Is it a Virus?
✔ NO - Safe
Must be located at C:\Sysinternals\Autoruns64.exe or C:\SysinternalsSuite\Autoruns64.exe
Warning
Entries are legitimate but numerous
Autoruns64 lists startup locations across registry, services, and tasks; changes affect boot behavior.
Can I Disable?
✔ YES
You can close the tool and disable any related Startup Task if created; Autoruns64 itself does not auto-run on Windows startup.
What is autoruns64.exe?
autoruns64.exe is the Sysinternals Autoruns utility for Windows that reveals every startup entry and auto-run location on a system. It catalogs registry Run keys, startup folders, scheduled tasks, services, drivers, and more, helping admins identify persistence points and optimize boot times.
Autoruns64 enumerates startup locations via Windows APIs, showing where items are configured to run, and provides options to disable or delete entries. It does not automatically enable or disable by default; use carefully.
Quick Fact: Autoruns64 is part of the Sysinternals suite; it provides comprehensive visibility into autostart points across user and system contexts.
Types of Autoruns Entries
- Registry Run Keys: Entries in HKLM\Software\Microsoft\Windows\CurrentVersion\Run and RunOnce.
- Startup Folder: User and All Users Startup folders that auto-launch programs.
- Scheduled Tasks: Tasks configured to run at logon or on a schedule.
- Winlogon/Notify: Winlogon notifications and logon scripts that can start at user logon.
- Services: Windows services configured to start automatically.
- Drivers: Kernel and system drivers set to load at boot or logon.
Is autoruns64 Safe?
Yes, autoruns64 is safe when downloaded from the official Sysinternals site and used as intended.
Is autoruns64 a Virus or Malware?
The real autoruns64 is a legitimate Sysinternals tool from Microsoft. Malware may mimic names; verify authenticity before use.
How to Tell if autoruns64 is Legitimate or Malware
- File Location:: Must be in C:\Sysinternals\Autoruns64.exe or C:\SysinternalsSuite\Autoruns64.exe. If found elsewhere, it's suspicious.
- Digital Signature:: Right-click Autoruns64.exe → Properties → Digital Signatures. Should show 'Microsoft Corporation' as signer and 'Sysinternals' as the product.
- Product Information:: Check the Details tab for Product name 'Autoruns64' and Publisher 'Microsoft Corporation'.
- Hash Comparison:: Obtain the official SHA-256 hash from the Sysinternals site and compare it with the file on disk.
Red Flags: If Autoruns64 is not signed by Microsoft Corporation, located in an untrusted folder, or runs from Startup unexpectedly, treat as suspicious and scan with antivirus. Avoid executables from untrusted sources.
Why Is Autoruns64 Running on My PC?
Autoruns64 runs when you open the tool to enumerate startup entries. It may spawn processes to read registry keys, services, and tasks, but it is not designed to stay resident in memory after you close it.
Reasons it's running:
- Active Startup Audit: You launched Autoruns64 to inspect startup locations such as Run keys, startup folders, and Scheduled Tasks.
- Comprehensive Discovery: The tool enumerates multiple startup surfaces to provide a complete view of persistence points across the system.
- User-Initiated Refresh: You may click Refresh to update results after changes to startup configurations.
- System-Wide Coverage: Autoruns64 scans startup entries for all users and system-wide locations to ensure nothing is overlooked.
- Administrative Access: Access to some startup locations requires admin rights; results can differ when not elevated.
Can I Disable or Remove autoruns64?
Yes, you can disable or remove autoruns64 from being used for startup audits. Autoruns64 is a portable tool and does not install a Windows service. To stop auto-launch, remove any startup entry you created or delete the executable from its folder.
How to Stop autoruns64
- Close Autoruns64: Exit the application if open.
- Disable Startup Entry: If you added Autoruns64 to Windows Startup, open Task Manager → Startup tab and disable the Autoruns64 entry.
- Remove Scheduled Task: Open Task Scheduler and look for tasks named 'Autoruns64' or Sysinternals; disable or delete if found.
- Delete the Executable: Delete Autoruns64.exe from its folder to prevent manual launches.
- Restart: Restart the computer to ensure changes take effect.
How to Uninstall Autoruns64
- ✔ Delete Autoruns64.exe from its folder (e.g., C:\Sysinternals or C:\SysinternalsSuite).
- ✔ If you downloaded the Sysinternals Suite, delete the entire folder that contains Autoruns64.exe.
- ✔ Empty the Recycle Bin.
- ✔ No registry keys or services are typically created; removal is just deleting the executable.
Common Problems: Autoruns64
If Autoruns64 behaves unexpectedly or fails to list entries, follow these practical fixes.
Common Causes & Solutions
- Not running with administrative privileges: Run Autoruns64 as Administrator to access all startup locations.
- Hide Signed Microsoft Entries is enabled: In Autoruns64, disable 'Hide Signed Microsoft Entries' to reveal all startup items.
- Too many entries to review: Use filters, search, and grouping; export results to CSV for offline analysis.
- False positives from antivirus: Whitelist the Sysinternals suite or run from an official source; avoid suspicious copies.
- Cannot edit certain entries: Some startup items are controlled by registry or system policies; use registry editor or Task Scheduler for edits.
- Outdated version: Download the latest Autoruns64 release from the official Sysinternals page and replace the old binary.
Quick Fixes:
1. Quick Fixes:
2. 1. Run Autoruns64 as administrator and inspect all locations.
3. Refresh results after making changes.
4. Disable nonessential startup entries in the list.
5. Update to the latest version from the Sysinternals site.
6. Export results for offline review.
Frequently Asked Questions
What is Autoruns64?
Autoruns64 is a Sysinternals Windows utility that shows all startup programs and auto-run locations; it helps you audit persistence points and boot behavior.
Is Autoruns64 safe to use?
Yes, when downloaded from Microsoft Sysinternals and used as intended; verify the digital signature before running.
Do I need admin rights to use Autoruns64?
Some startup locations require administrative privileges to view; running as administrator provides a complete view.
Can Autoruns64 delete or disable startup items?
Autoruns64 can disable or remove some startup entries, but certain items are controlled by system policies or registry permissions.
Where can I download Autoruns64?
From the official Sysinternals page on Microsoft Learn.
Is Autoruns64 portable or installable?
Autoruns64 is portable; it does not require installation—just run the executable.