Most viruses launch when you log into Windows — they typically call an executable from the registry. In fact, that call will tell you exactly where the virus resides.
Start in the registry.
- Click Start. Click Run and type: regedit.exe
- Registry Editor opens. Expand HKEY_CURRENT_USER
- Then expand Software. Next expand Microsoft.
- Now expand Windows.
- Then expand CurrentVersion.
- Click on the Run folder.
Here you’ll find some of the programs that launch on startup. A rule of thumb: a virus is a randomly generated string that makes no sense.
The real giveaway that this is a virus is the location of the application it’s calling. It’s in the Application Data folder. It launches every time you log in. So no matter how many times you reboot, it comes right back.
Write down where the virus resides. In this case, it’s in the All Users Application Data folder. Then simply right-click the registry key and delete it. Now you haven’t actually deleted the virus, you’ve only deleted the call that launches it, which is doing the minimum. A virus is just a program, after all, so if the virus doesn’t launch it does no harm. But delete the file system anyway.
Now it’s time to go to the Application Data Folder. There is more than one — follow the path exactly as you wrote it down.
if its a VIRUS try the step in SAFEMODE