When you install programs on your computer and when you connect external devices or devices, references are created on Windows so that the next time you use those programs or devices, they work immediately without repeating the configuration. Some of these references are loaded automatically when Windows starts and are saved in several very hidden locations.
I'm not talking here about how to handle automatic program execution; in this case it is not only a question of starting the programs but also of references which are then used by Windows when the associated program is used.
These references, which can be registry entries, dll files, drivers or other, are called rootkits ; they are loaded at Windows startup in a completely hidden way from the user who, therefore, has no way of knowing them if not using special programs.
There are basically two problems:
- 1) That when a program is installed, it can still remain a useless reference.
- 2) Many hidden viruses and malware load as rootkits and remain hidden even from antivirus.
Checking the rootkits on the computer every now and then becomes important both to keep the PC clean from junk and to do a security check and be more relaxed.
The most famous program is Hijackthis which allows you to analyze rootkits and, if necessary, eliminate incorrect or unsafe references.
Another program, perhaps more complete and more intuitive to use, is RunScanner instead.
RunScanner is a portable Windows PC program that you can download for free.
The first time you run the program, you are asked whether to start it in beginner or expert mode and this is what makes it affordable for everyone (Hijackthis is rather difficult to use for the less experienced).
With the Beginner mode you can immediately press the " Scan Computer " button to start the check.
After the scan, you are asked where to save a log file with the result of the scan and a file to launch the RunScanner interface to possibly correct the problems found.
The best part, however, is that, waiting a few seconds, the log file is analyzed by the online security service and the link to view the report on the web is provided in the line where " Online Malware Analysis " is written.
By opening the report (copying and pasting the link) harmful rootkits are written in red and those on which there is no information are written in gray.
On the right side of the report you can find the certificate symbol which indicates the full security of that program.
In practice, we check all the programs that load at system startup and verify that they are clean and not hiding malware.
By clicking on the saved runscanner.run file or by opening the program in expert mode, you access the main interface where, after the scan, on the left of each item, there is a checkbox.
Double clicking on it selects that reference and then, in the " Fix " tab, the selected elements can be deleted .
Experts will be able to check each item to see if and which to delete.
All the others, including me, can instead check for red lines that refer to files not found or errors .
By deleting the rootkits referring to files or programs that are no longer installed, you clean your computer of all kinds of problems and speed up the startup of Windows, which does not waste time looking for programs that are no longer installed.
Even from the expert mode you can enter the analysis of malware online and you can access the forum to ask for an opinion from other users.
In the Extra stuff category you can instead read a more complete report (which can only be interpreted by people with high experience :) divided into 5 different tabs.
- Full list of files that start automatically, practically all the rootkits that are loaded.
- Process Killer with all running processes.
- Software installed
- Hosts File
- History, where you can review the deleted entries using the analysis program and, if necessary, restore them.
RunScanner is a very useful 32-bit and 64-bit Windows program similar to Hijackthis and, therefore, one of the indispensable security and maintenance tools.
However, I would like to recommend everyone to make prudent use of this tool because the deletion of important rootkits for Windows can compromise the system and risk having to reinstall all over again.
