[SPEEDUP] Are Stealth Programs Slowing Your PC?

Category: Windows

As part of the startup sequence for your Windows computer, there are a bunch of programs and scheduled tasks that automatically run, before the familiar desktop appears. Most of them are essential; some are dispensable; and others may be malicious. Read on and learn how to tweak your “autoruns” to improve performance and security...

Ready to Tune Up Your Startup?

There are many software tools designed to keep your Windows system tuned-up and running as efficiently as possible; see my article, Seven Free PC Maintenance Tools. Some utilities, like Advanced System Care, are designed for one-click simplicity. Today, I want to discuss a powerful maintenance tool that requires a bit more effort from its user.

Autoruns for Windows provides information that can reduce Windows launch time, free up memory and other system resources, or help you track down especially stealthy malware. It shows you all programs that automatically run when your PC boots up or a user logs in, and what extensions load into various Windows processes such your browser or Windows Explorer. It works on Windows XP and higher, including 64-bit versions. This free software was created by Mark Russinovich, who currently serves as Chief Technical Officer of Microsoft's Azure product.

The Windows System Configuration Utility (msconfig.exe) lets you view and disable a number of startup files and services, but it omits a lot of things that Autoruns catches: toolbars, browser helper objects, Windows Explorer shell extensions, to name a few. These items can be hiding places for malware or they may simply be long-forgotten, unnecessary burdens on your system.

Autoruns utility

To get started, download the Autoruns.zip archive and extract its contents to a folder of your choice. Then just double-click the Autoruns.exe (or Autoruns64.exe) file to start the program; there is no installation required.

Autoruns displays the name and location of each auto-running item. Double-clicking an entry takes you to its directory or opens its registry entry in the Registry Editor. Unchecking an entry disables its automatic execution. The Del key deletes an item from your system. For registry entries, it shows the exact registry key. For files, it shows the directory path and file name.

Left-Click, Right-Click...

Right-clicking on an entry opens a drop-down menu with several options. “Search online” is one of the handiest drop-down options; it launches a Web search using your default browser and search engine, effectively asking “what is this thing?” The search results can help you decide whether the item should be left alone, deleted, or disabled. After right-clicking an entry, you'll also see other options, including Delete, Jump to Entry, and Jump to Image. I'll discuss them in reverse order they appear. Jump to Image will open File Explorer to the folder that contains the item, and highlight it. Jump to Entry will open Registry Editor and highlight the entry that controls the behavior of the item. (If it's a scheduled task, Task Manager will open and show that item.) Delete will do what you'd expect. If it's a file, it will be deleted from the hard drive. It's it's a registry entry, ir will remove that entry from the Registry.

I would advise against using the Delete option, unless you know for sure what you're doing. Randomly deleting files or mucking about with the Registry is a bit like doing brain surgery while blindfolded, or shooting mosquitos with a machine gun. Apply your preferred metaphor.

“Check Virus Total” is a new option found in version 14 of Autoruns. VirusTotal.com is a Web service that scans files or URLs with a total of 57 anti-malware engines. When Autoruns checks Virus Total, you’ll see a ratio such as “8/57” to the right of the item selected. That means 8 out of the 57 anti-malware engines flagged this item as malware. Double-click on the Virus Total ratio to see the full results on a VirusTotal.com Web page. Note that a VirusTotal score of 1 or 2 is probably a false positive, and not an indicator of a virus. On my computer, CCleaner and Google Chrome both got a score of 1, but there's no cause for concern there.

The Autoruns screen is a bit busy, possibly overwhelming at first glance. But there's a way to eliminate the items that do not require immediate attention. The Options button on Autoruns’ main menu lets you hide or unhide groups of entries, reducing the number of items that you need to examine. Hiding all entries signed by Microsoft, for example, limits your view to third-party software. If you hide both Microsoft-signed and VirusTotal Clean entries, you can focus on items that are either unverified or potentially malware.

I recommend that you click Scan Options on the Options menu, then check the boxes labeled "Check VirusTotal" and "Submit Unknown Images", then restart Autoruns. It will then check all items against the VirusTotal database and display the results.

Images highlighted in red are “unverified,” meaning no digital signature is attached that enables verification of the author’s identity. That doesn't necessarily mean it's malicious, just that it requires that you check to see if it's something you definitely want or need.

Images highlighted in yellow are missing a target file. You may want to delete such items (after doing a web search) so that Windows doesn’t waste start-up time trying to launch programs that aren’t there.

Autoruns is a powerful tool for deep troubleshooting. But don’t use it casually or you may delete something that your system needs in order to function. If you fear a finger-fumble, create a System Restore point before making any changes, and you'll be able to undo any mistakes. To create a restore point, click the Start button and type, "create a restore point" in the Search box. Click the "create a restore point" link in the search results and then click the "Create" button at the bottom of the System Protection tab that appears.

Your thoughts on this topic are welcome. Post your comment or question below...

 
Ask Your Computer or Internet Question

 
  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Email:

Check out other articles in this category:



Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 4 Feb 2022


For Fun: Buy Bob a Snickers.

Prev Article:
Geekly Update - 02 February 2022

The Top Twenty
Next Article:
The Desktop is Dead. Long Live the Desktop!

Most recent comments on "[SPEEDUP] Are Stealth Programs Slowing Your PC?"

Posted by:

gene
04 Feb 2022

I've been using Autoruns for what seems like decades. Bob's right, it's invaluable, even just as a way to control what does and doesn't start, much more is visible than with msconfig and there are a number of things I know I don't need that I just disable and don't allow to load. It IS a complex looking program but it's not really that hard to use at all.


Posted by:

JOHN
04 Feb 2022

Great review by gene. I'm looking forward to using it. Thanks Bob for a really useful article.


Posted by:

Practicalman
04 Feb 2022

I use Ccleaner free version frequently on my pc. One of the tools it has (tools menu tab looks like a double open end wrench). The menu that it opens includes a category called "startup". Is this startup tool just an easy way to access and adjust settings for the same autoruns settings to which you refer? Thanks, -Practicalman


Posted by:

gene
04 Feb 2022

One thing I don't like about Autoruns, the only thing really, is that it doesn't tell you when there's a new version. It is Microsoft approved, you need sign into your Microsoft account to get the suite. I didn't know there was a version 14 until this, so I went and got that. The virus scan is wonderful, most everything I have got zero/70, only Chrome got a 1. You can look at everything, under services you can find your security software running, which does run at boot but doesn't show in the boot list. I use Malwarebytes Pro, I was fortunate, I got it at a time when they offered a lifetime license for $25, I jumped at that, it's far more expensive now, but they still support me as if I were brand new. That's an always on service that works without conflict with Windows Defender. I do have CCleaner Pro too. Autoruns new appearance is bit less cluttered than previous versions. It can be daunting looking at Windows Processes, task manager can do the same things, but I like the look of Autoruns presentation. I'm really security conscious, run a number of browser extensions too and I've never had a virus or bit of malware get to my machine and I've owned one since the early 90's. Better safe than sorry.

I use three browsers primarily, Firefox, Vivaldi and Brave (the latter two are chromium based, but do NOT track you the way Chrome does, and you can get browser extensions for them from the Chrome store) all of which sync across devices, my HP desktop, and my three Apple devices as does my password manager - very handy. Just fyi is all this is. :^)


Posted by:

Peter Oh
05 Feb 2022

Once again Bob, you do not adequately cover this SW
1) unzipping left me with several choices of executables, the largest size advised it would not work on my PC. The next is size did run.
2) the GUI then completely fills the screen & is amazingly detailed but with no obvious indication of what may be chosen. I do not choose to spend all morning experimenting especially on SW I probably don't need.
3) How many PC users with average skills would be capable of using this tool; I'd guess about 10%.
4) Bob try & advise the relative level of skill required when you report on such SW. I do understand that daily you need new material.


Posted by:

John
05 Feb 2022

Bob, please respond to Peter Oh, like Peter, I would be lost trying to decide which executable file to try. This was a most interesting post and I appreciate you posting it.


Posted by:

Peter Croft
06 Feb 2022

When I try to disable most items it throws up a box telling me to run as administrator, when under the file tab I 'run as administrator' it does nothing.
I am the administrator! Puzzled.


Posted by:

caligula
26 Feb 2022

Autoruns "shows you all programs that automatically run when your PC boots". Correction: Autoruns does not show what is currently and actually running, but rather what has entries to auto-start in the Registry, Scheduler, Services and other locations - if the run is activated.


Posted by:

Harold
20 Mar 2022

When I run Autoruns64.exe -a from the Dos prompt, the information comes up but disappears within 5 seconds. Is this stored anywhere?

thanks


Posted by:

Hubert
21 Oct 2023

I have NO IDEA on how to open this. I got a window with SIX!!! applications of this. I clicked on one and it said "Extract Zip file" which I did and got the same thing! As one reader, I don't have the time to fool with this as it stands.


Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! Comments of a political nature are discouraged. Please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are reviewed, and may be edited or removed at the discretion of the moderator.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.


Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter

Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy     RSS/XML


Article information: AskBobRankin -- [SPEEDUP] Are Stealth Programs Slowing Your PC? (Posted: 4 Feb 2022)
Source: https://askbobrankin.com/speedup_are_stealth_programs_slowing_your_pc.html
Copyright © 2005 - Bob Rankin - All Rights Reserved