Cadzow Knowledgebase


Welcome
Contact Us
Professional
Services

Consulting
Knowledgebase/
Site Search

Remote Support

Print Friendly

Using Sysinternals' Autoruns Tool to Troubleshoot Startup Problems, Viruses & Spyware

Sysinternals has an excellent freeware tool called Autoruns. Autoruns reveals all the programs configured to start when Windows boots or when users log in. Windows contains several dozen registry locations where programs can be configured to auto-start and so programs which are creating problems, viruses or spyware which have installed themselves in these locations can be very hard to find and disable.

Autoruns' display can hide any entries digitally signed by Microsoft. So whereas an average system could have in the vicinity of 50 programs configured to auto-start, many will be legitimate parts of the operating system and can be safely ignored for troubleshooting purposes (at least, initially).

  1. Download Autoruns from the Sysinternals website and execute it:

  2. Autoruns will show every program configured to autostart. This will take a minute or two as Autoruns examines each file for its properties and signature (if any).

  3. Next use the Options menu to enable Hide Signed Microsoft Entries.

    Press F5 (Refresh).

    Autoruns will now show all startup programs that have not been digitally signed by Microsoft.

    All systems will have some auto-starting programs of this nature, so their presence is not an immediate cause for panic.

  4. Review the list. Any entries which are suspicious or which you do not recognise can be deleted by right-clicking on the item, and choosing Delete Ctrl+D.

    If you need to conduct research on an entry, right-click on the item and choose Search Online… Ctrl-M.

    Note that deleting an item only deletes the registry entry which instructs Windows to load it, not the program files. Therefore if you accidentally delete an entry for a legitimate program you will only have disabled the startup functions of the program and not the program itself.

    Some viruses and spyware have the ability to reinstate themselves to the registry if removed so after removing any entries, click View and Refresh to ensure the entries are gone. If an entry reappears, use the Task Manager to locate the process in memory and delete it.

  5. When finished, reboot the system.

    A virus scan or spyware cleanup should be easier/more successful if you have successfully removed some from startup.

  6. Some virus/spyware infestations can be difficult to remove in one operation, so repeat the process.

Copyright © 1996-2019 Cadzow TECH Pty. Ltd. All rights reserved.
Information and prices contained in this website may change without notice. Terms of use.


Question/comment about this page? Please email webguru@cadzow.com.au