Home > Computer > How To Identify Good or Bad StartUp Programs
Donation Goal
Donate Now Goal amount for this year: 799 USD, Received: 100 USD (13%)
Please donate to help support this website. The funds will be used to purchase owned license of LiteSpeed Web Server Enterprise (2-CPU). It provides superior performance in terms of raw speed, scalability and anti-DDoS capabilities.

How To Identify Good or Bad StartUp Programs

Posted By Raymond In Category: Computer

Feb
2
2008

There are a lot, I mean REALLY a lot of free startup and hijack analyzer program which scans your system for all running programs, autostart locations, drivers, services and hijack points. Silent Runners, HijackThis, RunScanner, HiJackFree and AutoRuns is a few popular ones and each has their own pros and cons. Startup analyzer is a very powerful tool to remove malwares but it requires the user to have an advance computer knowledge to be able to determine which file or process is a malware.

For normal computer users who only wants to use the computer, he/she can submit the log file to forum and have it checked by experts. Have you ever wonder how does the experts in virus removing forum learn and know which file or process is a suspicious malware? Identifying malwares is not easy because the filename itself can be deceiving. If you’re feeling adventurous and want to learn how to identify malwares, here is how you can get started…


Most important factor when using startup analyzers is the ability to recognize which file is good and bad. Unless you many years of experience and very constantly checking file names, you’re not going to be able to identify the good and bad files. Who knows one day you might even accidentally remove an important file such as userinit.exe and you will no longer be able to log in to Windows. I admit that I once removed userinit.exe and I had a hard time restoring the registry entry back. Instead of removing malwares, I ended up wasting more time in restoring the damage that I’ve created.

Before making any changes with startup analyzers, always make sure you’ve done your BACKUP.

When you run any startup analyzer, it’ll take a few seconds to scan all startup entries. An example of me running AutoRuns on my computer.

Identify Malicious files with Autoruns

As you can see, the first one is userinit.exe file located at c:\windows\system32 folder. Try searching for the filename at all these websites.

  • CastleCops – CLSID BHOList ToolbarList
  • Process Library
  • SysInfo Startup Applications List
  • Windows Startup Online Repository
  • RunScanner Process List
  • TaskList

    • If the program isn’t listed on any of those sites, Google it and look for sources that positively identify it. Some startup analyzers such as RunScanner is able to check the MD5 hash of a file. A MD5 hash is a unique fingerprint of a file. Different files/versions can have the same filename in windows. The MD5 hash verifies that the legitimate file is not altered or “fake”.

    If you have any other websites that has a database of startup entries, please share it with us. Good luck in learning how to identify dangerous startup programs.


    Related posts:
  • Delay Startup Programs to Boot Windows Faster
  • Identify Which Service or Driver Failed During System Startup
  • Effectively Remove Trojan, Virus, Spyware from Windows Startup
  • Fix Startup Error SymsetSymWithAddr64 Not Located in DBGHELP.dll
  • Remove Unnecessary Startup Entries To Boot Windows Faster
    • John

      Maybe it would be worth mentioning \”exeLibrary\”:
      http://www.exelib.com/
      Their database seems to be quite limited right now, but I mention it only because in the future it might be more usable.

    • http://bobbytoat.blogspot.com Bobby

      I can’t help but notice that in the comment form, there is a text field labelled as URI, shouldn’t it be ‘URL’? Forgive me if indeed URI refer to something I don’t know of yet…

    • Kenneth Clark

      Boss Raymond,

      There are three computers using a wi-fi for internet in one area or in the other room or within the room. All computers are using usb-wifi. There is any possible to control one computer to another computer by using their usb-wifi wireless network? and how? For example you want to block the surfing of internet of the the other computer.

    • http://www.planetlowyat.com/blog Planet Lowyat

      Remove unnecessary program will make your computer boot up faster.

    • http://noURInnoURLeither...; Thib

      I\\\’ve always used the msconfig start up solution to optimise the boot up of my PC. It is true that just the name of the file is not enough to justify of its removal but if you know what programs you installed on your machine you can identify a potential harmful startup by googling it.
      As a newby I would not adventure deleting files but rather deselect them n see if they come back again automatically. Then I would look deeply into it.

    • http://virusproblem pallavi

      i m unable to open my control panel add or remove . it is showing error rundll32.exe , and when i try to open my runand regedit it open, open with and i m unable to open any thing directly, and i m unable run any antivirus in my laptop ,what sud i do plz reply , i need a gns help

      thanx

    • naren

      i have this file Ruzyzp in my start up.on start up it sometimes said Ruzyzp.exe missing or something lke that and after somedays a message appeared saying ox3cb3.exe has crashed call some numbers.i computer literally froze i looked for the solution in the net.i found the key and i am currently running my computer the solution told me to find ox3cb3.exe but its not in my computer. what do i have to do to not repeat the problem.does Ruzyzp has anything to do with this?

    Copyright © 2005-2012 - Raymond.CC Blog