Autoruns – Windows and programs startup management

AutoRuns is a free utility for displaying all processes in the startup of the Windows operating system, a startup monitor on a computer. This is the most complete tool with which you can manage programs, processes, drivers, modules, services or tasks, other system components associated with autorun.

The Autoruns program shows everything that runs on a PC when Windows starts. In the application, you can see the properties and settings of autorun, cancel autoload of unnecessary applications and components.

Autoruns was created at Sysinternals by Mark Russinovich. Subsequently, Microsoft acquired Sysinternals, and Mark Russinovich became a Microsoft employee (currently the CTO of Microsoft Azure). Mark Russinovich continues to develop the Autoruns program with Bryce Cogswell.

During system startup, along with Windows, system services and applications, third-party software is launched. Autostart applications are not always justified, because there is no need for many programs to constantly run in the background.

A large number of running applications affects the system boot speed, working in the background, programs uselessly consume computer resources and take up memory space. Therefore, some programs should be disabled from startup, the user can independently launch the application on his PC when he needs it.

Configuring Windows startup will help improve the performance of your computer. One way is to use the Autoruns program to disable the autorun of unnecessary applications.

Features of Autoruns

Using the Autoruns utility, the user can take advantage of the following features:

  • Monitoring of all places from which programs are autostarted.
  • Display programs, drivers, system services, tasks in the Scheduler, Winlogon notifications.
  • Autorun monitor for built-in Windows applications (Explorer extensions, Internet Explorer, browser hidden objects, hijackers).
  • Search for startup applications in the operating system, and separately in the Startup folder, in Windows services, in the registry (Run, RunOnce), in Explorer.
  • Temporarily suspending autorun programs while saving settings, and then restoring autorun applications.
  • Disable autorun programs and components.
  • Ability to use different accounts on the computer.
  • Checking startup files for viruses in VirusTotal.
  • There is a command line version of Autorunsc.

System requirements of the Autoruns program:

  • Operating system Windows XP and above (Windows 11, Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Vista).
  • 32 bit (x86) and 64 bit (x64) OS editions are supported.

The Autoruns program can be downloaded from the official Sysinternals website. The program does not require installation on a computer, it is launched from a folder. The application works in English.

Quite often, Autoruns is used to find and neutralize malicious software. Conducting a study of autorun objects in the program will help you find a virus and disable its autorun.

Run Autoruns

After downloading the program to your computer, to run the utility, you must perform the following steps:

  1. Unpack the ZIP archive.
  2. Open the “Autoruns” folder.
  3. Run the “Autoruns” or “Autoruns64” file as administrator, depending on the bitness of your system.
  4. In the “AutoRuns License Agreement” window, click on the “Agree” button.

Autorun interface

The “Autoruns” window will open, which will display all running processes in the Windows operating system. By default, the main window opens in the “Everything” tab.

At the very top of the program window is the menu bar. The program is controlled from the menu, various actions are performed in the application using commands: searching for a file, saving to a file, opening a previously created snapshot of autorun locations, etc.

Below is a toolbar with which you can access some of the popular functions of the program: saving, searching, moving to another level, properties, updating, deleting. Here is the field “Filter:” (Filter) for a quick search for startup objects in the application window.

Then comes the tab bar. After scanning the system, Autoruns distributes the information received into different tabs (autorun places). After switching to the desired tab, it is easier to find the necessary information than in the general list.

The main place is occupied by the work area, which displays information about running programs, services, drivers, etc.

Below is the details panel, which displays information about the selected object.

The status bar shows information about the collection or completion of the collection of information about autostart locations.

Some autorun items in Autoruns are highlighted in different colors:

  • Red – This item does not have a Microsoft digital signature.
  • Yellow color – missing or moved files, information about which remained in the registry.

If the container is marked in red, this does not mean that this file is malicious software. For some reason, the object does not have a verified Microsoft digital signature. Pay attention to these files, get information about them on the Internet.

Disable items highlighted in yellow from startup by unchecking the checkbox next to this object. These entries can then be deleted from the computer.

Overview of tabs in the Autoruns program window

For the convenience of obtaining information about autorun locations, Autoruns distributes launched objects into tabs, according to their functionality.

The program window displays the containers (folders, files, settings, and registry keys) used for autorun, and the contents of the container. The columns contain information about startup objects:

  • The Autorun Entry column shows the autorun method. If there is a checkbox next to the element, it means that autorun is running.
  • The Description column contains a description of the file.
  • In the column “Publisher” (Publisher) you can get information about the manufacturer of the autorun object.
  • The Image Path column contains the path to the file (image, object).
  • The Timestamp column displays the time the file appeared on the computer.
  • The “VirusTotal” column contains information about checking the file on the VirusTotal service.

Purpose of all program tabs:

  • Everything – all entries in one place.
  • Logon – All startup items for the current user, programs from the Startup folder.
  • Explorer (Explorer) – a list of programs and extensions registered in the Explorer context menu.
  • Internet Explorer – elements of the Internet Explorer browser, extensions, toolbars are shown.
  • Scheduled Tasks – Displays all Windows operating system maintenance tasks received from Task Scheduler.
  • Services (Services) – Microsoft services and services that start at system startup.
  • Drivers (Driver) – a list of drivers in the parameters of which there is an autoload.
  • Codecs (Codecs) – information about the audio and video codecs running in the system, necessary for playing multimedia files.
  • Boot Execute – Applications that run when Windows boots, such as checking the disk for errors.
  • Image Hijacks (Substitution of images) – the so-called hijackers (hijackers, interceptors) that replace images are displayed here. They are executed along with the original files, replacing the real images. Used by viruses.
  • AppInit – Displays applications used by programs.
  • Known DLLs – A list of registered DLLs.
  • Winlogon (Windows startup) – libraries of events when the system boots.
  • Winsock Providers (Winsock Providers) – components required for network operation.
  • Print Monitors are printer driver components.
  • LSA Providers (LSA Providers) – handling of events related to network security.
  • Network Providers – providers that work with network settings.
  • WMI (Windows Management Instrumentation) – Items from the WMI database.
  • Office (Office) – Microsoft Office autorun items, if the office software package is installed on this computer.
Advice. To see the autorun locations of only third-party applications, without affecting system objects, check the “Hide Windows Entries” option in the “Options” menu. This option is enabled by default. You can enable the “Hide Microsoft Entries” option, this setting additionally includes the “Hide Windows Entries” option.

Disabling autorun in Autoruns

To disable autorun of the program, uncheck the box next to the corresponding entry. Autoruns will make the change and create a backup to restore the setting if needed.

This is a safer way to disable startup items than removing items from the system.

Removing an entry from autorun in Autoruns

In Autoruns, you can delete the entry about the autorun of the program, which is not required to be started along with the system startup.

Attention! Autoruns does not back up autorun items that are deleted. Therefore, take care in advance to create a system restore point or create a Windows backup to restore your computer to a working state if something goes wrong.
  1. Uncheck the box next to the corresponding autorun item.
  2. Select an element, right-click on it.
  3. In the context menu, click on the “Delete” item.
  4. In the warning window, click the “Yes” button.
  5. After that, the autorun object will be removed from the operating system.

Checking the autorun item for viruses in VirusTotal

The online service VirusTotal checks files and links for viruses using more than 70 antivirus scanners. When checking on the service, the databases of all leading manufacturers of anti-virus software are used.

The user has the ability to check a suspicious file from his computer using the Autoruns application. To do this, you need to go through the following steps:

  1. Select the autorun element in the program workspace.
  2. Right-click on it, in the context menu that opens, click on “Check VirusTotal”.
  3. When you open the VirusTotal service for the first time in your default browser, a window with information about the service will open.
  4. Close your browser.
  5. Click on “Check VirusTotal” again.
  6. In the window of the Autoruns program, the column “VirusTotal” will display the result of scanning the object for viruses.

If you click on the link with the result of the scan, the VirusTotal service window will open with detailed information. Here are the antiviruses and the result of checking a particular scanner.

Bulk scanning of autorun objects for viruses in Autoruns

With the help of the Autoruns program, you can run a mass check of all autorun items. Follow these steps:

  1. Open the Options menu.
  2. Select “Scan Options…” from the context menu.
  3. In the “Autoruns Scan Options” window, check the “Check VirusTotal.com” box.
  4. Click on the “Rescan” button.

After the scan is completed, the results of checking startup items will appear in the program window in the VirusTotal column.

If, as a result of the scan, it is found that some files did not pass the scan, it is not necessary to consider that this is a virus. Before making a decision, look for detailed information about the object on the Internet.

The image above shows that two anti-virus scanners found something in the Mail.Ru Cloud program. It is clear that there are no viruses there, perhaps scanners swear because of some kind of promotional offers.

Article Conclusions

The free Autoruns program is used to monitor autorun locations in the Windows operating system. Using the program, you can analyze all startup items on your computer, disable or delete unnecessary startup objects, check files for viruses on the VirusTotal service.

Leave a Reply

Your email address will not be published.