrong. This is a known issue and not something I plan to fix right away, sorry. :) 2. Changes to various screen prompts. 3. Changed copyright dating to reflect the new Year. BugHunter v2.2e released December 20th, 2007 - Build #1 1. The code neutralizing routines can be turned off via a toggle inside the configuration file. 2. A few minor visual display changes/bugfixes. BugHunter v2.2d Released September 2nd, 2007 1. As of now, BugHunter will try to neutralize malicious executables and scripts before deletion. If the file cannot be deleted, but the neutralization was succesful the file will no longer pose any threat to your system. It will be converted into an MSDOS 16bit .EXE file which will display a message and quit. 2. Screen updates and other minor changes with layout. BugHunter v2.2c - BugFix release August 4th, 2007 1. A certain subroutine was disabled in a previous fix, resulting in the possibility of BugHunter missing files for scanning purposes. 2. Additional information is now included in the documentation, BUGHUNT.TXT and the FAQ file BUGFAQ.TXT giving you a general idea of what BugHunter does and how it works. 3. Various code optimizations have finally been completed! :) BugHunter v2.2c Final Released officially July, 2007 1. BugHunter now properly runs if it's signature files are set to read-only. 2. Two memory leak issues have been resolved. 3. Minor optimization changes, should result in slightly faster scantimes on some older systems. BugHunter v2.2c build 6207 June 2nd, 2007 1. BugHunter now offers a percentage completed in almost all cases when it's scanning your system. 2. BugHunter can now be completely automated via the command line. You can for example, schedule it to run as a nightly task. BugHunter v2.2c documentation updates May 19th, 2007 1. Updated BUGHUNT.TXT 2. Updated this file 3. Two new files included, HOWTO9X.TXT and HOWTONT.TXT, these are both quickstart guides for dealing with a machine already suspected of being infected. If you don't want to read the documentation, these files will give you the general idea to get you going. BugHunter v2.2c released April 19th, 2007 1. Documentation updates 2. BUGINFO.DAT has been replaced by seperate files, one for each datafile. 3. Potential Crash Scenario resolved. 4. BugHunter will now display current directory number, total directories and percentage of current job done anytime "Searching" comes up on the screen. BugHunter v2.2a released April 16th, 2007 1. Documentation update 2. Added two additional files to the archive. PROCESS.EXE and SAFEBUG.BAT; See BUGHUNT.TXT for a description of these files. BugHunter v2.2a Released April 2nd, 2007 1. BugFix: Searching routine could hang on bad data stream. 2. FixSpy.reg has been replaced with a much more up to date version provided by David Lipman, author of Multi-AV. 3. Documentation Update: cleaned it up a little bit. 4. Exit routine change, BugHunter offers contact information when quitting. BugHunter v2.2 Released February 24th, 2007 1. BugFix: Display routine for [ER] occasionally reported an invalid file. Ie: the file read fine, but was said to be bad on screen anyway. 2. BugFix: BugHunter will no longer report no files were deleted and/or no files were renamed if nothing was found; this was redundant. BugHunter v2.1 engine update Released February 17th, 2007 1. BugFix: BugHunter will no longer hang on partially unreadable files. Instead, the filename followed by [ER] will be shown on screen. If this happens, You are encouraged to run a disk repair utility, chkdsk or another, as you may have file system damage present; which can interfere with the scanning process as well as the general operation of your computer. 2. LogChange: Previous versions could skip writing valuable information to the logfile depending on the length of the directory and found malware. 3. Documentation Update: replaced remaining pattern references with signatures. 4. FAQ Update: replaced remaining pattern references with signatures. Made suggestion to update your copy if your still getting a lock condition, as this has been resolved. BugHunter v2.1 Released January 13th, 2007 1. BugFix: BugHunter reset attributes on every file, and didn't set them back. My apologies for any problems this may have caused people. The most reported problem was desktop.ini opening with notepad when you logged into windows. From now on, the only time attributes are changed is if BugHunter is attempting to delete the file. 2. Cosmetic Change: BugHunter doesn't display "Now Checking..." followed by folder/directory names. Instead your greeted with "Checking: "and the full path of the file in question. 3. Engine Update: BugHunter will now report when it has completed Checking and has resumed Searching. Previously it would appear to have locked up when it was searching the whole time. BugHunter v2.0 Build #2 Released January 8th, 2007 1. Changed the way some text routines are processed. 2. BugFix: BugHunter wouldn't run properly under win98(se) since v1.9.4; fixed. BugHunter v2.0 Released January 4th, 2007 1. Engine Update: BugHunter handles signature information differently than previous versions. This will allow the signature database to grow as needed easily. 2. BugHunter is able to provide a more descriptive name besides "Full Match!"- This will be updated often. 3. Minor cosmetic tweaks to the GUI and logfile routines. BugHunter v1.9.4 Released October 13th, 2006 1. Gui Update: New selection, D- allows you to select what happens to files that are detected as malware on a file by file basis. 2. BugFix: an older bug, users probably would never encounter it, but it's fixed now anyway. BugHunter v1.9.3 build #2 Released October 10th, 2006 1. Engine Change: BugHunter no longer stores a list of filetypes known to carry malware. Files are scanned regardless of supposed filetype if BugHunter suspects it may be a known malware executable. 2. Documentation Update: To better clarify exactly what BugHunter is. Some individuals mistakenly assumed that BugHunter is only to be used in the event that you have already tried everything else. This is not the case. While BugHunter is certainly useful in those circumstances when windows will either not boot and/or your antimalware program will not run, You are not limited to such a scenario. BugHunter can be used as the user wishes to scan the system at anytime for known malware. BugHunter v1.9.3 Released September 8th, 2006 1. Gui Change: BugHunter will no longer list directories as it scans each filetype. Instead, directories will be listed onetime and BugHunter will simply scan for all known types of files. This change only affects the GUI portion of BugHunter, No changes have been made to the way the logfile is written. Ie: If you have full logging enabled, you will still have all the details of v1.9.2 *This was done to improve scantimes. BugHunter v1.9.2 Released August 15th, 2006 1. Engine Update: BugHunter can detect several more types of files which are known to either be malware themselves, or installers for such. 2. Gui Update: Minor revision to main menu. screen says the word "brackets" now. BugHunter v1.9.1 Build #3 Released August 4th, 2006 1. BugFix: File I/O error could cause BugHunter not to complete a read which would pass a possibly bad file. 2. BugFix: Checking indicator would sometimes overwrite other sections of the screen while BugHunter started scanning. BugHunter v1.9.1 Released July 28th, 2006 1. BugFix: Possible lock condition with some files. 2. LogChange: BugHunter will now make a note of files which denied read access during scanning. 3. Cosmetic Change: When showing Checking, the filename is now properly formatted to stay in one location. 4. Created a new file which I plan to continue updating as time allows. PARTLIST.TXT contains a partial list of the malware known to BugHunter. BugHunter v1.9 b#2 released July 22nd, 2006 1. Changed file opening request type in the crc engine. 2. Edited BUGHUNT.INI file; BugHunter will not scan network mapped drives, cdroms or anything else. Only local fixed disks by default. 3. Minor Documentation changes. BugHunter v1.9 released to the public July 15th, 2006 1. BugHunter displays the total amount of files scanned on screen and in the logfile when a scan is completed. 2. Moved locate.com configuration to the ini files, you can edit the full path and parameters passed to the program as well as choose the name for the temporary data. BugHunter is preset to do a recursive scan on all drives mapped to the computer from which it's run, and store this information in C:\BUGHUNT.DAT; Regardless of custom settings you define, BugHunter will scan root of all drives from C: to Z: (if they exist). 3. A possible lockup condition only observed on HP's so far has hopefully been fixed. Please send me an email if this program locksup during a scan on you. 4. Moved 2klogin.reg and xplogin.reg to fixes.zip with a better explanation of what these files are. They have been moved to a seperate zip to prevent accidental importation into the registry. 5. Documentation Updated. BugHunter v1.8 Build #6 release to the public July 2nd, 2006 1. The new crcing engine is now being used. This should result in a very fast scan time on most pcs. If BugHunter previously took 20 minutes on your machine, it should finish in less than 2-3 minutes or so now. 2. Various memory optimizations. 3. Documentation update (07-08-2006) 4. Altered both *.NT files, very basic now, should work with all systems regardless of installation folder. 5. The Scan: view has been removed in this build, you wouldn't have time to read it now anyway. *grin* BugHunter v1.8 Build #5 released to the public June 30th, 2006 1. Minor cosmetic tweak so bughunter will display 1000 and above pattern entries nicely on the main menu. 2. modified parameters passed to locate.com, No more duplicate directories which increases data compilation in the beginning and the amount of time required to scan. 3. BugHunter will show Scan: and the filename of any file which has a partial match, IE, the filelength is the same as known malware, BugHunter will pause for a moment to take a closer look. BugHunter v1.8 Build #4 pattern update! June 2nd,2006 1. Created a new file called newpat.txt which explains whats new in the pattern release. 2. Updated FIXSPY.REG to remove more of the desktop hijackers It's all still related to SpyAxe; Sorry people they are! BugHunter v1.8 Build #4 Released May 20th, 2006 1. Two bugs fixed. One which would cause a lockup condition and another which disabled user defined directory scanning since the last build release. Woops. 2. Several new patterns Added. Vundo trojan varient, Winfixer2005, and Spyware Stormer. Bringing the new total number of junk that nobody wants over 620. Future releases will contain a newpat.txt file listing changes regarding what BugHunter scans for. This should satisfy some individuals who wish to know by name what this program looks for. BugHunter v1.8 Released April 15th, 2006 around 10pm 1. BugHunter scantime should be much shorter now. BugHunter is no longer actually doing a crc on the file everytime it thinks the file may match. If a partial match occurs, a single crc is done for later comparison of said file. 2. Added two *.NT files, these are only necessary if you are getting an error similiar to the following: The system file (either CONFIG.NT or AUTOEXEC.NT) is not suitable for running MS-DOS and Windows Applications. In this case, copy the included files to your windows install directory\system32. The error message will include the exact location and name of the file. Copy one of the included ones to this location. 3. New patterns designed to remove movielink.tv browser hijacker. 4. BugHunter will scan several more file extensions now. 5. Fixed another lockup issue with some systems. Please report any further lockups to my email address. 6. Added a status indicator of sorts. It's represented by a short line which consists of dots. Each dot represents a partial record hit on the current file in question. The indicator is updated as more hits are recorded, and is erased when BugHunter has completed the current task. The indicator is not for accuracy and should not be used to make any sort of determination with regard to a suspect file. The indicator is primarily to let you know BugHunter is still running. :) Release #4 1. A few memory issues have been resolved. BugHunter should do better. 2. A possible lock condition has hopefully been resolved. It's extremely difficult to reproduce. if BugHunter locksup during scanning on you, Please email me the log file and the build.001 one present in the directory you executed it from. 3. A few more samples have been added. Bringing the total known junk that nobody wants to 513. Release #2 of v1.7.1 1. An odd repeat loop condition has been observed in some cases, this has been fixed?... 2. Potential error condition reading configuration files fixed. 3. Potential error condition reading recursive scan data fixed. 4. 3 new Patterns added. Changes since v1.7 Public Release (or whats new in v1.7.1) 1. BugHunter parses it's configuration file properly now. (Er, in most cases...); If anybody finds another problem with the handling routines, please let me know. 2. There have been several pattern updates since v1.7 was initially released. Two products that BugHunter detects and will remove are known as Spyware Strike (v2.5) and Security Toolbar (from www.securityindex.net). SpyAxe is also detected, and removed! However; BugHunter does not fix the annoying popup window located on your taskbar. It's a registry key which controls it. 3. v1.7.1 of BugHunter uses slightly less memory then previous versions, pattern indexing information has been updated so future versions can easily be written without any change to the pattern file system. 4. Further improvements to the parsing routine have been made, This should ensure easy configuration of the program. Fixed entries in the .ini file have been removed; BugHunter can be controlled now via commands included in the configuration file. Please see a configuration file and/or the documentation for more information. Changes since v1.7 public release 1. A problem with the parsing of the configuration files has been corrected. BugHunter will properly read customized directories if you toggle recursion off. v1.7 would skip the first one, and not accuratly display all of them. 2. Fixed an error with the display; v1.7 wouldn't display the correct number of files that were scanned. 3. Added two new samples. MSDF.DLL (Seems to be rather popular at the moment) and another browser hijacking random named .dll file. :( Changes for PUBLIC release of v1.7 1. A security risk concerning the pattern file being tampered with has been corrected. 2. BUGHUNT.TXT has been updated specifically for this version. 3. Several new patterns have been added since beta testing. Changes since v1.7 initially entered beta testing 1. More Cosmetic changes to the logfile. 2. Finally fixed the time/date glitch with regard to logfile date/time stamp. Sorry :) 3. Improved .ini file layout and handling. Please see BUGHUNT.INI or BUGHUNT.TXT for details. 4. Added LOCATE.TXT (it accompanies LOCATE.COM) 5. BugHunter supports only writing found malware, action taken, and result to the logfile, or full logging as it always has. See BUGHUNT.INI 6. BugFix: a potential crash scenario with the way the BUGHUNT.PAT was being read, fixed. 7. BugFix: BugHunter could fail to report the correct amount of time taken to complete a scan, hopefully fixed! Changes since v1.6 of BugHunter: 1. Cosmetic changes to the logfile. Should be easier to follow and read, and be friendly for older printers that wish to make a hard copy of it. 2. BugFix: BugHunter now remembers your log settings, and will not create a new logfile when it's supposed to be appending to the already existing one. 3. Additional Malware signatures have been added; 223 items now! 4. DocFix: Typos have been corrected in the .FAQ. 5. BugHunter now supports comments in the .INI files. Any line that begins with # or ; is considered a comment and ignored by BugHunter. You may place comments anywhere you like inside the .ini files. 6. IniFix: Documents and Settings/all users/programs/startup folder has been added for scanning. 7. BugHunter now optionally supports full recursion. Settable via the BUGHUNT.INI file. You are encouraged to examine the one included. LOCATE.COM is required for this feature. 8. RegMod: The included FIXDESK.REG has been replaced with XPLOGIN.REG and 2KLOGIN.REG respectively. Import the one corresponding to the OS your running if windows immediatly logs you on and off after removing malware. Specifically, check the BUGHUNT.LOG for the removal of WSAUPDATER.EXE file. 9. FYI: There are no plans currently to support scanning across a UNC name. BugHunter does not support directories longer then 80 characters in total length of name. Support will eventually be added to deal with this. Changes since v1.5 of BugHunter: 1. Cosmetic changes to some error messages. 2. Additional Malware signatures have been added; 156 items now! 3. Memory optimizations; BugHunter uses slightly less ram now then did previously. 4. BUGHUNT.TXT has been siginificantly revised and should be easier to follow Now. Changes since v1.4 of BugHunter: 1. Entries added to the pattern file to deal with MalWare. 124 items now! 2. Modified bughunt.ini- Added C:\WINDOWS\DOWNLO~1 for malware scanning. Also Added C: root. Bogus explorer.exe if stored here will be executed when windows boots. 3. Updated documentation; Please see BUGHUNT.TXT 4. Included A bughunt.faq file, to answer any last minute questions you might have. 5. Cosmetic change with the logfile to improve readability. 6. BugHunter configuration file now supports upto 32 directories for customized scanning. 7. BugFix: BugHunter was not properly counting the number of files succesfully renamed. It would always show none or 1. 8. BugFix: BugHunter would sometimes get confused and try to scan the previous file again (said file might not exist!) 9. Logging change: If Bughunter is configured to append, and the logfile doesn't exist, it will be created. 10. GUI Change: Minor changes to logfile error messages. 11. Added .REG file to help with possible logon/logoff issues on 2k/XP. 12. Included BUG2K.INI; pre configured for C:\WINNT instead of BUGHUNT.INI default C:\WINDOWS 13. 1 Entry removed from pattern file; Determined to be a false alarm. 14. BugHunter creates a WININIT.INI file in the directory it's executed from. This allows BugHunter to remove memory resident malware when you restart the computer. This file only applies to Win9x/ME systems. 15. The Logfile now clearly shows where new log entries begin, if your using append. Changes since v1.3 of BugHunter: 1. BugHunter scanning has been changed! BugHunter can now scan files that are already in use. You will no longer see "couldn't be opened for access!" errors. 2. BugHunter keeps a running total of the files scanned in each directory. The number of found MalWare is also listed, including the amount of files succesfully renamed or deleted. 3. One new entry added to the pattern file to deal with malware. 4. The scannable filetypes list has been changed in this version of BugHunter. BugHunter will only scan for *.BUG files when you wish to remove them. (Option C). 5. In Most cases, it is no longer necessary to boot from a startup disk or cd. You can now disable most found spyware by selecting option B, and then rebooting your machine. Run BugHunter once more using option C to clean up the *.BUG files left behind after using option B. Changes since v1.2 of BugHunter: 1. BugHunter logging options are user controllable via the .ini file. 2. Four new entries added to the pattern file to deal with malware. 3. BugHunter now attempts to force the current screen (or window) into 80x25x16 graphics mode. (Text only), this allows BugHunter to display properly either in window mode, or fullscreen. Changes since v1.1 of BugHunter: 1. As of v1.2 BugHunter no longer makes use of the .ini file for items to scan. Bughunter has been hard-coded to look for specific types of files only. This reduces the required scan time further. Since BugHunter is no longer examining certain file types, this reduces the chances of a false alarm. For compatability with the original .ini file layout, the first line is still read by BugHunter, but ignored. 2. Two new entries added to the pattern file to deal with malware. 3. More changes to the GUI, Hopefully making the program more user friendly. Easier to see Directory/Filescan spec entries both on screen and in the logfile. 4. BugHunter now tells you if it finds nothing to scan in some directories. BugHunter does not waste valuable time scanning folders which either do not exist and/or have no files. 5. BugHunter configuration is no longer confined to bughunt.ini; You can specify another filename on the command line to force BugHunter to use customized .ini files. This feature is useful to those individuals who work with different windows installations that do not share the same installation folder. 6. BugHunter does properly display the amount of time in minutes and seconds the scan took. This information is also recorded in the logfile. 7. For clarification purposes only: BugHunter always tries to save data to the logfile before writing it on screen. In the event of a fatal crash; The Logfile should contain the last entry prior. Changes since v1.0 of BugHunter: 1. New GUI layout; Should be more pleasant in a console windows. 2. Added total amount of time taken to scan. 3. Removed one false entry in the pattern files. 4. BugHunter no longer requires running from the host drive. 5. Added configuration via BUGHUNT.INI 6. Optimized code layout for even faster scanning! 7. BugHunter now has the option of renaming found malware. 8. BugHunter will append (not overwrite) already existing BUGHUNT.LOG files.