Use SysInternals AutoRuns To Identify Rogue Processes Quickly
For
computer users who like simplicity, the new SysInternals
AutoRuns tool is a fantastic little program that allows
every single application and autorun process to be managed
from one window.
While it’s true that Windows 7 processes and services can be managed easily enough with the Task Manager together with the Services Manager, the thing about SysInternals is that it makes everything that much easier.
By using AutoRuns, you can manage all of the Windows processes associated with the following:
- Explorer shell extensions
- Logon
- Schedule tasks
- Internet Explorer
- Winlogon notifications
- AppInit
- Drivers
- Services
- Image Hijacks
- KnownDLLs
- Codecs
- Sidebar Gadgets
- Boot Execute
- Network Providers
- Print Monitors
- LSA Providers
- Winsock Providers
You’ll now be able to manage all of the above by using just one simple application, with the added benefits of being able to research about them online, identify their location on your system and kill their processes.
Probably the most useful function that AutoRuns provides is the ability to see any third-party processes running that have not been signed by Microsoft, which allows you to quickly and easily identify rogue processes such as malware.
AutoRuns is quick and easy to install – It’s actually portable so all you need to do is download the file (http://technet.microsoft.com/hi-in/sysinternals/bb963902(en-us).aspx) and then run it. Make sure that you are using the program with administrator privileges because that way you are given much more control.
When AutoRuns loads up, you begin at the “Everything” tab that displays all of the processes that are currently running on your system.
If you want to identify which of the processes are Microsoft’s or Windows’ and which are something else, you can check by simply moving to Options > Hide Microsoft and Windows Entries and then click the Refresh tab. The filtered list that follows displays all of the processes that have not been signed by Microsoft, allowing you to investigate and make your own decision whether or not to trust these applications.
To check any process you are not sure of, all you need to do is right click on it and then search for information about it online. To disable the process, all you need to do is uncheck the box next to it.
It’s also possible to verify code signatures with AutoRuns, by simply proceeding to Options > Verify Code Signatures and then clicking on Refresh. The tool will perform a quick scan and determine whether or not that process has been verified. Just remember not to be immediately alarmed if you find something that is not verified – many processes that are vital to your programs are not verified, so you should determine what program it’s associated with before you panic.