3.4.0.3 Alpha

 - Improved Windows Defender recovery procedure.
 - Fixed regression: coudn't add some items to ignore list.

README.md

@@ -81,7 +81,7 @@ If you are not already an expert, we recommend submitting your case to an online
 - English: [Our GitHub](https://github.com/dragokas/hijackthis/wiki/How-to-make-a-request-for-help-in-the-PC-cure-section%3F) ; [GeeksToGo](http://www.geekstogo.com/forum/topic/2852-malware-and-spyware-cleaning-guide/) ;  [BleepingComputer](https://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/)
 - Russian: [SafeZone](https://safezone.cc/pravila/) ; [CyberForum](https://www.cyberforum.ru/viruses/thread49792.html) ; [OSZone](http://forum.oszone.net/thread-98169.html) ; [SoftBoard](https://softboard.ru/topic/51343-правила-подраздела/) ; [THG](http://www.thg.ru/forum/showthread.php?t=92236) ; [VirusInfo](https://virusinfo.info/showthread.php?t=1235) ; [KasperskyClub](https://forum.kasperskyclub.ru/index.php?showtopic=43640)
 
-> Note: currently, only [VIRUSNET association](https://github.com/VIRUSNET-Association) can provide direct analysis of HijackThis+ logs in [our github 'Issues' section](https://github.com/dragokas/hijackthis/wiki/How-to-make-a-request-for-help-in-the-PC-cure-section%3F). Please feel free to ask help there (English/Russian only).
+> Note: currently, only [VIRUSNET association](https://github.com/VIRUSNET-Association) can provide direct analysis of HiJackThis+ logs in [our github 'Issues' section](https://github.com/dragokas/hijackthis/wiki/How-to-make-a-request-for-help-in-the-PC-cure-section%3F). Please feel free to ask help there (English/Russian only).
 
 ## Technical support
 
@@ -110,7 +110,7 @@ If you are not already an expert, we recommend submitting your case to an online
  * **Fernando Mercês** { [@merces](https://github.com/merces) } (Trend Micro) - coordinator of original HJT, for the tips, suggestions and promotion
  * **Loucif Kharouni** { [@loucifkharouni](https://github.com/loucifkharouni) } (Trend Micro) - coordinator of original HJT, for the tips & suggestions
 
-HiJackThis+ by Alex Dragokas is a continuation of Trend Micro HiJackThis development, based on [v.2.0.6](https://sourceforge.net/p/hjt/code/HEAD/tree/beta/2.0.6/) branch and 100% rewritten at the moment. HijackThis+ was initially supported by Trend Micro, but they have since refused support and closed its GitHub repository.
+HiJackThis+ by Alex Dragokas is a continuation of Trend Micro HiJackThis development, based on [v.2.0.6](https://sourceforge.net/p/hjt/code/HEAD/tree/beta/2.0.6/) branch and 100% rewritten at the moment. HiJackThis+ was initially supported by Trend Micro, but they have since refused support and closed its GitHub repository.
 HiJackThis+ is distributed under the initial [GPLv2 license](https://github.com/dragokas/hijackthis/blob/devel/LICENSE.md). It also includes several tools and plugins available as freeware.
 
 ## Reviews & Mirrors

src/HiJackThis-update-test.txt

@@ -1 +1 @@
-3.4.0.2
+3.4.0.3

src/HiJackThis-update.txt

@@ -1 +1 @@
-3.4.0.2
+3.4.0.3

src/_ChangeLog_en.txt

@@ -11,10 +11,14 @@ Version history:
 |||||       1. HiJackThis: changelog         |||||
 ==================================================
 
-[3.4.0.2 Alpha] - Jan 01, 2024
+[3.4.0.3 Alpha] - Feb 06, 2024
+ - Improved Windows Defender recovery procedure.
+ - Fixed regression: coudn't add some items to ignore list.
+
+[3.4.0.2 Alpha] - Jan 28, 2024
  - Fix of previous build.
 
-[3.4.0.1 Alpha] - Jan 01, 2024
+[3.4.0.1 Alpha] - Jan 28, 2024
  - Fixed a vulnerability in the buffer overflow of the scan results list.
  - Fixed a critical error in the HiJackThis backup restoration function:
 	* It is not recommended to use the "Restore" button for backups in versions 3.3.0.5 - 3.3.0.11 without updating to this version, as it may destroy all other backups;

src/_ChangeLog_ru.txt

@@ -11,6 +11,10 @@
 |||||       1. HiJackThis: список изменений         |||||
 =========================================================
 
+[3.4.0.3 Alpha] - 06.02.2024
+ - Улучшена процедура восстановления Windows Defender.
+ - Исправлено ухудшение: некоторые пункты не удавалось добавить в игнор-лист.
+
 [3.4.0.2 Alpha] - 28.01.2024
  - Фикс предыдущего билда.
 

src/_HijackThis.vbp

@@ -92,7 +92,7 @@ Description="Creates a report of non-standard parameters of registry and file sy
 CompatibleMode="0"
 MajorVer=3
 MinorVer=4
-RevisionVer=2
+RevisionVer=3
 AutoIncrementVer=0
 ServerSupportFiles=0
 VersionCompanyName="Alex Dragokas & Trend Micro Inc."

src/clsProcess.cls

@@ -542,6 +542,19 @@ ErrorHandler:
     If inIDE Then Stop: Resume Next
 End Function
 
+Public Function RunPowershell( _
+    ByVal sCmd As String, _
+    Optional bWait As Boolean = False, _
+    Optional iTimeoutMs As Long = 30000, _
+    Optional WindowStyle As SHOWWINDOW_FLAGS = SW_HIDE) As Boolean
+
+    sCmd = "-ExecutionPolicy UnRestricted -c " & """" & sCmd & """"
+    RunPowershell = Proc.ProcessRun(BuildPath(sWinSysDir, "WindowsPowerShell\v1.0\powershell.exe"), sCmd, , WindowStyle)
+    If RunPowershell And bWait Then
+        Me.WaitForTerminate , , , iTimeoutMs
+    End If
+
+End Function
 
 Public Function ProcessRun( _
                             ByVal FileName As String, _

src/clsScript.cls

@@ -363,6 +363,7 @@ Private Sub ExecuteFix(sRawText As String)
 On Error GoTo ErrorHandler:
     Dim i As Long
 
+    g_bFixing = True
     modFix.OpenFixLogHandle
 
     modFix.WriteFixLogLine LogTagId_Raw, vbNewLine & "Script contents:" & vbNewLine & _
@@ -396,6 +397,7 @@ On Error GoTo ErrorHandler:
     Next
 
     modFix.CloseFixLog
+    g_bFixing = False
 
 Exit Sub
 ErrorHandler:
@@ -428,7 +430,10 @@ End Sub
 Private Sub ExecuteLogLine(sLogLine As String)
 On Error GoTo ErrorHandler:
 
-
+    If Not g_bGeneralScanned Then
+        StartScan
+        '// TODO: cmdScan_Click() move some cmds => StartScan
+    End If
 
 Exit Sub
 ErrorHandler:

src/modGlobals.bas

@@ -34,7 +34,7 @@ Public Const STR_NO_COMPANY     As String = "no company"
 Public Const STR_OBFUSCATED     As String = "(obfuscated)"
 
 #If False Then 'for common var. names character case fixation
-    Public x, y, Length, Index, sFilename, i, j, k, N, State, frm, ret, VT, isInit, hWnd, pv, Reg, pid, File, msg, VT, InArray, Self, status, filename
+    Public x, y, Length, Index, sFilename, i, j, k, N, State, frm, ret, VT, isInit, hWnd, pv, Reg, pid, File, msg, VT, InArray, Self, status, FileName
     Public mid, SID
 #End If
 
@@ -281,6 +281,7 @@ Public bMinToTray       As Boolean
 Public bStartupListSilent As Boolean
 Public g_bAppShutdown   As Boolean
 Public g_bScanInProgress      As Boolean
+Public g_bFixing              As Boolean
 Public g_bGeneralScanned      As Boolean
 Public g_bCalcHashInProgress  As Boolean
 Public g_bVTScanInProgress    As Boolean
@@ -582,7 +583,7 @@ End Type
 
 Public Type FILE_NAME_INFORMATION
     FileNameLength As Long
-    filename(MAX_PATH) As Integer 'WCHAR FileName[1] 'MAX_PATH + NUL
+    FileName(MAX_PATH) As Integer 'WCHAR FileName[1] 'MAX_PATH + NUL
 End Type
 
 Public Type MOUNTMGR_BUFER
@@ -996,7 +997,7 @@ Public Declare Function EmptyArray Lib "oleaut32.dll" Alias "SafeArrayCreateVect
 Public Declare Function EmptyByteArray Lib "oleaut32.dll" Alias "SafeArrayCreateVector" (Optional ByVal VT As VbVarType = vbByte, Optional ByVal lLow As Long = 0, Optional ByVal lCount As Long = 0) As Byte()
 Public Declare Function NtCreateFile Lib "ntdll.dll" (ByRef FileHandle As Long, ByVal DesiredAccess As Long, ObjectAttributes As OBJECT_ATTRIBUTES, IoStatusBlock As IO_STATUS_BLOCK, AllocationSize As Any, ByVal FileAttributes As Long, ByVal ShareAccess As Long, ByVal CreateDisposition As Long, ByVal CreateOptions As Long, EaBuffer As Any, ByVal EaLength As Long) As Long
 Public Declare Function NtWriteFile Lib "ntdll.dll" (ByVal FileHandle As Long, EventArg As Any, APCRoutine As Long, APCContext As Any, IoStatusBlock As IO_STATUS_BLOCK, ByVal Buffer As Long, ByVal Length As Long, ByteOffset As Long, Key As Long) As Long
-Public Declare Function OpenFile Lib "kernel32.dll" (ByVal filename As String, ByVal OFs As Long, ByVal Flags As Long) As Long
+Public Declare Function OpenFile Lib "kernel32.dll" (ByVal FileName As String, ByVal OFs As Long, ByVal Flags As Long) As Long
 Public Declare Function RtlDosPathNameToNtPathName_U Lib "ntdll.dll" (ByVal DosFileName As Long, NtFileName As UNICODE_STRING, FilePart As Long, RelativeName As Any) As Long
 Public Declare Sub RtlInitUnicodeString Lib "ntdll.dll" (DestinationString As Any, ByVal sourceString As Long)
 Public Declare Sub RtlFreeUnicodeString Lib "ntdll.dll" (UnicodeString As UNICODE_STRING)