AutoRuns for Windows v9.0

Discussion in 'other software & services' started by ronjor, Dec 18, 2007.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    64,765
    Location:
    Texas
    Microsoft Sysinternals
     
  2. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,098
    Location:
    USA
    Thanks Ron! :)
     
  3. newbino

    newbino Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    402
    From Windows Sysinternals Autoruns page
    article
     
  4. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I ran Autoruns immediately and it found this very suspicious object in my online and even off-line system partition under :

    HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
    Autorun Entry: 0
    Description...: blank (very suspicous)
    Publisher......: blank (very suspicious, unknown source)
    Image Path...: File not found About:Home (very suspicious, completely hidden)

    I was stupified, because that was in theory impossible.
    Was this a sneaky rootkit or keylogger ?
    Was this a malware that infected the firmware of all my hardware components ?
    Was this an object caused by one of these "invisible" things of Joanna ?
    Was I infected by Rustock A upto Z ?
    Was this malware telling me I'm a zero as a bad joke ?
    I don't know. After the first panic and taking a valium pill, I got my common sense back.

    I have an image of WinXPproSP2 only, which has never been on-line, not even for activation.
    If that image also contained this suspicious object, I was malware-free.

    So I restored that image, ran Autoruns and this suspicious object appeared again in the Autoruns List, which means it was NOT a malicious object.
    Case closed and back to normal.

    This is typical M$ : scaring the user about nothing. This is the second time. :mad:
     
    Last edited: Dec 19, 2007
  5. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,205
    Location:
    Sydney, Australia
  6. appster

    appster Registered Member

    Joined:
    Jun 19, 2007
    Posts:
    553
    Location:
    Paradise (Hawaii)
    @Erik, fwiw I have that also, so perhaps that provides additional reassurance that it actually is an MS entry. ;)
     
  7. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    Thanks for the tip! I'm running Autoruns v8.6. can I install v9 over my v8.6 or do I have to uninstall v8.6 first? Thanks:)
     
  8. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,098
    Location:
    USA
    I just replace all 4 existing files with the 4 new ones...
     
  9. appster

    appster Registered Member

    Joined:
    Jun 19, 2007
    Posts:
    553
    Location:
    Paradise (Hawaii)
    There is no install (as such). Just replace the old exe with the new one.
     
  10. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,067
    Location:
    Hawaii
    I installed right over the old one. Works for me!

    Ah Ron -- 10Q!
     
  11. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    Thanks all. :D
     
  12. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Erik,
    Autoruns isn't a blacklist scanner. It only informs you about certain system variables and it's up to you to verify/decide on them.
    It's a forensic tool (like HijackThis, Runscanner, anti-rootkits, integrity checkers, etc) and it isn't targeted to "newbies", although you can learn how to use it without fear.
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.