Autoruns goes offline and hits viruses

On June 8, a new version of the professional startup manager, Autoruns, was released . Beautiful number 10 brought the long-awaited ability to customize not only a working system, but also edit autoload for a disabled Windows. Finally, you can boot from the LiveCD or pick up the disk to another computer and throw out viruses from startup.

Let's see how it works in practice ...

')
A new Analyze Offline System item has appeared in the File menu ...




And voila, analysis of the system off appears.



True, for some unknown reason, you need to specify not specifically the registry files, but the folder with the installed Windows. Autoruns checks the presence of the system32 file \ ntdll.dll and then counts the files in the HKEY_LOCAL_MACHINE registry files from the system32 \ config \ folder . Because of this picky behavior, just copy the registry files and set the program on them will not work.





Separately, it should be noted that the current version 10.0 does not automatically unmount the connected bushes when exiting, and their files remain locked. You have to run regedit and fix it with your hands.

Despite the somewhat strange implementation, the new functionality is good. Previously, manually combing the registry of an operating system turned off in search of viruses and other nasty things was a long tedious task, similar to searching for a black cat in a dark room. Now we have a flashlight!

PS
The main drawback of the utility (and all the others from Sysinternals) has not gone anywhere. The instruction looks like this: