Windows Autorun Management Utilities
By Michael Ross
This article was published by ComputorEdge, issue #2817, 2010-04-23, as a feature article, in both their PDF edition (on pages 17-21) and their website.
Anyone who has used Microsoft Windows for some length of time will probably notice that software applications can automatically start running as soon as the computer has finished booting up and Windows has finished loading. These are often referred to as "autorun" or "startup" applications. Each may reveal itself as a standard window displayed on the desktop, ready for immediate use, or it may be evidenced only by a small icon in the Windows system tray (which is located in the lower right-hand corner of the screen, just to the left of the digital clock, and may have most of its icons hidden if it is not expanded).
How do these programs end up on your computer? Some may be invited, such as when you install an application and, during that process, you are given an option to have the application begin running automatically as part of the Windows initialization process. Others may be quite uninvited, such as when you purchase a new computer from a big-name vendor that loads up your new machine with all sorts of "free" programs and offers. Or you or someone in your household might download and install some program that is infected with adware or some other "Trojan horse" surprise — unbeknownst to the vendor, or not.
In order to rid your PC of the malware autorun programs, or simply disable legitimate programs from starting up like that, the best method depends upon which category each one falls into, and how well the authors of the software have designed it so that you can easily change that configuration setting. In the latter case, you can usually go straight to the program settings (typically in its Tools > Options menu), locate the dialog box for general settings, and disable the option to start up the program. In the former case, the malware programmers will have done no such favors, and invariably try to make it as difficult as possible for you to see how and where their nasty program is getting called.
There are four common ways that applications can be set to start up automatically. The most straightforward way is for a shortcut to be placed in the Windows Startup folder (normally "C:\Documents and Settings\All Users\Start Menu\Programs\Startup" and, for every user X, "C:\Documents and Settings\X\Start Menu\Programs\Startup"). Or there may be an entry in the Windows Registry, such as HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run. Or the program may be listed in the file win.ini, in the [windows] section, as a "load=" or "run=" entry. Lastly, if the program is a service, it should be listed in Settings > Control Panel > Administrative Tools > Services.
Given that there are multiple ways that unwanted programs can be made to fire up, and making changes to some of these components of Windows can be quite risky (especially for the uninitiated), it may appear that you will have to do some digital detective work to stop the startups, or hire someone to do it for you, or simply resign yourself to the annoyance of manually shutting them down each time you turn on your computer.
Fortunately, numerous software developers — ranging from well-known computer security companies, to individual programmers — have created utilities designed to make it easy for you to see exactly what applications are getting started on boot up, and how you can disable them if desired. We will examine a couple of the more promising such utilities.
From the company that understands Windows better than any other, Autoruns is a free utility offered by Microsoft. As expected, it does an outstanding job of ferreting out all of those "autorun" applications and services. In fact, the first time that you run this utility, you will most likely be quite shocked as to how many such programs there are on your system. The plethora of applications seen in the screenshot below, is not uncommon. But note that most of them are native to Windows, and needed for proper functioning of the operating system. As always, only disable autorun applications if you know what you are doing, because otherwise your computer may no longer work as expected.
Figure 1. Autoruns interface
The archive file that you can download from the Microsoft page listed above, contains four files: Eula.txt (the license agreement), autoruns.chm (a self-contained help resource), autorunsc.exe (the command-line version of the utility), and autoruns.exe (the graphical user interface version). Most readers will only need that last one. It can be placed directly into any folder on your system, and run directly; it is not an installation file (that would install other files). It may be easiest to create a shortcut to that executable, and place the shortcut on your Start menu.
If you are not entirely sure as to the purpose of a particular application, you can do a "Search Online", either from the Entry menu or by right-clicking on the application's entry to display its context menu. Using either method, Autoruns will launch Internet Explorer (unfortunately), try to connect to the server "supertoolbar.ask.com", and perform a Web search using the Ask.com search engine. Confusingly, within Internet Explorer, it is automatically forwarded to a URL that does not exist. For instance, if you try to find online information for the "CirqueGesture" entry within Autorun, then it will go to http://auto.search.msn.com/response.asp?MT=gesture.exe&srch=5&prov=&utf8, which is invalid. If you simplify the URL to http://auto.search.msn.com/, then it will forward to Bing, Microsoft's replacement for MSN Search.
Instead of dealing with this IE/Microsoft/Ask/Bing three-ring circus, it would be much easier to use a better browser, such as Firefox, and simply type the application name into your favorite search engine. Firefox even has a built-in search entry field, in the upper right-hand corner, next to the Web address field.
Figure 2. Firefox search field
Comodo System Cleaner
For gaining control of your Windows autorun applications, you will find that some utilities are wholly dedicated to that functionality, while the same can be achieved using a general Windows management utility, which includes autorun management as just one of its many features. An example of the latter is Comodo System Cleaner, which has a built-in autorun manager, in addition to a host of tools for easily configuring Windows settings, cleaning up the Windows Registry, optimizing system performance and disk space utilization, diagnosing sources of current and future system problems, and maximizing computer privacy by deleting all history, cache, and other temporary files from Web browsers and other applications.
Comodo System Cleaner is free to download and use, and runs on Windows XP, Vista, 7.0, and Server 2003. The vendor states that it occupies only 32 megabytes of system memory, and 20 megabytes of hard disk space. In addition to the regular version, there is a portable one that would be ideal for use on a USB thumb drive, because all of the program's settings are stored on the removable media, and thus there is no need for installation. The comparison chart on the Comodo site shows how the company's System Cleaner stacks up against the competition, and the results are quite favorable.
Installation of the current version (2.2.126408.3) was straightforward, although at least three times the installer tried connecting to remote servers, without any warning or explanation. Disallowing each attempt did slow down the installation process, but did not prevent it from completing, nor prevent the application from running properly.
Figure 3. Comodo System Cleaner interface
The screenshot above shows the initial display of the System Cleaner. The control panel on the left-hand side has links for the eight different sections of the utility. Autoruns Manager is the fourth one from the top. Before leaving that screen, most users will instantly see a problem with the design of the interface — namely, the Comodo developers unwisely chose to make the top portion and outer edge transparent. As a consequence, whatever happens to be behind the program's window, appears within the System Cleaner interface itself. (In the screenshot, it is the System Cleaner Web page peaking through.) This clearly makes all of the navigation icons and labels in that area even more difficult to read, and is an excellent illustration of the principle that just because something is possible in software or Web design, does not mean that it is advisable. In addition, the interface's fonts are very poor, although that is probably not discernible in the screenshot here.
Figure 4. Comodo System Cleaner Autoruns Manager interface
The Autoruns Manager has four sections, each with its own tab in the navigation bar in the upper right part of the interface: Run, Start-up, Services, and Boot Execute. That first section, Run (shown in the figure above), apparently lists the autorun programs that are on one's computer as a result of installing regular applications in the past. That second section is probably for shortcuts found in the Windows Startup folder(s), mentioned earlier. The third section is obviously for Windows services, most if not all of which should be left as is. It is not immediately clear as to what the fourth and last section is for, and the screen does not offer any explanation, nor any tool tips on mouse hover. Clicking the Help button above the section's navigation bar, does not display help information, but instead causes Comodo System Cleaner to try to access a remote server to download a file, help.chm. This help file should have been included in the initial installer package and installation process.
Even though the Comodo System Cleaner displays fewer entries than Autoruns, either one of these utilities should be more than adequate to help you exorcise your computer of the digital demons that insist upon consuming your computer's resources every time you turn it on.
Copyright © 2010 Michael J. Ross. All rights reserved.