Malicious software (malware) is only effective if it is able to stay infected on the computer as long as possible by automatically running when Windows is booted up. This can be easily done by writing code that adds a startup entry when the file is first run. Attempting to identify if a program that auto starts in Windows is good or bad may not be that easy because there are quite a few startup locations to look at and then you’ll need to analyze if they are legitimate.
The most common and well known tool that is built-in to Windows which you can use to check for startup items is the System Configuration which can be run by pressing WIN+R to bring up the Run window, type msconfig, press the Enter key and check the Startup tab.
The start items list in the System Configuration tool is incomplete which is where some free tools such as Emsisoft HiJackFree, Runscanner and OSAM come into play. Some of these tools can automatically give you good or bad ratings for the known processes, but if you’d like to understand more, here are 8 websites that you can use to research the start-up programs.
The WinPatrol PLUS Knowledgebase contains a huge database of program information where it is supposedly accessible only by paid PLUS users. However, the database can be accessed by the public if one knows the URL. The knowledgebase doesn’t contain a lot of detailed technical information about a program, but you can certainly trust the descriptions that are easy to understand, and written for non-computer geeks.
Although the WinPatrol PLUS Knowledge Base doesn’t seem to have a main index page where it lists all the known programs information, you can visit the link below to view WinPatrol’s program information with rating and there is a search box at the bottom where it says “Search for another file”. Simply enter the filename of the program that you would like to check if it is good or bad according to WinPatrol, and click the Search button.
2. Bleeping Computer Startup Programs Database
Bleeping Computer has been around for many years with their really helpful forum providing free technical support in malware removal. Their website has a database containing over 20,000 entries of startup programs. One of the most valuable pieces of information on the program startup report is it shows the validity of the program and if it is necessary or required to run at startup as some programs don’t really need to be constantly running in the background.
Information such as the startup name, filename, command, description, file location, startup type and HijackThis category can be found on the report.
3. Pacman’s Portal
Pacman’s Portal database is probably the biggest containing program startup information entries close to 40,000. You may end up with a lot of results if you’re searching for a well known filename. The trick here is to refer to the “Startup Item or Name” and followed by checking the description to make sure that the location of the file matches the one that is on your computer.
The tested startup program will contain a link to a more detailed report showing the method used to start the tested program.
4. Should I Block It?
If you’ve heard of the software called “Should I Remove It?” which is used to automatically check for any unwanted programs such as adware, toolbars or bloatware in your computer, they’ve created an online service called “Should I Block It?” that contains detailed information based on the filename. Not only you can search for more information of the file based on the name, it also accepts MD5 and SHA-1.
The information given by Should I Block It is very technical and is more suitable for advanced users. Unlike the first three websites mentioned above that tell you if the file is necessary or not, Should I Block It provides very detailed information such as resource utilization, process properties, threads, distribution by OS/country/PC manufacturer, startup entries and network connections.
5. File Inspect Library
File Inspect is a website created by Auslogics to provide useful information about running processes.
There are a few other websites similar to this which are created by software makers to attract visitors to download their software but File Inspect Library stands out because they put in extra effort by including screenshots with step by step instructions on how to disable a program from startup.
6. Neuber Windows Process and Task List
Neuber is the creator of the popular Security Task Manager software. There is not a lot of technical information on the process but what makes the report valuable is the big number of user ratings and reviews.
The only drawback is they don’t provide a search to look up their database if a specific program is good or bad. What you can do is replace the filename that is located at the end of the URL with the one that you want to check before the .html extension. For example, if you need to check the filename jusched.exe, the URL would be:
Simple replace the bold jusched.exe with the filename that you want to investigate.
7. System Explorer File Database
System Explorer File Database is really huge with over 25 million file information and 50,000 reviews. They keep track of all variants of a filename, for example, the filename jusched.exe itself has 1180 entries.
Obviously there is some malware that uses this filename in an attempt to trick the user in thinking that a legitimate process is started but in fact it is malicious. Again, it is important that you compare the MD5 hash rather than relying on the filename itself to determine if the program is good or bad.
If none of the above websites have information on the startup program that you’re investigating, a method that you should not miss is using Google to search for the filename to see if there are any results that states the program is good or bad.
However you’ll need to be extra careful on the search results because there are probably many websites that have created the report pages without much helpful information. They’re just trying to attract you into downloading and installing their software which claims to fix or repair the problem based on the filename that you’re searching.
Note: You can also use HijackThis to scan your computer for startup programs and then submit the log file to any one of the five automated HijackThis log analyzers.