Wednesday, 10 June 2015

Secret Tips For… Autoruns

Secret Tips For… Autoruns

Check for malware, compare configurations and discover command-line secrets

Check for malware using VirusTotal


The latest version of Autoruns (www.snipca.com/16584) has a new feature that lets you check files for malware. It does this by integrating with VirusTotal (www.virustotal.com), a Google-owned service that collates ‘community scores’ for billions of files. VirusTotal doesn’t remove viruses, so isn’t a substitute for good security software, but it does offer useful insights into suspect files.


To check VirusTotal scores in Autoruns, right-click an item and select Check VirusTotal. The item’s score will appear in the VirusTotal column (if the score is zero, the item is safe). Click a score and you’ll be taken to the VirusTotal website, where you can learn more about the specific item. To see scores for all Autorun items, open the Options menu, choose Scan Options, tick ‘Check VirusTotal.com’ and click Rescan.

Hide Microsoft tools and services


Microsoft tools and services aren’t always innocent when it comes to causing PC problems, but they’re usually low on the list of things to worry about. Besides, there’s often very little you can do about them until Microsoft fixes things, so it makes sense to hide them when using Autoruns for troubleshooting. Just tick Hide Microsoft Entries in the Options menu, then tap F5 on the keyboard to refresh the view.

Save your Autoruns configuration


Autoruns is mainly used for troubleshooting startup problems, which is typically a process of trial and error. So, you might find it useful to save a ‘good’ configuration while your PC is working well, as this could help later to get it back on its feet. To do this, just click File, then Save, type a name for your configuration and then click Save. By default, these files are saved as ARN (‘.arn’) files, but really they’re just text files, so you can open them in a tool like Notepad if you want to have a look.

Compare with saved configurations


Autoruns has a built-in tool for comparing the current configuration with a saved configuration. If you’ve made use of the previous tip, this is a very handy way to figure out what’s changed since you last used Autoruns. Choose Compare from the File menu, then navigate to a saved configuration file, click to select it and then click Open. Differing entries will be highlighted in green. Click between those with the same description, then look in the status bar below to see what’s changed.

Use Autoruns as a portable program


In case you didn’t realise, Autoruns is a portable program. That means you can copy the program file (‘autoruns.exe’) on to a USB stick and run it on any PC. So, once you’ve mastered how to use Autoruns for yourself put it in your pocket to help others, or for use on other ailing PCs of your own. Press Win+E to launch Windows Explorer (or File Explorer), then simply drag and drop the autoruns.exe file on to your memory stick. We’d also advise copying autorunsc.exe.

Use Autoruns at the command prompt


Autoruns comes with a command-line version called AutorunsC, which might prove useful if you can’t get Windows to start. AutorunsC isn’t for novices, but it’s a good way to gather information about a Windows PC’s startup processes.

Start by copying the AutorunsC program file (‘autorunsc.exe’) to a USB stick. Now shut down your PC, then switch it back on and repeatedly tap F8 before Windows launches. Choose ‘Safe Mode with Command Prompt’ from the menu that appears, using the arrow keys and Enter. Now type your USB stick’s drive letter and press Enter, then type autorunsc.exe /? (including the space after ‘exe’) to see a list of all options and the command syntax. Type autorunsc to display the PC’s startup information. To save this information as a text file on your USB stick, type autorunsc >mystartup.txt and press Enter.