What Is Autoruns for Windows and How to Use It

Become your cybersecurity specialist by learning the secrets of Autoruns for Windows utility, a tool that shows elaborate information on apps, drivers, and services that run when you start the PC.

You might ask how Autoruns for Windows relate to cybersecurity. Because it helps you to locate malware, spyware, and ransomware running on your workplace or home PC.

If there are any apps and tools set to run on your Windows PC at startup, Autoruns for Windows will know it. Hence, you can scan all these running and startup apps/services from the tool and find out if your PC is infected.

If you haven’t used this tool yet, it’s the right time to acquaint yourself with this app. This way, you can ensure that no one from the dark web is monitoring what you do on your PC.

What Is Autoruns for Windows?

Autoruns is a system app developed by Winternals Software LP. You may have heard the company in its new name, Sysinternals, branded by Microsoft when it acquired Winternals Software LP on July 18, 2006.

This is the go-to tool for nerds and cybersecurity experts to resolve hacking-related issues on Windows PCs. Windows PC performance geeks who want zero-lag experience on their high-spec PC also use this tool to pinpoint unnecessary startup programs and kill those.

Autoruns app got the most elaborate knowledge of apps and codes that autostarts themselves. It effortlessly displays what apps and tools run when you log in to the PC or boot it up. That’s not all!

Some extra-smart apps link themselves to other built-in apps like Windows Media Player, Microsoft Edge, File Explorer, etc. When you run any built-in app, linked apps run silently in the background, consuming space on the PC memory or RAM. The Autorun app can show these silent and secretly running apps too.

Other autostart utilities are just novice apps when you compare them with Autoruns. It can even show startups, set to run automatically, and other background apps like toolbars, Explorer shell extensions, Winlogon notifications, browser helper objects, auto-start services, and many more.

Why Is Autoruns for Windows Important?

In the early days of Windows OSs like Windows XP and earlier, a built-in or third-party software would add an entry in the Run key of the Windows Registry database or the Startup folder of the Start menu.

You could quickly locate the autorun-configured apps from the above locations and disable autorun if needed.

However, software developers became smarter as years passed, and now they’ve discovered efficient secret ways to run their apps on your PC without informing you. Though you may have installed the app in the first place and use it occasionally, that doesn’t mean you would allow the app to run all day in the background.

These days app developers who invest a lot of time and money on crappy tools like malware, spyware, adware, ransomware, etc., use critical Windows functionalities to run apps on startup.

For example, these sneaky apps will often load during Windows login or boot up via critical Windows services like Windows services, third-party app services, hardware drivers, browser helper objects, and scheduled tasks.

These app developers and their stealthy apps have crossed all the limits and now use high-level Windows resources like AppInit_dlls and image hijacks to run during startup.

An average Windows PC user can’t detect such sneaky and silent apps by scouring through the enormous Windows Registry database. Here comes Autoruns for Windows, which saves you from wasting your time through manual scavenging of spyware and malware.

It records every app, system tool, built-in software, batch file, and code script that can run during the Windows system boot process.

The tool also shows extensive details of the app that’s running at startup. You can perform a one-click online search to determine whether the background process is necessary to start during the Windows boot process.

Once you know the result, you can disable the autorun for specific apps by simply unchecking a box. It’s that easy! No need to buy expensive apps to discover malware, spyware, etc.

Benefits of Autoruns for Windows

There are many benefits of learning how to use Autorun for Windows 11, 10, 7, etc., and these are:

Locating registry entries of apps and codes using Autoruns for Windows

It’s the most efficient system utility to find the Windows Registry entry for any app, tool, driver, etc.
You can use this tool to reduce the consumption of memory and processor resources by disabling unwanted startup apps.
Find out Windows system vulnerabilities that allow deleted malware to appear repetitively after system reboot to develop powerful cybersecurity software.
Instantly scan the Windows PC for third-party apps and tools in your system.
Find out the location of autorun apps in the internal system storage.
Analyze the disc drive of another PC for malware set for the startup.

How to Get Autoruns for Windows

Microsoft Sysinternals host the Autoruns app and lets the public and organizations download the app for free. You can use its information commercially and personally.

You can go to the Sysinternals Utilities Index portal to download the latest version of the Windows Autoruns app. Then scroll down until you find the Autoruns option in this utility index.

Once you locate the Autoruns subheading, click on it to arrive at the portal where Microsoft hosts the latest version of Autoruns for Windows. Click the Download Autoruns and Autorunsc link to get a ZIP file containing the graphical user interface (GUI) and command-line interface file for the Windows Wutoruns app.

Once the download is complete, unzip the file to find various versions of Autoruns for Windows, like x64, x86, etc. If you’re using a 64-bit Windows operating system, double-click the Autoruns64 file.

How to Use Autoruns for Windows 7?

After downloading the Autoruns zip file, extract the components in a folder. Now, you should see Autoruns64 and Autoruns. You need to run the Autoruns app if you’re on a 32-bit Windows 7 OS.

Extract ZIP file of Autoruns. — Extract the ZIP file of Autoruns

Running the Autoruns app from standard user accounts won’t let you make any changes in the start-up app list. You must run the app with admin rights. Here are the steps you must follow to get admin rights for Autoruns:

Locate the Autoruns app and right-click.
The right-click context menu will pop up.

Running Autoruns for Windows as an Administrator

Click Run as administrator.
If you’re logged in to an admin account for your Windows PC, Autoruns for Windows will log in with admin rights.
You’ll see an error message if you’re not logged in with an admin account for the PC.

How to Use Autoruns for Windows

The initial look of the Autoruns app might discourage you from using the tool. However, the app is straightforward for everyone.

The utility shows the Everything tab at startup. If this look overwhelms you, you can switch to other tabs to get a focused view of what you’re looking for.

The Autoruns for Windows app comes with the following tabs. All the tabs show related startup apps, codes, scripts, or services. Nothing more. Here are the tabs I’m talking about:

1. Logon

Logon Category entries on Autoruns for Windows

2. Explorer
3. Internet Explorer
4. Scheduled Tasks
5. Services

Services Category entries on Autoruns for Windows

6. Drivers
7. Codecs
8. Boot Execute
9. Image Hijacks
10. AppInit
11. Known DLLs
12. WinLogon
13. Winsock Providers
14. Print Monitors
15. LSA Providers
16. Network Providers
17. WMI

Office Category entries on Autoruns for Windows.jpg

18. Office

In the above list, you don’t need to look for malware and spyware in tabs like Office, WMI, Network Providers, LSA Providers, Print Monitors, Winsock Providers, WinLogon, Known DLLs, and Boot Execute.

Because malware usually doesn’t get access to these autorun locations. Also, these tabs show autorun-enabled apps and tools that augment various functionalities of your Windows PC. Furthermore, these startup tools don’t consume much memory or processing capabilities.

You must check for unwanted apps, codes, and tools, in the rest of the tabs of Autoruns for Windows.

If you find the user interface a bit overwhelming and cluttered, you can remove some known startup apps that enable the system to function correctly. To remove these known configurations, try these steps:

Go to any tab, for example, Everything.

Hide Windows Entries from Autoruns for Windows

Click the Hide Windows Entries icon on the menu bar. It shows the Windows icon or flag.
Doing this will reduce the number of entries in the Autoruns list.

Now that the necessary Windows processes have been hidden, you can quickly check through the list and notice any crapware in your system set to run at startup.

How to Detect Malware Using Windows Autoruns

You must go through all the third-party app entries in the Autoruns app. If you locate something fishy, right-click on the entry and then choose Search Online on the context menu that appears.

Finding out if an entry belongs to a malware or not via Search Online on Autoruns — Finding out if an entry belongs to malware or not via Search Online on Autoruns

A web browser page will open. Look for the first few Google Search results. If online search results show that the app might be malware or spyware, stop it from starting on boot. Then, remove it from your PC.

How to Disable Unwanted Apps and Codes Using Autoruns for Windows

Once you’ve located malware or spyware running on your Windows PC using Autoruns, follow these steps:

Uncheck the checkbox to the left of the configuration entry.

Uncheck the configuration entry from Autoruns list

Right-click the entry again and then select Jump to Image.

Now, delete the content of the folder.

Delete malicious content from the image folder

If the system doesn’t allow you to delete the content because the app must be running in the background, restart the PC.
Now, go to the folder again and try to delete the components.

Some malware or spyware are resilient. They may try to add themselves to the autorun list once you disable it. Verify that it’s not in the autorun list by restarting the PC and checking the duplicate entry on Autoruns for Windows.

Analyze Offline System Using Autoruns for Windows

The Analyze Offline System feature lets you check the disc drives of other Windows PCs that fail to boot or boot real slow. You must plug in the drive internally or externally to your Windows PC.

Then, run the Autoruns app and click File. There, you should see the Analyze Offline System option. Select it and locate the Windows installation drive in the System Root field. Then, find the User Profile of the failed Windows PC from the same drive.

Click OK, and the app will show all startup apps, codes, and Windows PC services that need immediate repairs.

Conclusion

Autoruns for Windows is a mighty tool to increase system performance or kick out crapware from your PC. Give the tool a try next time you face any slow boot, failed to boot, system latency, and malware issues on your Windows PC.

Next up, learn to edit Startup Programs in Windows 10.

Comments

Frank Quinn says

September 7, 2023 at 12:20 pm

I have a recent purchase of Total AV that was downloaded but every time, I click on the Icon on my PC, it tells me the installation is incomplete. I’ve tried everything and it seems to never complete. Thru surfing on the PC, it pointed to your web site to install Autoruns for Windows 10 to correct a stuck page. Just want to know if i’m going the right route to solve my problem. I’m not a tech guy and I’ve had it up to here with tech stuff everywhere I turn. Appreciate your help or suggestions. Thanks Frank Quinn