To do this, it can make use of many legitimate Windows features that allow the software to launch at boot.ĭirectory Environments E-Book Autoruns: The Basics Once a machine is powered down, the malware needs a mechanism to continue running on the device. If a device has been compromised, then any installed malware will also need to be able to survive a reboot.
Legitimate software will often launch when a machine is powered on - Outlook is a prime example as users checking their email is often the first thing people do when logging onto their device. How to Use Autoruns to Identify Suspicious SoftwareĪutoruns is a Microsoft tool that identifies software configured to run when a device is booted, or a user logs into their account.For identifying and removing malware within an organization your Incident Response plan should be followed. Note: This article is intended to illustrate how malware can be identified on a home laptop or PC. Understanding how to use Autoruns means you may be able to detect if your home PC is infected with unwanted software.