If you have a lot of popups or an advertisement for fake antispyware, you have malware of on your PC. Here’s how to manually remove the virus from running in the first place. The majority of viruses in Windows XP are easy to find — and they’re more conspicuous than you would think.
Start in the registry. Most viruses launch when you log into Windows — they typically call an executable from the registry. In fact, that call will tell you exactly where the virus resides.
Click Start. Click Run and type: regedit.exe
Registry Editor opens. Expand HKEY_CURRENT_USER.
Then expand Software.
Next expand Microsoft.
Now expand Windows.
Then expand CurrentVersion.
Click on the Run folder. Here you’ll find some of the programs that launch on startup. A rule of thumb: a virus is a randomly generated string that makes no sense. Usually software writers title their files with names that describe what they do. At first glance — this is an example from a real virus I uprooted — it’s VpKspPwxlCbXa. This is likely a virus.
The real giveaway that this is a virus is the location of the application it’s calling. It’s in the Application Data folder. It launches every time you log in. So no matter how many times you reboot, it comes right back.
Write down where the virus resides. In this case, it’s in the All Users Application Data folder. Then simply right-click the registry key and delete it. Now you haven’t actually deleted the virus, you’ve only deleted the call that launches it, which is doing the minimum. A virus is just a program, after all, so if the virus doesn’t launch it does no harm. But delete the file system anyway.
Now it’s time to go to the Application Data Folder. There is more than one — follow the path exactly as you wrote it down.
Now right-click My Computer. Select Explore.
Expand Documents and Settings.
Expand All Users
Click on Application Data.
Try to delete the virus — just right-click and delete it. It’s not likely you can because it’s running in memory. Do rename it, though. You want to rename that .exe to anything else.
After you rename it, reboot the PC and return to the same location.
Because you’ve deleted the call from registry the virus won’t run in memory. Now you are able to delete it. Do it!
This set of steps comes in really handy when you have a virus or malware that your antivirus software doesn’t catch. Remember to always keep your PC and antivirus software up-to-date.