As part of the startup sequence for your Windows computer, there are a bunch of programs and scheduled tasks that automatically run, before the familiar desktop appears. Most of them are essential; some are dispensable; and others may be malicious. Read on and learn how to tweak your “autoruns” to improve performance and security…
Ready to Tune Up Your Startup?
There are many software tools designed to keep your Windows system tuned-up and running as efficiently as possible; see this article, Seven Free PC Maintenance Tools. Some utilities, like Advanced System Care, are designed for one-click simplicity. Today, I want to discuss a powerful maintenance tool that requires a bit more effort from its user.
Autoruns for Windows provides information that can reduce Windows launch time, free up memory and other system resources, or help you track down especially stealthy malware. It shows you all programs that automatically run when your PC boots up or a user logs in, and what extensions load into various Windows processes such your browser or Windows Explorer. It works on Windows XP and higher, including 64-bit versions. This free software was created by Mark Russinovich, who currently serves as Chief Technical Officer of Microsoft’s Azure product.
The Windows System Configuration Utility (msconfig.exe) lets you view and disable a number of startup files and services, but it omits a lot of things that Autoruns catches: toolbars, browser helper objects, Windows Explorer shell extensions, to name a few. These items can be hiding places for malware or they may simply be long-forgotten, unnecessary burdens on your system.
To get started, download the Autoruns.zip archive and extract its contents to a folder of your choice. Then just double-click the Autoruns.exe (or Autoruns64.exe) file to start the program; there is no installation required.
Autoruns displays the name and location of each auto-running item. Double-clicking an entry takes you to its directory or opens its registry entry in the Registry Editor. Unchecking an entry disables its automatic execution. The Del key deletes an item from your system. For registry entries, it shows the exact registry key. For files, it shows the directory path and file name.
Right-clicking on an entry opens a drop-down menu with several options. “Search online” is one of the handiest drop-down options; it launches a Web search using your default browser and search engine, effectively asking “what is this thing?” The search results can help you decide whether the item should be left alone, deleted, or disabled. After right-clicking an entry, you’ll also see other options, including Delete, Jump to Entry, and Jump to Image. I’ll discuss them in reverse order they appear. Jump to Image will open File Explorer to the folder that contains the item, and highlight it. Jump to Entry will open Registry Editor and highlight the entry that controls the behavior of the item. (If it’s a scheduled task, Task Manager will open and show that item.) Delete will do what you’d expect. If it’s a file, it will be deleted from the hard drive. It’s it’s a registry entry, ir will remove that entry from the Registry.
I would advise against using the Delete option, unless you know for sure what you’re doing. Randomly deleting files or mucking about with the Registry is a bit like doing brain surgery while blindfolded, or shooting mosquitos with a machine gun. Apply your preferred metaphor.
“Check Virus Total” is a new option found in version 14 of Autoruns. VirusTotal.com is a Web service that scans files or URLs with a total of 57 anti-malware engines. When Autoruns checks Virus Total, you’ll see a ratio such as “8/57” to the right of the item selected. That means 8 out of the 57 anti-malware engines flagged this item as malware. Double-click on the Virus Total ratio to see the full results on a VirusTotal.com Web page. Note that a VirusTotal score of 1 or 2 is probably a false positive, and not an indicator of a virus. On my computer, CCleaner and Google Chrome both got a score of 1, but there’s no cause for concern there.
The Autoruns screen is a bit busy, possibly overwhelming at first glance. But there’s a way to eliminate the items that do not require immediate attention. The Options button on Autoruns’ main menu lets you hide or unhide groups of entries, reducing the number of items that you need to examine. Hiding all entries signed by Microsoft, for example, limits your view to third-party software. If you hide both Microsoft-signed and VirusTotal Clean entries, you can focus on items that are either unverified or potentially malware.
I recommend that you click Scan Options on the Options menu, then check the boxes labeled “Check VirusTotal” and “Submit Unknown Images”, then restart Autoruns. It will then check all items against the VirusTotal database and display the results.
Images highlighted in red are “unverified,” meaning no digital signature is attached that enables verification of the author’s identity. That doesn’t necessarily mean it’s malicious, just that it requires that you check to see if it’s something you definitely want or need.
Images highlighted in yellow are missing a target file. You may want to delete such items (after doing a web search) so that Windows doesn’t waste start-up time trying to launch programs that aren’t there.
Autoruns is a powerful tool for deep troubleshooting. But don’t use it casually or you may delete something that your system needs in order to function. If you fear a finger-fumble, create a System Restore point before making any changes, and you’ll be able to undo any mistakes. To create a restore point, click the Start button and type, “create a restore point” in the Search box. Click the “create a restore point” link in the search results and then click the “Create” button at the bottom of the System Protection tab that appears.
Remember a fast system will run Second life much better.
Have a great week from all of us at Zoha Islands and Fruit Islands