diff --git a/README.md b/README.md
index e07a676..907010b 100644
--- a/README.md
+++ b/README.md
@@ -81,7 +81,7 @@ If you are not already an expert, we recommend submitting your case to an online
- English: [Our GitHub](https://github.com/dragokas/hijackthis/wiki/How-to-make-a-request-for-help-in-the-PC-cure-section%3F) ; [GeeksToGo](http://www.geekstogo.com/forum/topic/2852-malware-and-spyware-cleaning-guide/) ; [BleepingComputer](https://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/)
- Russian: [SafeZone](https://safezone.cc/pravila/) ; [CyberForum](https://www.cyberforum.ru/viruses/thread49792.html) ; [OSZone](http://forum.oszone.net/thread-98169.html) ; [SoftBoard](https://softboard.ru/topic/51343-правила-подраздела/) ; [THG](http://www.thg.ru/forum/showthread.php?t=92236) ; [VirusInfo](https://virusinfo.info/showthread.php?t=1235) ; [KasperskyClub](https://forum.kasperskyclub.ru/index.php?showtopic=43640)
-> Note: currently, only [VIRUSNET association](https://github.com/VIRUSNET-Association) can provide direct analysis of HijackThis+ logs in [our github 'Issues' section](https://github.com/dragokas/hijackthis/wiki/How-to-make-a-request-for-help-in-the-PC-cure-section%3F). Please feel free to ask help there (English/Russian only).
+> Note: currently, only [VIRUSNET association](https://github.com/VIRUSNET-Association) can provide direct analysis of HiJackThis+ logs in [our github 'Issues' section](https://github.com/dragokas/hijackthis/wiki/How-to-make-a-request-for-help-in-the-PC-cure-section%3F). Please feel free to ask help there (English/Russian only).
## Technical support
@@ -110,7 +110,7 @@ If you are not already an expert, we recommend submitting your case to an online
* **Fernando Mercês** { [@merces](https://github.com/merces) } (Trend Micro) - coordinator of original HJT, for the tips, suggestions and promotion
* **Loucif Kharouni** { [@loucifkharouni](https://github.com/loucifkharouni) } (Trend Micro) - coordinator of original HJT, for the tips & suggestions
-HiJackThis+ by Alex Dragokas is a continuation of Trend Micro HiJackThis development, based on [v.2.0.6](https://sourceforge.net/p/hjt/code/HEAD/tree/beta/2.0.6/) branch and 100% rewritten at the moment. HijackThis+ was initially supported by Trend Micro, but they have since refused support and closed its GitHub repository.
+HiJackThis+ by Alex Dragokas is a continuation of Trend Micro HiJackThis development, based on [v.2.0.6](https://sourceforge.net/p/hjt/code/HEAD/tree/beta/2.0.6/) branch and 100% rewritten at the moment. HiJackThis+ was initially supported by Trend Micro, but they have since refused support and closed its GitHub repository.
HiJackThis+ is distributed under the initial [GPLv2 license](https://github.com/dragokas/hijackthis/blob/devel/LICENSE.md). It also includes several tools and plugins available as freeware.
## Reviews & Mirrors
diff --git a/src/HiJackThis-update-test.txt b/src/HiJackThis-update-test.txt
index 502a80d..fb56849 100644
--- a/src/HiJackThis-update-test.txt
+++ b/src/HiJackThis-update-test.txt
@@ -1 +1 @@
-3.4.0.2
\ No newline at end of file
+3.4.0.3
\ No newline at end of file
diff --git a/src/HiJackThis-update.txt b/src/HiJackThis-update.txt
index 502a80d..fb56849 100644
--- a/src/HiJackThis-update.txt
+++ b/src/HiJackThis-update.txt
@@ -1 +1 @@
-3.4.0.2
\ No newline at end of file
+3.4.0.3
\ No newline at end of file
diff --git a/src/HiJackThis.pdb b/src/HiJackThis.pdb
index 76b32a0..5a63385 100644
Binary files a/src/HiJackThis.pdb and b/src/HiJackThis.pdb differ
diff --git a/src/RESOURCE.res b/src/RESOURCE.res
index 3cf3bae..843c9b6 100644
Binary files a/src/RESOURCE.res and b/src/RESOURCE.res differ
diff --git a/src/_ChangeLog_en.txt b/src/_ChangeLog_en.txt
index dd01fa8..4764084 100644
--- a/src/_ChangeLog_en.txt
+++ b/src/_ChangeLog_en.txt
@@ -11,10 +11,14 @@ Version history:
||||| 1. HiJackThis: changelog |||||
==================================================
-[3.4.0.2 Alpha] - Jan 01, 2024
+[3.4.0.3 Alpha] - Feb 06, 2024
+ - Improved Windows Defender recovery procedure.
+ - Fixed regression: coudn't add some items to ignore list.
+
+[3.4.0.2 Alpha] - Jan 28, 2024
- Fix of previous build.
-[3.4.0.1 Alpha] - Jan 01, 2024
+[3.4.0.1 Alpha] - Jan 28, 2024
- Fixed a vulnerability in the buffer overflow of the scan results list.
- Fixed a critical error in the HiJackThis backup restoration function:
* It is not recommended to use the "Restore" button for backups in versions 3.3.0.5 - 3.3.0.11 without updating to this version, as it may destroy all other backups;
diff --git a/src/_ChangeLog_ru.txt b/src/_ChangeLog_ru.txt
index 40488cc..391d4cb 100644
--- a/src/_ChangeLog_ru.txt
+++ b/src/_ChangeLog_ru.txt
@@ -11,6 +11,10 @@
||||| 1. HiJackThis: список изменений |||||
=========================================================
+[3.4.0.3 Alpha] - 06.02.2024
+ - Улучшена процедура восстановления Windows Defender.
+ - Исправлено ухудшение: некоторые пункты не удавалось добавить в игнор-лист.
+
[3.4.0.2 Alpha] - 28.01.2024
- Фикс предыдущего билда.
diff --git a/src/_HijackThis.vbp b/src/_HijackThis.vbp
index 086777b..42d1570 100644
--- a/src/_HijackThis.vbp
+++ b/src/_HijackThis.vbp
@@ -92,7 +92,7 @@ Description="Creates a report of non-standard parameters of registry and file sy
CompatibleMode="0"
MajorVer=3
MinorVer=4
-RevisionVer=2
+RevisionVer=3
AutoIncrementVer=0
ServerSupportFiles=0
VersionCompanyName="Alex Dragokas & Trend Micro Inc."
diff --git a/src/clsProcess.cls b/src/clsProcess.cls
index c6eb79c..17b8192 100644
--- a/src/clsProcess.cls
+++ b/src/clsProcess.cls
@@ -542,6 +542,19 @@ ErrorHandler:
If inIDE Then Stop: Resume Next
End Function
+Public Function RunPowershell( _
+ ByVal sCmd As String, _
+ Optional bWait As Boolean = False, _
+ Optional iTimeoutMs As Long = 30000, _
+ Optional WindowStyle As SHOWWINDOW_FLAGS = SW_HIDE) As Boolean
+
+ sCmd = "-ExecutionPolicy UnRestricted -c " & """" & sCmd & """"
+ RunPowershell = Proc.ProcessRun(BuildPath(sWinSysDir, "WindowsPowerShell\v1.0\powershell.exe"), sCmd, , WindowStyle)
+ If RunPowershell And bWait Then
+ Me.WaitForTerminate , , , iTimeoutMs
+ End If
+
+End Function
Public Function ProcessRun( _
ByVal FileName As String, _
diff --git a/src/clsScript.cls b/src/clsScript.cls
index 0fbf216..d50b0d0 100644
--- a/src/clsScript.cls
+++ b/src/clsScript.cls
@@ -363,6 +363,7 @@ Private Sub ExecuteFix(sRawText As String)
On Error GoTo ErrorHandler:
Dim i As Long
+ g_bFixing = True
modFix.OpenFixLogHandle
modFix.WriteFixLogLine LogTagId_Raw, vbNewLine & "Script contents:" & vbNewLine & _
@@ -396,6 +397,7 @@ On Error GoTo ErrorHandler:
Next
modFix.CloseFixLog
+ g_bFixing = False
Exit Sub
ErrorHandler:
@@ -428,7 +430,10 @@ End Sub
Private Sub ExecuteLogLine(sLogLine As String)
On Error GoTo ErrorHandler:
-
+ If Not g_bGeneralScanned Then
+ StartScan
+ '// TODO: cmdScan_Click() move some cmds => StartScan
+ End If
Exit Sub
ErrorHandler:
diff --git a/src/modGlobals.bas b/src/modGlobals.bas
index d42a8d5..2622c8d 100644
--- a/src/modGlobals.bas
+++ b/src/modGlobals.bas
@@ -34,7 +34,7 @@ Public Const STR_NO_COMPANY As String = "no company"
Public Const STR_OBFUSCATED As String = "(obfuscated)"
#If False Then 'for common var. names character case fixation
- Public x, y, Length, Index, sFilename, i, j, k, N, State, frm, ret, VT, isInit, hWnd, pv, Reg, pid, File, msg, VT, InArray, Self, status, filename
+ Public x, y, Length, Index, sFilename, i, j, k, N, State, frm, ret, VT, isInit, hWnd, pv, Reg, pid, File, msg, VT, InArray, Self, status, FileName
Public mid, SID
#End If
@@ -281,6 +281,7 @@ Public bMinToTray As Boolean
Public bStartupListSilent As Boolean
Public g_bAppShutdown As Boolean
Public g_bScanInProgress As Boolean
+Public g_bFixing As Boolean
Public g_bGeneralScanned As Boolean
Public g_bCalcHashInProgress As Boolean
Public g_bVTScanInProgress As Boolean
@@ -582,7 +583,7 @@ End Type
Public Type FILE_NAME_INFORMATION
FileNameLength As Long
- filename(MAX_PATH) As Integer 'WCHAR FileName[1] 'MAX_PATH + NUL
+ FileName(MAX_PATH) As Integer 'WCHAR FileName[1] 'MAX_PATH + NUL
End Type
Public Type MOUNTMGR_BUFER
@@ -996,7 +997,7 @@ Public Declare Function EmptyArray Lib "oleaut32.dll" Alias "SafeArrayCreateVect
Public Declare Function EmptyByteArray Lib "oleaut32.dll" Alias "SafeArrayCreateVector" (Optional ByVal VT As VbVarType = vbByte, Optional ByVal lLow As Long = 0, Optional ByVal lCount As Long = 0) As Byte()
Public Declare Function NtCreateFile Lib "ntdll.dll" (ByRef FileHandle As Long, ByVal DesiredAccess As Long, ObjectAttributes As OBJECT_ATTRIBUTES, IoStatusBlock As IO_STATUS_BLOCK, AllocationSize As Any, ByVal FileAttributes As Long, ByVal ShareAccess As Long, ByVal CreateDisposition As Long, ByVal CreateOptions As Long, EaBuffer As Any, ByVal EaLength As Long) As Long
Public Declare Function NtWriteFile Lib "ntdll.dll" (ByVal FileHandle As Long, EventArg As Any, APCRoutine As Long, APCContext As Any, IoStatusBlock As IO_STATUS_BLOCK, ByVal Buffer As Long, ByVal Length As Long, ByteOffset As Long, Key As Long) As Long
-Public Declare Function OpenFile Lib "kernel32.dll" (ByVal filename As String, ByVal OFs As Long, ByVal Flags As Long) As Long
+Public Declare Function OpenFile Lib "kernel32.dll" (ByVal FileName As String, ByVal OFs As Long, ByVal Flags As Long) As Long
Public Declare Function RtlDosPathNameToNtPathName_U Lib "ntdll.dll" (ByVal DosFileName As Long, NtFileName As UNICODE_STRING, FilePart As Long, RelativeName As Any) As Long
Public Declare Sub RtlInitUnicodeString Lib "ntdll.dll" (DestinationString As Any, ByVal sourceString As Long)
Public Declare Sub RtlFreeUnicodeString Lib "ntdll.dll" (UnicodeString As UNICODE_STRING)
diff --git a/src/modMain.bas b/src/modMain.bas
index 92af56e..2042d49 100644
--- a/src/modMain.bas
+++ b/src/modMain.bas
@@ -265,9 +265,10 @@ End Enum
Public Enum ENUM_COMMANDLINE_ACTION_BASED
COMMANDLINE_RUN = 1
+ COMMANDLINE_POWERSHELL = 2
End Enum
#If False Then
- COMMANDLINE_RUN
+ Dim COMMANDLINE_RUN, COMMANDLINE_POWERSHELL
#End If
Public Type FIX_REG_KEY
@@ -328,6 +329,8 @@ Public Type FIX_COMMANDLINE
Executable As String
Arguments As String
Style As SHOWWINDOW_FLAGS
+ Wait As Boolean
+ TimeoutMs As Long
End Type
Public Enum JUMP_ENTRY_TYPE
@@ -588,7 +591,8 @@ Public Sub AddToScanResults( _
Const SelLastAdded As Boolean = False
- result.HitLineW = ScreenHitLine(result.HitLineW)
+ 'result.HitLineW = ScreenHitLine(result.HitLineW)
+ 'moved to => IsOnIgnoreList
If DoNotDuplicate Then
If UBound(Scan) > 0 Then
@@ -1016,10 +1020,8 @@ Public Function InArrayResultCommandline(CommandlineArray() As FIX_COMMANDLINE,
If Item.ActionType = .ActionType Then
If Item.Executable = .Executable Then
If Item.Arguments = .Arguments Then
- If Item.Style = .Style Then
- InArrayResultCommandline = True
- Exit For
- End If
+ InArrayResultCommandline = True
+ Exit For
End If
End If
End If
@@ -7439,15 +7441,7 @@ Public Sub CheckPolicies()
.Section = "O7"
.HitLineW = sHit
AddRegToFix .Reg, REMOVE_VALUE, HE.Hive, HE.Key, aValue(i)
- AddRegToFix .Reg, CREATE_KEY, HKEY_LOCAL_MACHINE, "Software\Microsoft\AMSI\Providers\{2781761E-28E0-4109-99FE-B9D127C57AFE}"
- AddRegToFix .Reg, CREATE_KEY, HKEY_LOCAL_MACHINE, "Software\Microsoft\AMSI\Providers2\{2781761E-28E0-4109-99FE-B9D127C57AFE}"
- AddRegToFix .Reg, CREATE_KEY, HKEY_LOCAL_MACHINE, "Software\Microsoft\AMSI\UacProviders\{2781761E-28E2-4109-99FE-B9D127C57AFE}"
- 'SOFTWARE\Microsoft\Windows Defender\Spynet (Cloud-delivered protection)
- AddRegToFix .Reg, RESTORE_VALUE, HKEY_LOCAL_MACHINE, Caes_Decode("TRK[`L_Tm`DzQPVTM]GDX_Wdnl AdghsknCibGRIBS"), "SpyNetReporting", 2
- AddServiceToFix .Service, ENABLE_SERVICE Or START_SERVICE, "WinDefend"
- AddTaskToFix .Task, ENABLE_TASK, "\Microsoft\Windows\ExploitGuard\ExploitGuard MDM policy Refresh"
- .CureType = REGISTRY_BASED Or SERVICE_BASED Or TASK_BASED
- '// TODO: restore tasks
+ FixWindowsDefender result
End With
AddToScanResults result
End If
@@ -7469,15 +7463,7 @@ Public Sub CheckPolicies()
.Section = "O7"
.HitLineW = sHit
AddRegToFix .Reg, REMOVE_VALUE, HE.Hive, HE.Key, aValue(i)
- AddRegToFix .Reg, CREATE_KEY, HKEY_LOCAL_MACHINE, "Software\Microsoft\AMSI\Providers\{2781761E-28E0-4109-99FE-B9D127C57AFE}"
- AddRegToFix .Reg, CREATE_KEY, HKEY_LOCAL_MACHINE, "Software\Microsoft\AMSI\Providers2\{2781761E-28E0-4109-99FE-B9D127C57AFE}"
- AddRegToFix .Reg, CREATE_KEY, HKEY_LOCAL_MACHINE, "Software\Microsoft\AMSI\UacProviders\{2781761E-28E2-4109-99FE-B9D127C57AFE}"
- 'SOFTWARE\Microsoft\Windows Defender\Spynet (Cloud-delivered protection)
- AddRegToFix .Reg, RESTORE_VALUE, HKEY_LOCAL_MACHINE, Caes_Decode("TRK[`L_Tm`DzQPVTM]GDX_Wdnl AdghsknCibGRIBS"), "SpyNetReporting", 2
- AddServiceToFix .Service, ENABLE_SERVICE Or START_SERVICE, "WinDefend"
- AddTaskToFix .Task, ENABLE_TASK, "\Microsoft\Windows\ExploitGuard\ExploitGuard MDM policy Refresh"
- .CureType = REGISTRY_BASED Or SERVICE_BASED Or TASK_BASED
- '// TODO: restore tasks
+ FixWindowsDefender result
End With
AddToScanResults result
End If
@@ -7514,6 +7500,25 @@ ErrorHandler:
If inIDE Then Stop: Resume Next
End Sub
+Private Sub FixWindowsDefender(result As SCAN_RESULT)
+ With result
+ AddRegToFix .Reg, CREATE_KEY, HKEY_LOCAL_MACHINE, "Software\Microsoft\AMSI\Providers\{2781761E-28E0-4109-99FE-B9D127C57AFE}"
+ AddRegToFix .Reg, CREATE_KEY, HKEY_LOCAL_MACHINE, "Software\Microsoft\AMSI\Providers2\{2781761E-28E0-4109-99FE-B9D127C57AFE}"
+ AddRegToFix .Reg, CREATE_KEY, HKEY_LOCAL_MACHINE, "Software\Microsoft\AMSI\UacProviders\{2781761E-28E2-4109-99FE-B9D127C57AFE}"
+ 'SOFTWARE\Microsoft\Windows Defender\Spynet (Cloud-delivered protection)
+ AddRegToFix .Reg, RESTORE_VALUE, HKEY_LOCAL_MACHINE, Caes_Decode("TRK[`L_Tm`DzQPVTM]GDX_Wdnl AdghsknCibGRIBS"), "SpyNetReporting", 2
+ AddRegToFix .Reg, REMOVE_KEY, HKLM, "SOFTWARE\Policies\Microsoft\" & STR_CONST.WINDOWS_DEFENDER
+ AddRegToFix .Reg, REMOVE_KEY, HKCU, "SOFTWARE\Policies\Microsoft\" & STR_CONST.WINDOWS_DEFENDER
+ AddServiceToFix .Service, ENABLE_SERVICE Or START_SERVICE, "WinDefend"
+ AddTaskToFix .Task, ENABLE_TASK, "\Microsoft\Windows\ExploitGuard\ExploitGuard MDM policy Refresh"
+ AddCommandlineToFix .CommandLine, COMMANDLINE_POWERSHELL, , "Set-MpPreference -UILockdown 0", , False
+ AddCommandlineToFix .CommandLine, COMMANDLINE_POWERSHELL, , "Set-MpPreference -DisableRealtimeMonitoring $false", , False
+ AddCommandlineToFix .CommandLine, COMMANDLINE_RUN, BuildPath(PF_64, STR_CONST.WINDOWS_DEFENDER, "mpcmdrun.exe"), "-wdenable", SW_MINIMIZE, False
+ .CureType = REGISTRY_BASED Or SERVICE_BASED Or TASK_BASED
+ '// TODO: restore tasks
+ .Reboot = True
+ End With
+End Sub
Public Sub CheckPolicyUAC()
On Error GoTo ErrorHandler:
@@ -8012,14 +8017,7 @@ Public Sub RestoreApplockerDefaults()
PrintLineW hFile, ""
PrintLineW hFile, ""
CloseW hFile
-
- If Proc.ProcessRun(BuildPath(sWinSysDir, "WindowsPowerShell\v1.0\powershell.exe"), _
- "-ExecutionPolicy UnRestricted -c " & """" & _
- "import-module AppLocker; Set-AppLockerPolicy -XMLPolicy '" & strPath & "'""", , vbHide) Then
- Proc.WaitForTerminate , , , 30000
-
- End If
-
+ Call Proc.RunPowershell("import-module AppLocker; Set-AppLockerPolicy -XMLPolicy '" & strPath & "'", True, 30000)
DeleteFileW StrPtr(strPath)
End If
@@ -10536,12 +10534,8 @@ Public Sub FixO18Item(sItem$, result As SCAN_RESULT)
sPort = result.Custom(0).Name
'get-printer / remove-printer are Win 8+ only?
+ Call Proc.RunPowershell("$printer = get-printer * | where {$_.portname -eq '" & sPort & "'}; remove-printer -inputobject $printer", True)
- If Proc.ProcessRun(BuildPath(sWinSysDir, "WindowsPowerShell\v1.0\powershell.exe"), _
- "-ExecutionPolicy UnRestricted -c " & """" & _
- "$printer = get-printer * | where {$_.portname -eq '" & sPort & "'}; remove-printer -inputobject $printer" & """", , vbHide) Then
- Proc.WaitForTerminate , , , 15000
- End If
End If
FixIt result
@@ -12053,7 +12047,7 @@ Public Sub ShutdownExplorer()
KillProcessByFile sWinDir & "\" & "explorer.exe", True, 1
End Sub
-Public Function IsOnIgnoreList(sHit$, Optional UpdateList As Boolean, Optional EraseList As Boolean) As Boolean
+Public Function IsOnIgnoreList(ByRef sHit$, Optional UpdateList As Boolean, Optional EraseList As Boolean) As Boolean
On Error GoTo ErrorHandler:
AppendErrorLogCustom "IsOnIgnoreList - Begin", "Line: " & sHit
@@ -12065,6 +12059,8 @@ Public Function IsOnIgnoreList(sHit$, Optional UpdateList As Boolean, Optional E
Exit Function
End If
+ sHit = ScreenHitLine(sHit)
+
If isInit And Not UpdateList Then
If InArray(sHit, aIgnoreList) Then IsOnIgnoreList = True
Else
@@ -15736,7 +15732,7 @@ Public Sub AddRegToFix( _
On Error GoTo ErrorHandler
'speed hack
- If bAutoLogSilent Then Exit Sub
+ If bAutoLogSilent And Not g_bFixing Then Exit Sub
Dim vHiveFix As Variant, eHiveFix As ENUM_REG_HIVE_FIX
Dim vUseWow As Variant, Wow6432Redir As Boolean
@@ -15868,7 +15864,7 @@ Public Sub AddIniToFix( _
On Error GoTo ErrorHandler
'speed hack
- If bAutoLogSilent Then Exit Sub
+ If bAutoLogSilent And Not g_bFixing Then Exit Sub
If Len(sIniFile) = 0 Then Exit Sub
@@ -15963,7 +15959,7 @@ Public Sub AddFileToFix( _
Dim bMissing As Boolean
'speed hack
- If bAutoLogSilent Then Exit Sub
+ If bAutoLogSilent And Not g_bFixing Then Exit Sub
If Len(sFilePath) = 0 Then Exit Sub
'If FileMissing(sFilePath) Then Exit Sub '!!! disabled because of 'RESTORE_FILE'
@@ -16059,7 +16055,7 @@ Public Sub AddProcessToFix( _
On Error GoTo ErrorHandler
'speed hack
- If bAutoLogSilent Then Exit Sub
+ If bAutoLogSilent And Not g_bFixing Then Exit Sub
If Len(PathOrName) = 0 And pid = 0 Then Exit Sub
@@ -16094,7 +16090,7 @@ Public Sub AddCustomToFix( _
On Error GoTo ErrorHandler
'speed hack
- If bAutoLogSilent Then Exit Sub
+ If bAutoLogSilent And Not g_bFixing Then Exit Sub
If AryPtr(CustomArray) Then
ReDim Preserve CustomArray(UBound(CustomArray) + 1)
@@ -16123,12 +16119,14 @@ Public Sub AddCommandlineToFix( _
ActionType As ENUM_COMMANDLINE_ACTION_BASED, _
Optional Executable As String, _
Optional Arguments As String, _
- Optional Style As SHOWWINDOW_FLAGS)
+ Optional Style As SHOWWINDOW_FLAGS, _
+ Optional bWait As Boolean = True, _
+ Optional TimeoutMs As Long = 30000)
On Error GoTo ErrorHandler
'speed hack
- If bAutoLogSilent Then Exit Sub
+ If bAutoLogSilent And Not g_bFixing Then Exit Sub
If AryPtr(CommandlineArray) Then
ReDim Preserve CommandlineArray(UBound(CommandlineArray) + 1)
@@ -16137,9 +16135,16 @@ Public Sub AddCommandlineToFix( _
End If
With CommandlineArray(UBound(CommandlineArray))
+ .ActionType = ActionType
.Executable = Executable
.Arguments = Arguments
+ 'just in case
+ If .ActionType = COMMANDLINE_POWERSHELL And Len(Arguments) = 0 And Len(Executable) <> 0 Then
+ .Arguments = Executable
+ End If
.Style = Style
+ .Wait = bWait
+ .TimeoutMs = TimeoutMs
End With
Exit Sub
@@ -16162,7 +16167,7 @@ Public Sub AddServiceToFix( _
On Error GoTo ErrorHandler
'speed hack
- If bAutoLogSilent Then Exit Sub
+ If bAutoLogSilent And Not g_bFixing Then Exit Sub
If Len(sServiceName) = 0 Then Exit Sub
@@ -16197,7 +16202,7 @@ Public Sub AddTaskToFix( _
On Error GoTo ErrorHandler
'speed hack
- If bAutoLogSilent Then Exit Sub
+ If bAutoLogSilent And Not g_bFixing Then Exit Sub
If Len(sTaskPath) = 0 Then Exit Sub
@@ -16296,7 +16301,14 @@ Public Sub FixCommandlineHandler(result As SCAN_RESULT)
Select Case .ActionType
Case COMMANDLINE_RUN
- Proc.ProcessRun .Executable, .Arguments, , .Style
+ If Proc.ProcessRun(.Executable, .Arguments, , .Style) Then
+ If .Wait Then
+ Proc.WaitForTerminate , , , .TimeoutMs
+ End If
+ End If
+
+ Case COMMANDLINE_POWERSHELL
+ Proc.RunPowershell .Arguments, .Wait, .TimeoutMs, .Style
End Select
End With
diff --git a/src/modUtils.bas b/src/modUtils.bas
index eeff786..f736bfb 100644
--- a/src/modUtils.bas
+++ b/src/modUtils.bas
@@ -554,14 +554,14 @@ ErrorHandler:
If inIDE Then Stop: Resume Next
End Function
-Public Function IsSignPresent(filename As String) As Boolean
+Public Function IsSignPresent(FileName As String) As Boolean
' &H3C -> PE_Header offset
' PE_Header offset + &H18 = Optional_PE_Header
' PE_Header offset + &H78 = Data_Directories offset
' Data_Directories offset + &H20 = SecurityDir -> Address (dword), Size (dword) for digital signature.
On Error GoTo ErrorHandler:
- AppendErrorLogCustom "IsSignPresent - Begin", "File: " & filename
+ AppendErrorLogCustom "IsSignPresent - Begin", "File: " & FileName
Const IMAGE_FILE_MACHINE_I386 As Long = &H14C&
Const IMAGE_FILE_MACHINE_IA64 As Long = &H200&
@@ -576,10 +576,10 @@ Public Function IsSignPresent(filename As String) As Boolean
Dim FSize As Long
Dim Redirect As Boolean, bOldStatus As Boolean
- Redirect = ToggleWow64FSRedirection(False, filename, bOldStatus)
+ Redirect = ToggleWow64FSRedirection(False, FileName, bOldStatus)
ff = FreeFile()
- Open filename For Binary Access Read Shared As #ff
+ Open FileName For Binary Access Read Shared As #ff
FSize = LOF(ff)
If FSize >= &H3C& + 6& Then
@@ -609,7 +609,7 @@ Public Function IsSignPresent(filename As String) As Boolean
AppendErrorLogCustom "IsSignPresent - End"
Exit Function
ErrorHandler:
- ErrorMsg Err, "modUtils_IsSignPresent", "File:", filename
+ ErrorMsg Err, "modUtils_IsSignPresent", "File:", FileName
If Redirect Then Call ToggleWow64FSRedirection(bOldStatus)
If inIDE Then Stop: Resume Next
End Function
@@ -1713,13 +1713,13 @@ ErrorHandler:
If inIDE Then Stop: Resume Next
End Sub
-Public Function RegSaveHJT(sName$, sData$, Optional IdSection As SETTINGS_SECTION) As Boolean
+Public Function RegSaveHJT(sName$, sData$, Optional idSection As SETTINGS_SECTION) As Boolean
On Error GoTo ErrorHandler:
If Not OSver.IsElevated Then Exit Function
Dim sSubSection As String
- sSubSection = SectionNameById(IdSection)
+ sSubSection = SectionNameById(idSection)
If Len(sSubSection) <> 0 Then sSubSection = "\" & sSubSection
@@ -1742,12 +1742,12 @@ End Function
Public Function RegReadHJT( _
sName$, _
Optional sDefault$, _
- Optional IdSection As SETTINGS_SECTION) As String
+ Optional idSection As SETTINGS_SECTION) As String
On Error GoTo ErrorHandler:
Dim sSubSection As String
- sSubSection = SectionNameById(IdSection)
+ sSubSection = SectionNameById(idSection)
If Len(sSubSection) <> 0 Then sSubSection = "\" & sSubSection
@@ -1770,12 +1770,12 @@ ErrorHandler:
If inIDE Then Stop: Resume Next
End Function
-Public Function RegDelHJT(sName$, Optional IdSection As SETTINGS_SECTION) As Boolean
+Public Function RegDelHJT(sName$, Optional idSection As SETTINGS_SECTION) As Boolean
If Not OSver.IsElevated Then Exit Function
Dim sSubSection As String
- sSubSection = SectionNameById(IdSection)
+ sSubSection = SectionNameById(idSection)
If Len(sSubSection) <> 0 Then sSubSection = "\" & sSubSection
@@ -2487,11 +2487,11 @@ Public Function HasCommandLineKey(ByVal sKey As String) As Boolean
End If
End Function
-Public Function SectionNameById(IdSection As SETTINGS_SECTION) As String
+Public Function SectionNameById(idSection As SETTINGS_SECTION) As String
Dim sName As String
- Select Case IdSection
+ Select Case idSection
Case SETTINGS_SECTION_MAIN: sName = vbNullString
Case SETTINGS_SECTION_ADSSPY: sName = "Tools\ADSSpy"
Case SETTINGS_SECTION_SIGNCHECKER: sName = "Tools\SignChecker"
@@ -2859,7 +2859,7 @@ begin:
GoTo begin
End If
Next
- ScreenHitLine = Replace$(Replace$(sLine, "http", "hxxp", vbTextCompare), "www.", "vvv.", vbTextCompare)
+ ScreenHitLine = doSafeURLPrefix(sLine)
End Function
Public Function LimitHitLineLength(sLine As String) As String
diff --git a/src/tools/chocolatey-packages/hijackthis/build/hijackthis/hijackthis.3.4.0.3.nupkg b/src/tools/chocolatey-packages/hijackthis/build/hijackthis/hijackthis.3.4.0.3.nupkg
new file mode 100644
index 0000000..0dbce7d
Binary files /dev/null and b/src/tools/chocolatey-packages/hijackthis/build/hijackthis/hijackthis.3.4.0.3.nupkg differ
diff --git a/src/tools/chocolatey-packages/hijackthis/src/hijackthis.nuspec b/src/tools/chocolatey-packages/hijackthis/src/hijackthis.nuspec
index 334b94d..5ae514e 100644
--- a/src/tools/chocolatey-packages/hijackthis/src/hijackthis.nuspec
+++ b/src/tools/chocolatey-packages/hijackthis/src/hijackthis.nuspec
@@ -1,7 +1,7 @@
- 3.4.0.2
+ 3.4.0.3
hijackthis
HiJackThis+
Alex Dragokas & Trend Micro