AutoRuns for Windows v9.0

[ronjor]

Quote:

This utility, which has the most comprehensive knowledge of auto-starting locations of any startup monitor, shows you what programs are configured to run during system bootup or login, and shows you the entries in the order Windows processes them. These programs include ones in your startup folder, Run, RunOnce, and other Registry keys. You can configure Autoruns to show other locations, including Explorer shell extensions, toolbars, browser helper objects, Winlogon notifications, auto-start services, and much more. Autoruns goes way beyond the MSConfig utility bundled with Windows Me and XP.

Microsoft Sysinternals

[HAN]

Thanks Ron!

[newbino]

From Windows Sysinternals Autoruns page

Quote:

Usage
See the November 2004 issue of Windows IT Pro Magazine for Mark's article that covers advanced usage of Autoruns

article

[ErikAlbert]

I ran Autoruns immediately and it found this very suspicious object in my online and even off-line system partition under :

HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
Autorun Entry: 0
Description...: blank (very suspicous)
Publisher......: blank (very suspicious, unknown source)
Image Path...: File not found about:Home (very suspicious, completely hidden)

I was stupified, because that was in theory impossible.
Was this a sneaky rootkit or keylogger ?
Was this a malware that infected the firmware of all my hardware components ?
Was this an object caused by one of these "invisible" things of Joanna ?
Was I infected by Rustock A upto Z ?
Was this malware telling me I'm a zero as a bad joke ?
I don't know. After the first panic and taking a valium pill, I got my common sense back.

I have an image of WinXPproSP2 only, which has never been on-line, not even for activation.
If that image also contained this suspicious object, I was malware-free.

So I restored that image, ran Autoruns and this suspicious object appeared again in the Autoruns List, which means it was NOT a malicious object.
Case closed and back to normal.

This is typical M$ : scaring the user about nothing. This is the second time.

[Longboard]

Ta

[appster]

@Erik, fwiw I have that also, so perhaps that provides additional reassurance that it actually is an MS entry.

[twl845]

Quote:

Originally Posted by ronjor

Microsoft Sysinternals

Thanks for the tip! I'm running Autoruns v8.6. can I install v9 over my v8.6 or do I have to uninstall v8.6 first? Thanks

[HAN]

I just replace all 4 existing files with the 4 new ones...

[appster]

Quote:

Originally Posted by twl845

Thanks for the tip! I'm running Autoruns v8.6. can I install v9 over my v8.6 or do I have to uninstall v8.6 first? Thanks

There is no install (as such). Just replace the old exe with the new one.

[bellgamin]

Quote:

Originally Posted by twl845

Thanks for the tip! I'm running Autoruns v8.6. can I install v9 over my v8.6 or do I have to uninstall v8.6 first? Thanks

I installed right over the old one. Works for me!

Ah Ron -- 10Q!

[twl845]

Thanks all.

[lucas1985]

Quote:

Originally Posted by ErikAlbert

This is typical M$ : scaring the user about nothing. This is the second time.

Erik,
Autoruns isn't a blacklist scanner. It only informs you about certain system variables and it's up to you to verify/decide on them.
It's a forensic tool (like HijackThis, Runscanner, anti-rootkits, integrity checkers, etc) and it isn't targeted to "newbies", although you can learn how to use it without fear.