Some Steps on How to Use the OSAM: Autorun Manager
OSAM: Autorun Manager is first of all a scanner for malware, rootkits (hidden malware), unwanted programs detection and removal. It may be your right hand in cases, when your antivirus could not help.
And with the same success you can use the OSAM to manage applications, which are configured to run automatically when your system starts. For example, to disable unnecessary programs that slow down your PC.
So, let’s view some steps on how to use the OSAM.
1. Start the OSAM. It will show you what programs and system components are configured to run automatically when your system starts. It shows you ALL entries that he had found, not only malicious ones.
2. In order to help people with analyzing all these entries, we have created the Online Malware Scanner.
So, you will be suggested to scan your startup files for viruses and malware.
This will simplify the detection of malware, because most of files automatically will get “Trusted” (
) status, that will allow to leave them out from the list of suspicious objects. Even if the user does not have advanced knowledge about computer.
After this you can use here a “Filters” function (press the “Filters” button on the OSAM top toolbar). And temporarily disable displaying of safe files by unchecking, for example, “Trusted”, “Up-to-You” and “Checked” statuses:
In this way all trusted files will be not displayed in the list and won’t bother you in searching for malware ones.
Excursus
Some information on the statuses of Online Malware Scanner:
Trusted - safe files of trusted programs.
Up-to-You - some users often want to disable programs startups, that they do not take up necessary system resources all the time. So this status means: safe program, but it is up to you whether or not you want it to run on startup. Thus, if you do not want such program starting automatically, you can disable it using OSAM (in spite of it you can run this program manually when you need it).
Also, various legit Internet Explorer toolbars and browser components have this status too. Because not all people like them (especially when user has no idea from where he/she got such browser component).
Checked - most probably the file is safe. “Checked” is a temporary status that is given after the file primary analysis. After a time this status usually is turned into “Trusted” or “Up-to-You” (in rare cases it could become “Unwanted” or “Malware” also, but this happens really very rarely).
Malware - malicious files. Trojans, rootkits, worms, viruses, spyware, etc.
Unwanted - potentially unwanted programs, e.g. various adware applications.
Suspicious - most probably the file is malicious. On the analogy of “Checked” status, “Suspicious” is a temporary status that is given automatically by heuristic analyzer or after the file primary check. After a time this status usually is turned into “Malware” or “Unwanted” (in rare cases it could become, for example, “Up-to-You” or “Riskware” also, but this happens very rarely).
Infected - safe programs infected (modified) by virus. Infected files need to be replaced with the original copy (when, for example, system file is patched by malware) or need to be treated by antivirus program (when, for example, most part of .EXE files are infected with Virus.Win32.Sality, Virus.Win32.Virut, Virus.Win32.Parite, Virus.Win32.Hidrag or others). Usually we leave a special comment to such files, that user could know what to do in general way (you can see information regarding Online Scanner at the bottom of file detailed information or in the results of Online Malware Scanner).
Riskware - legit programs, which may be dangerous if operated by cyber criminals. For example, remote control applications, activity monitoring programs, password breaking utilities, etc. Usually, if you did not install such kind of software for yourself and you do not use it, it’s better to disable these entries.
Unknown - the file has not been analyzed yet. So, it could be both safe or malware.
If you are not sure about such file safety, it’s recommended to wait a little and then perform a scan again. After some time these files will be added to the database and will get some “good” or “bad” status.
You should know also, that each users’ scan (request) is analyzed by malware analysts individually. That is, in fact, like a personal visit to a “doctor” with your personal problems. It’s not the same when you are scanning files by antivirus. Because when antivirus writes you that this file has no malicious code inside, that does not mean that the file is trusted. It could mean also that antivirus has no required malware signature yet. But our analysts are looking at each unknown file before adding it to the database with proper status.
3. Scroll through the list of files and disable malicious objects by removing the check-marks near them. Then press “Apply” button.
After that the startup of malware will be disabled. And next time you will boot your computer, the malware will stay inactive, cause it will not be able to start automatically any more.
Note: If you have more than one malware entries, in some cases it is important not to press “Apply” until you haven’t unchecked all of them, because, if some component of the virus remains active, it can restore all the other components.
4. Now it’s recommended to restart your computer (it is not necessary in all cases - this depends on the type of malware).
5. Start OSAM again to make sure that malware entries are not restored.
And then delete inactive malware files from the disk.
To simplify the search for disabled files you can right-click on needed entry and choose “Jump to file” option:
This will open the folder containing the file. Delete the file.
6. Also, you can remove disabled entries from the OSAM storage (it saves information of entries you have disabled, in case you want to restore it someday).
Right-click on the disabled entry and choose “Delete from storage” option:
Excursus
What to do if malware entries are automatically restored.
There some “stubborn” malware, which don’t want to go away with the easy way.
So, in this case you need the “Disable objects using the driver” function.
Before disabling the malicious entries as described above, do the following. Go to OSAM settings by pressing “Settings” button on the top toolbar.
And set the “Disable object using the driver” option to “Always“.
Then, do everything as it has been described before.
After pressing “Apply” you will be prompted to reboot your system:
So, in short steps for Malware Removal are:
- Disable malicious objects.
- Reboot (after this the malware will not be active).
- Delete inactive malware file.
- Delete disabled entry from OSAM storage, if you want.
Hope, this helps to understand the OSAM better.
If you have some more questions on this program - you are welcome.
World News
World News section currently available in Russian only. Sorry!
Phone: +7 (812) 406-9973
e-mail: