Menu
-->
![Mac Mac](/uploads/1/1/9/5/119550684/183314734.jpg)
By Mark Russinovich
Published: June 24, 2020
Basically, auto-run is considered a security problem and so is not supported in OSX. Sophie (formerly known as Ben) Alpert's answer is also a bit overkill. Most installers for OSX simply open up a folder to show the application and, possibly, a readme. GoFlex™ for Mac® Ultra-portable Drive Black 1TB STBA1000102 1TB 1024.0: FireWire 800, USB 2.0: 3 years: GoFlex® for Mac® Ultra-portable Drive 1.5TB STBA1500100 3-year limited warranty. 1.5TB 1536.0: FireWire 800, USB 2.0.
Download Autoruns and Autorunsc(2.5 MB)
Run now from Sysinternals Live.
Run now from Sysinternals Live.
Introduction
This utility, which has the most comprehensive knowledge ofauto-starting locations of any startup monitor, shows you what programsare configured to run during system bootup or login, and when you startvarious built-in Windows applications like Internet Explorer, Explorerand media players. These programs and drivers include ones in yourstartup folder, Run, RunOnce, and other Registry keys.Autoruns reports Explorer shell extensions, toolbars, browser helperobjects, Winlogon notifications, auto-start services, and muchmore. Autoruns goes way beyond other autostart utilities.
Autoruns' Hide Signed Microsoft Entries option helps you to zoomin on third-party auto-starting images that have been added to yoursystem and it has support for looking at the auto-starting imagesconfigured for other accounts configured on a system. Also included inthe download package is a command-line equivalent that can output in CSVformat, Autorunsc.
You'll probably be surprised at how many executables are launchedautomatically!
Screenshot
Usage
Simply run Autoruns and it shows you the currently configuredauto-start applications as well as the full list of Registry and filesystem locations available for auto-start configuration. Autostartlocations displayed by Autoruns include logon entries, Explorer add-ons,Internet Explorer add-ons including Browser Helper Objects (BHOs),Appinit DLLs, image hijacks, boot execute images, Winlogon notificationDLLs, Windows Services and Winsock Layered Service Providers, mediacodecs, and more. Switch tabs to view autostarts from differentcategories.
To view the properties of an executable configured to run automatically,select it and use the Properties menu item or toolbar button. IfProcess Explorer isrunning and there is an active process executing the selected executablethen the Process Explorer menu item in the Entry menu will openthe process properties dialog box for the process executing the selectedimage.
Navigate to the Registry or file system location displayed or theconfiguration of an auto-start item by selecting the item and usingthe Jumpto Entry menu item or toolbar button, and navigate tothe location of an autostart image.
To disable an auto-start entry uncheck its check box. To delete anauto-start configuration entry use the Delete menu item or toolbarbutton.
The Options menu includes several display filtering options, such asonly showing non-Windows entries, as well as access to a scan optionsdialog from where you can enable signature verification and Virus Totalhash and file submission.
Select entries in the User menu to view auto-starting images fordifferent user accounts.
More information on display options and additional information isavailable in the on-line help.
Autorunsc Usage
Autorunsc is the command-line version of Autoruns. Its usage syntax is:
Usage: autorunsc [-a <*|bdeghiklmoprsw>] [-c|-ct] [-h][-m] [-s] [-u] [-vt] [[-z ] | [user]]]
Parameter | Description |
---|---|
-a | Autostart entry selection: |
* | All. |
b | Boot execute. |
d | Appinit DLLs. |
e | Explorer addons. |
g | Sidebar gadgets (Vista and higher) |
h | Image hijacks. |
i | Internet Explorer addons. |
k | Known DLLs. |
l | Logon startups (this is the default). |
m | WMI entries. |
n | Winsock protocol and network providers. |
o | Codecs. |
p | Printer monitor DLLs. |
r | LSA security providers. |
s | Autostart services and non-disabled drivers. |
t | Scheduled tasks. |
w | Winlogon entries. |
-c | Print output as CSV. |
-ct | Print output as tab-delimited values. |
-h | Show file hashes. |
-m | Hide Microsoft entries (signed entries if used with -v). |
-s | Verify digital signatures. |
-t | Show timestamps in normalized UTC (YYYYMMDD-hhmmss). |
-u | If VirusTotal check is enabled, show files that are unknown by VirusTotal or have non-zero detection, otherwise show only unsigned files. |
-x | Print output as XML. |
-v[rs] | Query VirusTotal for malware based on file hash. Add 'r' to open reports for files with non-zero detection. Files reported as not previously scanned will be uploaded to VirusTotal if the 's' option is specified. Note scan results may not be available for five or more minutes. |
-vt | Before using VirusTotal features, you must accept the VirusTotal terms of service. If you haven't accepted the terms and you omit this option, you will be interactively prompted. |
-z | Specifies the offline Windows system to scan. |
user | Specifies the name of the user account for which autorun items will be shown. Specify '*' to scan all user profiles. |
Related Links
- Windows Internals Book The official updates and errata page for the definitive book onWindows internals, by Mark Russinovich and David Solomon.
- Windows Sysinternals Administrator's Reference Theofficial guide to the Sysinternals utilities by Mark Russinovich andAaron Margosis, including descriptions of all the tools, theirfeatures, how to use them for troubleshooting, and examplereal-world cases of their use.
Autorun Mac Os
Download
Download Autoruns and Autorunsc(2.5 MB)
Run now from Sysinternals Live.
Run now from Sysinternals Live.
![Mac Mac](/uploads/1/1/9/5/119550684/183314734.jpg)
Nowadays, more and more PC user move into Mac OSX environment. Infecting a Mac OS will become more and more popular in the coming few years. Apple always claim that Mac OSX is virus-free. Yes, that is true, when they are still in the PowerPC generation. Once they changed to Intel architecture, it is easier for virus writer to write code in other OS, which can also run in Mac OS.
However, long time ago Apple notified that USB autorun is a dangerous thing, even though it is very conveninet for user. This feature is excluded from the system long time ago. As a result, the techniques mentioned in the previous post are not possible to perform in Mac OS. The only way I think that can be used to infect Mac OS is like the boot virus, eg. inject a jump instruction in the boot sector of the USB storage device.
Instead of describing how the infection can be done, I want to introduce an interesting USB virus (Although I think this is a hoax) and some other viruses on Mac. The USB virus is developed by Troika, an art and design studio located in London. They published the demo of this virus on the web with name Newton. This virus will break the Mac OS in piece, and they claimed that the effect only appeared once. Here is the demo of the virus:
The first worm on Mac OS X was discovered in Feb, 2006, announced by SophosLabs. This worm spreads via iChat instant messenger, forwarding itself as a file called latestpics.tgz to contacts on the infected users’ buddy list. When the latestpics.tgz archive file is opened on a computer it disguises its contents with a JPEG graphic icon in an attempt to fool people into thinking it is harmless.
“This is the first real virus for the Mac OS X platform,” continued Graham Cluley – Senior Technology Consultant in SophosLabs. “Apple Mac users need to be just as careful running unknown or unsolicited code on their computers as their friends and colleagues running Windows.”
Autorun Cd Mac Os X
For more detail about this first virus on Mac OS X, please visit this link:
Only one worm, disproved the virus-free promise from Apple.
Autorun For Mac Os 10.10
P.S. Apple changed its virus-free statement to “Designed with security in mind, Mac OS X isn’t plagued by constant attacks from viruses and malware. Likewise, it isn’t inundated by never-ending security dialogs.”
Autorun For Mac Os 10.13
Reference: