Start in the registry. Most viruses launch when you log into Windows — they typically call an executable from the registry. In fact, that call will tell you exactly where the virus resides. Click Start. Click Run and type: regedit.exe Click OK.

Registry Editor opens. Expand HKEY_CURRENT_USER.

Then expand Software.

Next expand Microsoft.

Now expand Windows. ‘ Then expand CurrentVersion.

Click on the Run folder. Here you’ll find some of the programs that launch on startup. A rule of thumb: a virus is a randomly generated string that makes no sense. Usually software writers title their files with names that describe what they do. At first glance — this is an example  from a real virus I uprooted — it’s VpKspPwxlCbXa. This is likely a virus. The real giveaway that this is a virus is the location of the application it’s calling. It’s in the Application Data folder. It launches every time you log in. So no matter how many times you reboot, it comes right back. Write down where the virus resides. In this case, it’s in the All Users Application Data folder. Then simply right-click the registry key and delete it. Now you haven’t actually deleted the virus, you’ve only deleted the call that launches it, which is doing the minimum. A virus is just a program, after all, so if the virus doesn’t launch it does no harm. But delete the file system anyway. Now it’s time to go to the Application Data Folder. There is more than one — follow the path exactly as you wrote it down.

Now right-click My Computer. Select Explore.

Expand Documents and Settings.

Expand All Users

Click on Application Data.

Try to delete the virus — just right-click and delete it.  It’s not likely you can because it’s running in memory. Do rename it, though. You want to rename that .exe to anything else.

After you rename it, reboot the PC and return to the same location. Because you’ve deleted the call from registry the virus won’t run in memory. Now you are able to delete it. Do it!

This set of steps comes in really handy when you have a virus or malware that your antivirus software doesn’t catch. Remember to always keep your PC and antivirus software up-to-date. There is a faster and more safe way to do this. Download from Microsoft Autoruns. It shows in the logon tab the startup nasties and you can double click the entry to take you to the registry entry. FYI, Bruce pruning the registry doesn’t always cut it. You boot to a disc or flash drive, then it will scan your system and get rid of the malware — hopefully. I would definitely give this a try. https://www.groovypost.com/howto/remove-viruses-malicious-code-windows-defender-offline-security/ Comment Name * Email *

Δ  Save my name and email and send me emails as new comments are made to this post.

Windows XP Security  Manually Remove Viruses from Your PC - 79Windows XP Security  Manually Remove Viruses from Your PC - 70Windows XP Security  Manually Remove Viruses from Your PC - 70Windows XP Security  Manually Remove Viruses from Your PC - 33Windows XP Security  Manually Remove Viruses from Your PC - 8Windows XP Security  Manually Remove Viruses from Your PC - 8Windows XP Security  Manually Remove Viruses from Your PC - 11Windows XP Security  Manually Remove Viruses from Your PC - 4Windows XP Security  Manually Remove Viruses from Your PC - 67Windows XP Security  Manually Remove Viruses from Your PC - 35Windows XP Security  Manually Remove Viruses from Your PC - 66Windows XP Security  Manually Remove Viruses from Your PC - 28Windows XP Security  Manually Remove Viruses from Your PC - 76Windows XP Security  Manually Remove Viruses from Your PC - 64