While Autoruns may not be the most popular startup manager available for Windows, it is without the shadow of a doubt the one a complete package.
It enables you to go through all startup items of the system to assess and change them. Where most startup managers limit items to programs and sometimes services, Autoruns includes dynamic link libraries, drivers, network providers and a whole host of other items in its interface.
Autoruns 13 has just been released and with it comes integration of the online virus scanning service Virustotal.
If you follow Sysinternals tools updates you know that Autoruns is not the first program to get the integration. The process manager Process Explorer supports it as well for example.
You need to enable the scanning before it becomes available. This is done with a click on Options > Scan Options, and the checking of "Check Virustotal.com".
You are asked to read the Virustotal Terms of Service which are loaded in the default web browser automatically.
If left at that, only hashes of files found on the local system are submitted to Virustotal. While that ensures that no files get uploaded to the service, it means that you won't get results for some files.
To be precise, you won't get a rating for any file unknown to Virustotal.
You can change that behavior by enabling the submit unknown images option on the scan options.
Autoruns will submit the file hash first but if Virustotal returns an unknown, the file itself will be uploaded to the service for checking.
You find the ratings on the right side of the table after you have enabled it. You may need to scroll horizontally to display the rating depending on the window's width.
The software has a new Virustotal filter under options. You can enable it to only display items that have been flagged by Virustotal.
All items with at least one hit are flagged which means that the list of items is limited to those that the virus scanning service reported as potentially malicious.
This can be combined further with other filters, for instance the hide all Microsoft entries filter.
The integration of Virustotal in Autoruns makes as much sense as the integration of it in the process manager.
Items get scanned automatically once you enable the option which can provide you with additional information for your safety assessment.