When you notice suspicious activity on your Windows system, it’s a good bet that whatever malware has breached your security measures has configured some mechanism to automatically launch the misbehaving process after a reboot. The Autoruns utility is very useful for finding and eliminating those items that allow malware to run without any user action.

There are many ways to automatically start a malicious program, and Autoruns has a lot of them covered. From Internet Explorer plug-ins to network providers, if a program is being automatically started, you should find it in one of these places.

Another thing I like about this tool is that it’s a quick download that doesn’t need to be installed. If I’m helping a friend, I can have it ready on a USB drive or download it and have it running in a few seconds.

There is also a console version that spits out the same information in a text format that is easily parsed. If you’re a programmer, you can use it to monitor the results for unexpected changes.

Each Thursday, Security Musings features a security-related technology or tool. Featured items do not imply a recommendation by Gemini Security Solutions. For more information about how Gemini Security Solutions can help you solve your security issues, contact us!

This entry was posted on Thursday, February 26th, 2009 at 3:02 pm by Mike Markiewicz and is filed under Technology & Tool Thursday. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.