Windows

Quick Tip: Manage the autorun process in Windows 7 with SysInternals AutoRuns

Sysinternals AutoRuns allows you to manage every autorun process and application on your Windows 7 system from a single, user-friendly window.

Typically speaking a user or administrator can manage autorun process and services in Microsoft Windows 7 with a combination of the Task Manager and the Services Manager. But why bother with two tools when you can do all the process management you need from a single tool? The tool I am speaking of was created by Microsoft SysInternals and is called AutoRuns.

AutoRuns allows you to manage every autorun process and application on your system. This includes all processes associated with the following:

  • Logon
  • Explorer shell extensions
  • Internet Explorer
  • Schedule tasks
  • Services
  • Drivers
  • Winlogon notifications
  • KnownDLLs
  • AppInit
  • Image Hijacks
  • Boot Execute
  • Codecs
  • Sidebar Gadgets
  • Network Providers
  • LSA Providers
  • Print Monitors
  • Winsock Providers

All the above can be managed from a single, easily managed window. But that's not all you get from this remarkable little tool. With AutoRuns you can also open specific entries in their respective, integrated Windows management tasks windows as well as get online information about each task with a simple right-click.

But what is most impressive with this tool is the ability to quickly view third-party tasks not signed by Microsoft. This can enable you to find rogue Windows 7 processes and services that could turn out to be viruses or other malicious software. How is this done? Let's take a look.

Stay on top of the latest Microsoft Windows tips and tricks with TechRepublic's Windows Desktop newsletter, delivered every Monday and Thursday. Automatically sign up today!

Installing and running

Obviously the installation is not something to spend much time on. However, this tool is a portable tool, so there really is no installation necessary. You simple download the tool from the SysInternals site, unpack the file, and then copy the autoruns executable to wherever you want it (this can include a flash drive so that you can use it on any system you administer.)

You might also want to run this as the administrative user. SysInternals realized this might cause a bit of confusion and added an entry in the File menu labeled Run as Administrator. If you click this, you will be prompted for the administrative user credentials. By doing this, you will gain much more access than you would have as a standard user.

Usage

When you start AutoRuns you will see the one and only window contained within the tool (Figure A). You will also see numerous tabs within the window. Each of these tabs holds specific services, applications, etc.

Figure A

The Everything tab shows you exactly that -- everything. This is a good way to get a quick overview of what is going on simultaneously on your machine.

Let's take a look at the steps for disabling a non-Windows or non-Microsoft process.

Step 1: Click Options | Hide Microsoft and Windows Entries. After you do that, click File | Refresh (or hit F5) to refresh the view so you are seeing only those entries that are not official Microsoft or Windows processes. Step 2: Find the process you are looking for. You can do this by either scrolling around the Everything tab, clicking on the Tab associated with the process you are looking for, or clicking File | Find. Step 3: Disable the process. To do this, you need only uncheck the check box associated with the process you want to disable. Once you have done this, the entry will automatically be disabled -- no need to Save.

Verify code signatures

This is one of the more helpful ways you can check for malicious processes with AutoRuns. If you find a process that could be suspect, you can do the following:

  1. Select the suspected process.
  2. Make sure you are running AutoRuns as the administrative user.
  3. Click Options | Verify Code Signatures.
  4. Refresh the view with F5.
  5. Confirm that all processes are displayed as Verified under the Publisher tab (Figure B).

If a process is not listed as Verified, it should be considered suspect.

Figure B

The Verified option applies to all tabs in the window, not just the tab you are currently on.

Depending on how many services you have running, the verification process could take a while. Keep that in mind when you use AutoRuns. If you keep the Verified option on, the startup of the tool could take longer too.

Final thoughts

There are a number of reasons why you might want to take advantage of the SysInternals Autoruns tool. Not only is it a good way to manage all your autorun applications and services, it is also a means to keep rogue processes from running on your machine. All this in a simple-to-use, portable application created by a reputable developer.

About

Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website getjackd.net.

2 comments
?/\/\?|???\/???
?/\/\?|???\/???

Just plug \\live.sysinternals.com\tools\autoruns.exe into the Start->Run box. Or use pushd to assign a drive letter to \\live.sysinternals.com\tools: pushd \\live.sysinternals.com\tools

Mark W. Kaelin
Mark W. Kaelin

Do you actively manage autorun processes on they systems you administer? What tools do you use for this?