This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Autorun Items

mdouglas
Engaged Sweeper III

‎08-21-2012 08:43 PM

I was looking at the report "Autorun: High number of autorun items" and it was reporting about 70 of my computers had over 4000 autorun items. To investigate further I made a report to show all Autorun items and the number of computers. I'm curious to know why these .dll's and .exe's are reported as Autorun items by Lansweeper. Here are a few examples:


simpdata Common Startup simpdata.tlb 74
slayerxp Common Startup slayerxp.dll 74
slbcsp Common Startup slbcsp.dll 74
sensapi Common Startup sensapi.dll 74
share Common Startup share.exe 74
shell Common Startup shell.dll 74
shmedia Common Startup shmedia.dll 74
rtutils Common Startup rtutils.dll 74
rundll32 Common Startup rundll32.exe 74
samsrv Common Startup samsrv.dll 74
sapi.cpl Common Startup sapi.cpl.manifest 74
qasf Common Startup qasf.dll 74
qmgrprxy Common Startup qmgrprxy.dll 74
rasapi32 Common Startup rasapi32.dll 74
rasman Common Startup rasman.dll 74
rexec Common Startup rexec.exe 74
route Common Startup route.exe 74
rdshost Common Startup rdshost.exe 74
recover Common Startup recover.exe 74
regedt32 Common Startup regedt32.exe
Labels:
0 Kudos
6 REPLIES 6
mdouglas
Engaged Sweeper III

‎08-23-2012 06:38 PM

I'm running the latest version.

Database schema: 19
Website version: 4034
Servername 4.2.0.90

I looked at the date of last scan foe all of the Autorun items in question and they were from back in 2011. I blew away all the rows in tblAutorun and did a full rescan of some of the machines experiencing the issue and it looks like it no longer detects them anymore.

Thanks!
0 Kudos
Hemoco
Lansweeper Alumni

‎08-23-2012 06:02 PM

More recent Lansweeper versions skip autorun scanning for these kinds of machines and warn you that there is a configuration issue. (All other data is scanned normally.) Could you update your installation as per the instructions on page 103 and beyond of our online documentation.
0 Kudos
mdouglas
Engaged Sweeper III

‎08-23-2012 05:50 PM

Now that I know how you were pulling that I figured out what it was! Thanks!

Problem Description:
'Win32_StartupCommand' returns thousands of files (4000+) that look like they are coming from the windows system32 folder (C:\Windows\System32)

Cause:
If the windows registry string value "Startup" located at

"HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders" has no value or points to a non-existant folder then the problem described above occurs. This folder can be pointed to a dummy folder that is empy to prevent this problem or you can set this value to:

"C:\Documents and Settings\Default User\Start Menu\Programs\Startup"
0 Kudos
Hemoco
Lansweeper Alumni

‎08-23-2012 01:43 PM

Autorun info is pulled from the Win32_StartupCommand WMI class. Could you execute the command below on one of your client machines and verify the contents of the resulting lansweepertest.txt file. The results should match what is reported by Lansweeper for the machine.

c:\>wmic path win32_startupcommand >lansweepertest.txt
0 Kudos
mdouglas
Engaged Sweeper III

‎08-22-2012 05:58 PM

Sure.

Select Distinct Top 1000000 tblAutorun.Caption, tblAutorun.Location, tblAutorun.Command, Count(tblAutorun.AutorunID) As Count From tblAutorun Group By All tblAutorun.Caption, tblAutorun.Location, tblAutorun.Command Order By Count(tblAutorun.AutorunID) Desc

0 Kudos
Hemoco
Lansweeper Alumni

‎08-22-2012 05:54 PM

Could you post the SQL code of the report you ran.
0 Kudos

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now