Microsoft Autoruns - Reducing the Problems Faced During Windows Startup

By CIOReview | Monday, July 25, 2016

Microsoft Autoruns utility, a free tool offered by Windows Sysinternals offers technical resources to manage, diagnose, troubleshoot, and monitor a Microsoft Windows environment. Although Microsoft Autoruns is not technically an anti-malware tool, it helps in manually removing malware infections from personal computers. With the help of Autoruns, IT administrators can see everything that runs when Windows initiates as well as help them in identifying whether there is something that should not be there. It checks everything from the startup folder, programs referenced in many obscure registry keys, system services and Explorer shell extensions. Autoruns also comes in handy in completing the cleanup process.

Here are six ways in which one can use Autoruns to get to the root of problems that originates from unknown applications that load automatically while Windows starts up:

Shell Extensions/Approved for problem programs that cause Internet Explorer (IE) to choke on a right-click — Internet Explorer allows third-party programs to ‘hook into’ the browser, allowing things like custom right-click context menus on certain files or other actions. One can also check to see if any malware might be festering by looking in the Publisher column to determine what is actually not Microsoft or properly sighted application enabling users to disable it.

Verify code signatures — Verifying code signatures in the Options menu validates any program that it finds against its code signature. However, if there isn't one that is against the code signature or a program which can't be verified, the words ‘Not verified’ pops up in the Publisher column of any of the tabs. It is one of the useful ways to stem out unwanted programs.

Hide signed Microsoft entries — Another way to remove unknown applications is hiding signed Microsoft entries. This can be done by going to the Options menu and running the scan feature. This ensures in displaying all the signed Microsoft codes which can later be hidden using the ‘Hide signed Microsoft entries’ option. Utilizing this feature ensures that anything signed with a verified Microsoft code can be ignored in future.

Look in Image Hijacks for possible malware — Programs that use custom low-level system hooks are listed in the Image Hijacks tab. Programs that doesn’t have a verified publisher or is suspect are listed in this tab to warn users of potential threats.

Look in Internet Explorer for malware — The three subsections of Internet Explorer — Browser Helper Objects (BHOs) section, the toolbar section and the Extensions section are considered as breeding ground of unwanted applications. Though some of them are useful, such as the Java plug-in from Sun Microsystems, it is good to turn the feature off if the user suffers from frequent crashes.

Look in GinaDLL for possible problem applications while dealing with cantankerous sign-ons — The GinaDLL section of Winlogon allows authors of third party code to create extensions to the sign-on process. With some third-party GinaDLL extensions don’t support things like Fast User Switching or the new Welcome Screen functions in Windows XP, they need to disabled manually.