Processed through Paypal
No account required.


Donate Bitcoin to this wallet:
1KkUMXvQ2ko3xcJkzitB7WYgoW6m79WFfm
Donate Ethereum to this wallet:
0x40E56922F43637224935CDC35e2c96E0392A8505
Donate Litecoin to this wallet:
LLYAFEyqjH69gkyCEpRjXNyedRCWrVChfL
​​Facebook​​Follow @GeekOnTheLoose


CLICK HERE TO SEARCH

 Home » OlderGeeks.com Freeware Downloads » Anti-Virus, Anti-Spyware and Anti-Malware Utilities » RegRun Reanimator 9.30.0.630   
File - Download RegRun Reanimator 9.30.0.630
Description

Always scroll to the bottom of the page to download files on OlderGeeks.com.
We don't believe in fake/misleading download buttons and tricks.


RegRun Reanimator 9.30.0.630
What is RegRun Reanimator?
Reanimator is a software for removing Trojans/Adware/Spyware/Malware and some of the rootkits.

Reanimator does not contain any adware/spyware modules.

Supported Windows 95/98/Me/NT4/2000/XP/2003/VISTA/Seven/Windows8/10 32 and 64 bit
Compatible with all known antiviral software.

Reanimator is free of charge for personal (non-commercial using).

What is Reanimator's purpose?
The main purpose of the Reanimator is remote malicious program removal.

A user sends his Reanimator report to the support team
File Name: regrunlog.txt

Greatis Support team analyzes the user's report and creates the cure file "RNR.RNR".

The user opens RNR.RNR and executes removal procedure


Getting Started



1. Save downloaded reanimator.zip to your hard drive.
2. Unzip reanimator.zip to any folder on your hard drive.
3. Open ReanimatorStart.exe and proceed installation.
If you have installed UnHackMe you will be prompted for updating UnHackMe Reanimator.






4. Click Next.
5. Click Send Report.
Wait for a coulpe of seconds...






6. Choose Yes. After that click "OK".
7. Wait for connection with Greatis Software Support Center via your Internet browser.






8. Fill in the ticket form.
Click Browse and locate "regrunlog.txt" on your desktop.
Do not paste the regrunlog.txt contents directly to the Message box.
Please, describe your problem in detail in the Message field.
9. You will receive our confirmation e-mail message to your e-mail box.
Later you can logon to the Support Center using your Ticket ID and your e-mail.
10. You will get an answer from the Greatis Software Support Team within 1-2 working days.
Please, set up your spam filter for allowing to receive messages from greatissoftware.com and from greatis.com.

RegRun Reanimator - Automatic Malware Removal

Reanimator allows you to automatically delete malware using the special command files called RNR files, received from Greatis Software support team or made by a user.
After receiving response to your open ticket from support team, you will see "regrunlog.rnr" file attached to your ticket.
Also, you can receive "rnr" file attached to the mail message or download from web site.
Save regrunlog.rnr file to your hard drive.

What is Regrunlog.rnr file?

Regrunlog.rnr is a common text file and you can open it using notepad for learning and printing.
Regrunlog.rnr includes the commands to the Reanimator.
Reanimator reads the "regrunlog.rnr" and executes the commands.

Disconnect your computer from network!
Pull out your network or modem cable from your computer.

1. Restart your computer to the Safe mode.
Read instructions how to go to the Safe mode here.
2. Open Reanimator.exe.
3. Click on the "Next" button until you will see the "Open regrunlog.rnr" button.






4. Click on the "Open regrunlog.rnr" button and locate for saved "regrunlog.rnr" file.
Reanimator will execute commands from regrunlog.rnr file and save results of execution to the "regrunlog.log" file.
5. You will be prompted to restart your computer.
6. Boot to the Safe mode and repeat steps 2-5 again.
Sometimes it is required to repeat the cleaning 3 times.
7. Restart your computer to the Normal mode.
8. Open Reanimator.exe and choose "Send report" tab.
Make a new "regrunlog.txt" - your detailed system report.
9. Connect your network or modem cable.
Open your browser and jump to Greatis Support Center.
Open your ticket.
10. Attach "regrunlog.txt" to your ticket.
And in addition, attach "regrunlog.log" to your ticket.
Please, never paste regrunlog.txt to the ticket message, because the message text is limited by size and it will be truncated.

How to analyze "regrunlog.txt" and create own "regrunlog.rnr"

If you are computer specialist and you would like to use RegRun for removing malware from remote users, you can use RegRun Reanimator.
Note! RegRun Reanimator is free for non-commercial use only!

1. Open Reanimator.exe or RegRun Start Control.
2. Click on the [x] button to close RegRun Assistant window.
3. Open main menu, "Reanimator", choose "Anti Spyware".
4. Click on the "File" and choose "Open File".
5. Locate for user's regrunlog.txt. Open it.

You will see prohibited (marked as red) and suspicious (marked as yellow) items on the top.






Be careful, Reanimator gives you a lot of false positive items.


Commands and actions
You need to set check boxes on all items you want to fix.
1. Add to Fixing Job - auto fixing a problem.
If an item has "Delete" property, Reanimator will delete the item. Otherwise it will restore default value.
You should always use Add to Fixing Job to all items you want to fix.

2. Disinfect chapter - used for clear list of items.
It's an opposite command for a "Add to Fixing Job".
Add to Fixing Job removes one or several items with known names.
Disinfect Chapter removes all items excluding marked as good.
For example, if a virus creates a lot of random items under Run registry key, and you want to kill all items excluding good.
It's good, because you don't know the new random names created on the user computer.

3. Mark as good - marks selected items as good.
These items will not be deleted after executing Disinfect Chapter.
Mark as good doesn't related to the Add to Fixing Job.
If you applied "Add to fixing job" command to the item and after that marked as good, the item will be deleted.
You need to use "Add to ignore list" instead.

4. Delete File - asks you for deleting file related to the current item.
Click OK to add deletion command to the RNR file.

5. Delete Files - asks you for deleting a lot of files and folders.
Each row is related to one file or folder.
The folder name must be ended with "\" character.
Example, folder:
c:\windows\vir_files\
Example, file:
%SystemRoot%\System32\vir.exe
You can use environment variables in the file names.

6. Delete registry Keys/Values.
Each row is related to one registry value or key.
Examples.
Deleting registry key:
HKLM\Software\Virus
Deleting registry key:
HKLM\Software\Windows\CurrentVersion\Run\virus
First Reanimator searches for registry key, if it doesn't exist, Reanimator extract value name from the end of the string till the first "\".


7. Disable AutoRun.
Changes registry settings for disabling autorun on all drives.

8. Protect Drives from Autorun.inf.
First Reanimator deletes "autorun.inf", "desktop.ini", "comment.htt" from all hard and USB drives on your computer.
After that Reanimator protects local drives (hard and USB) from infecting by creating the folder with same names.
For preventing deleting these folders, Reanimator creates the special file in each folder. Special file could not be deleted in the Windows explorer.

9. Show RNR file.
Displays current RNR file for viewing and editing.

10. Google It!
Quick search information about current file in the search engine.

Detailed description of RNR commands

Section [PROCESS]

Kills all processes listed in the section.

Format:

Proc_name=1

Proc_name2=1

[Proc_name]

Val=C:\WINDOWS\EXPLORER.EXE

[Proc_name2]

Val=C:\WINDOWS
otepad.EXE

Full path name is not required.

You can use only file name, but in this case Reanimator will kill all processes with the same name.

If we try to kill the virus with the same name as good filename (like explorer.exe") and located in the different folder.

In this case we must use full path name.

Tip! Killing "explorer.exe" process may be useful for removing some kind of viruses that use code injection or DLL linking.

Windows will automatically unloads DLL if there is no processes use this DLL.



Section [SERVICES]

Stops/Disables/Delete all services listed in the section.

Format:

[SERVICES]

60_Windows Kernel System Service_HKLM=1

[60_Windows Kernel System Service_HKLM]

Val=Windows Kernel System Service

Delete=1

If the "Delete" is specified the service will be disable and after that we will make attempt to delete it.

We must use the display service name, not the internal name.

Deleting Service command may not work in some cases.

Note! Working for NT4/2000/XP or higher.



Section [VXD]

Stops/Disables/Delete all services listed in the section.

Format:

[VXD]

60_VXD1 =1

[60_VXD1]

Val=VXD1

Note!

The VxD name is listed without file extension.

Section [WSOCK2]

Removes the DLL listed in the Winsock2 registry key.

Format:

[WSOCK2]

WSOCKDLL =1

[WSOCKDLL]

Val=wsocker.dll

Delete=1

Note!

We use only filename, not the full path name.

Delete option is required.



Section[UNREGISTER_DLL]

Unregisters the DLLs in the list.

Format:

[UNREGISTER_DLL]

%WinDir%\wsocker.dll

%WinDir%\wsocker2.dll

Note!

Simple format, one row- one DLL.

We use only the full path name.

You can use WinDir, Sysdir variables





Section [INI]

Used for changing INI files

Format:

[SERVICES]

1_system_ini =1

[1_system_ini]

File=c:\windows\system.ini

Section=drivers

Val=wave

Def=mmdrv.dll

Description: File points directly to the INI file. Full path is required.

Section is the section name in the INI file, like this [drivers].

You need to write without brackets.

Val= Value Name

Def= Def Value



Section [FOLDER] (obsolete)

Used for deleting file in the startup folder.

Format:

[FOLDER]

Folder1=1

[Folder1]

Folder=Path to folder

Val=File in the folder

File=Full path to any file

Note!

Section is obsolete. Use KILL_FILES instead.

Section [HOSTS]

Used for clear HOSTS file

Format:

[HOSTS]

33_192.168.13.75 matte_HKLM=1

[33_192.168.13.75 matte_HKLM]

Val=192.168.13.75 matte

Note!

"Val" points to the full row in the HOSTS file.



Section [SCHED]

Used for clear HOSTS file

Format:

[SCHED]

70_ScanDisk_HKCU=1

70_ScanDisk_HKLM=1

[70_ScanDisk_HKLM]

Val=ScanDisk

[70_ScanDisk_HKCU]

Val=ScanDisk


Note!

"Val" is a schedule task name.

Section [FILEEXT]

Used for restore file extensions to default.

Format:

[FILEEXT]

exe=1

com=1

[EXE]

Val=.exe

[com]

Val=.com

Note!

Use it only for exe, com, pif, bat extensions.

It restores the command line: ","\"%1\" %*



Section [DRIVERS]

Used for removing drivers/services

Format:

[DRIVERS]

drv1=1

[drv1]

VAL=baddriver.sys

Note!

It scans for HKLM\SYSTEM\CurrentControlSet\Services subkeys and compares IMAGEPATH value with VAL. If IMAGEPATH includes VAL, the search will stop.

In addition, it will search for the same in the LEGACY subkey.

After that it will try to delete the keys under Services and Legacy subkeys.

Need to be very careful!



Section [DEL_AT_STARTUP]

Used for removing files at next reboot

Format:

[DEL_AT_STARTUP]

per.exe=1

[per.exe]

Val=C:\WINDOWS\system32\per.exe

Note!

It will try to delete file immediately. Anyway it will try to kill file at startup using both methods: PendingFileRename and Partizan.



Section [KILL_FILES]

Used for removing files at next reboot.

Simple format. One file per row.

Format:

[KILL_FILES]

%WinDir%\virus.exe

%SysDir%\virus.exe

Note!

You can use variables WinDir, SysDir.

It will try to delete file immediately. Anyway it will try to kill file at startup using both methods: PendingFileRename and Partizan.



Section [REGISTRY]

Used for changing registry keys/values.

Format:

[REGISTRY]

64_gwiz_HKLM=1

37_C:\WINDOWS\system32\back.gif_HKLM=1

[64_gwiz_HKLM]

Key=\Software\Microsoft\Windows\CurrentVersion\Run

Val=gwiz

Root=HKLM

Type=0

Delete=1

Description:

Key = full path to the key name. The leading slash is required.

Root may be on of the:

HKLM or HKEY_LOCAL_MACHINE

HKCU or HKEY_CURRENT_USER

HKUS or HKEY_USERS

HKCR or HKEY_CLASSES_ROOT

Option "SubKey" may be used if you need to delete subkey.

"Delete=1" is required in this case.

Val is value name. Not required if SubKey is used.

Type is integer. One of the:

REG_NONE ( 0 )

REG_SZ ( 1 )

REG_EXPAND_SZ ( 2 )

REG_DWORD ( 4 )

REG_MULTI_SZ ( 7 )

Type may be skipped if the value need to delete.

Def -default value. Used if you need to change the value.

Delete - delete value or subkey.

If used both Value and Subkey, only SubKey willbe processed.



Section [KILL_REG_KEYS]

Used for deleting registry keys/values.

Format: simple

One key/value per row.

[KILL_REG_KEYS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer
un\wininet.dll

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer
un\dfrgsrv.exe

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer
un\wininet.dll

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer
un\dfrgsrv.exe

You may use HKLM, HKEY_LOCAL_MACHINE, HKCU, HKEY_CURRENT_USER, HKUS, HKEY_USERS, HKCR, HKEY_CLASSES_ROOT.

If the row points to a key, the key will be deleted.

If there is no such key it will check for latest right slash.

The last part will be the value.



Section [CLEAN]

Used for clear Reanimator section

Format:

[CLEAN]

Internet Components_HKLM=1

[Internet Components_HKLM]

C:\WINDOWS\opuc.dll=1

C:\WINDOWS\system32\danim.dll=1

C:\WINDOWS\system32\ddrawex.dll=1

C:\WINDOWS\system32\GWFSPidGen.DLL=1

C:\WINDOWS\System32\iuctl.dll=1

C:\WINDOWS\System32\iuengine.dll=1

C:\WINDOWS\system32\LegitCheckControl.DLL=1

C:\WINDOWS\system32\quartz.dll=1

[Winlogon Notification_HKLM]

crypt32chain=1

cryptnet=1

cscdll=1

igfxcui=1

ScCertProp=1

Schedule=1

sclgntfy=1

SensLogn=1

termsrv=1

wlballoon=1

It will clear "Internet Components" section.

All items will be deleted except exclusion list.

Section [Internet Components_HKLM] contains the list of exclusions.

List of available sections:

Internet Components_HKLM=1

Winlogon Notification_HKLM=1

List of Injected DLLs_HKLM=1

Browser Helper Objects_HKLM=1

IE Extensions - All Users_=1

Explorer Bars_HKLM=1

Context menu items_=1

Hosts File Path_HKLM=1

Hosts File Contents_=1

WinSock2 Components_=1

Shell Execute Hooks_HKLM=1

Shell Services DelayLoad_HKLM=1

ActiveSetup_HKLM=1

Auto Services_=1

Drivers_=1

Registry Run_HKCU=1

Registry Run_HKLM=1

Registry RunOnce_HKCU=1

Registry RunOnce_HKLM=1

Explorer Run_HKCU=1

Explorer Run_HKLM=1

Startup Folder_=1

Common Startup Folder_=1

Scheduled Tasks_=1

Running Processes_=1

Running Services_=1



Section [DelEvery]

Used for removing a file from Windows startup.

Format: simple.

One full filepath per row.

[DelEvery]

c:\windows\system32\per.exe

It will collect full information listed in Reanimator and compare values with files in the DelEvery list.

Useful when we kill the file at reboot and we want to automatically kill in the registry startup too.



Section [CompSettings]

Used for changing computer settings.

Format and working values:

[CompSettings]

AutoRunInf=Y

Description:

Disable autorun on all local drives.

AutoRunInf=N

Enable autorun on all local drives.


ProtectAutoRunInf=Y

Description: protect local hard and USB drives against autorun.inf problem.


Section [Partizan]

Used for deleting service registry keys (subkeys under HKLM\System\CurrentControlSet\Services) using Partizan driver.

Format:

[Partizan]

Key=Servicename

Subkey Servicename will be deleted at next reboot.



Section [CHECK_SIGN]

Used for checking files signed by Microsoft digital sign on the user computer.

Format: simple

One file per row.

[CHECK_SIGN]

%SysDir%\kernel32.dll

Results will be written to the log file.



Section [CHECK_INFO]

Used for getting file version information.

Format: simple

One file per row.

[CHECK_INFO]

%SYSTEMROOT%\explorer.exe

Results will be written to the log file.



Section [GET_STRINGS]

Used for getting all strings from a file.

Format: simple

One file per row.

[GET_STRINGS]

%SYSTEMROOT%\explorer.exe

Results will be written to the log file.



Section [SEARCHT_REG]

Used for searching information in the registry

Format: simple

One search string per row.

[SEARCHT_REG]

virus

Results will be written to the log file.

Section [SEND]

Used for sending files to the support center.

Format: simple

One file name per row.

[SEND]

c:\windows\file.exe

Section [RESET_FILE_RIGHTS]

Used for resetting file permissions (NTFS).

Format: simple

One file name per row.

[RESET_FILE_RIGHTS]

c:\windows\file.exe


Downloads Views Developer Last Update Version Size Type Rank
24 3,969 Greatis Software <img src="http://www.oldergeeks.com/downloads/gallery/thumbs/RegRunReanimator1_th.png"border="0"> Oct 27, 2017 - 11:47 9.30.0.630 15.07MB ZIP 5/5, out of 1 Votes.
File Tags
RegRun  Reanimator  9.30.0.630  
Download Time
56Kbit Modem:  37m 37s  · 256Kbit:  8m 14s  · 1Mbit:  2m 4s  · 5Mbit:  25s
   

Well of course you don't HAVE to donate, but...

We created this website so everyone could download the latest free
programs, utilities and games without having to worry about fake
download buttons, ads, malware or spyware. These are the very things
that other download sites use to pay for the bandwidth and other costs.
Our site relies totally on donations. If you use the site, please donate
to help keep it going. Thanks! -Randy and Deanna (The Older Geeks)

Please help make these numbers the same by month's end.
Monthly operating costs = $480
Donations for November = $138
Extra donations go towards updating our server.
Processed securely through Paypal.
No PayPal account required.

Donate Bitcoin to this wallet address:
1KkUMXvQ2ko3xcJkzitB7WYgoW6m79WFfm

Donate Ethereum to this wallet address:
0x40E56922F43637224935CDC35e2c96E0392A8505

Donate Litecoin to this wallet address:
LLYAFEyqjH69gkyCEpRjXNyedRCWrVChfL



Recent Super Donors ($50+)
Thanks, Kathy!
Thanks, Emric!
Thanks, Joanna!

Recent Donors
Thanks, Donald
Thanks, Kenneth
Thanks, Phil
Thanks, Joseph
Thanks, Joe
Thanks, Joseph
Thanks, Jay
Thanks, Jennifer

→→ Download Now ←← - Rate File - More From This Developer - - Images

Search - Statistics & RSS - Contact Admin - -
PHCDownload 1.1.2 - Copyright (c) 2005 - 2017 - 0.0059 seconds