In the right had column look at all the programs that run for your profile when you log on. Anything look unusual? A program you don't use? If you find something don't delete it yet.
Right click on the name, select 'Modify' and copy that information then paste it to either your word processor or notepad (I use notepad, it doesn't do any special formatting when you paste text in it). Once you have the information high light the virus name and then delete it.
What if you didn't find anything unusual or the windows registry key was empty?
That is ok you would move on to the next step.
The next step is to go to the HKEY_LOCAL_MACHINE key and expand it the same way as above it will look like this:
table, or PDF was removed because it will not display on your device. Check back on a PC....
As above look for anything unusual in the right hand column, if you find anything use the steps above to copy the information about the virus.
The information you copied will give you the actual executable file and it's location.
Next copy the executable file name and extension, go to the search function of Regedit and do a search for any more keys where the sneaky
thing is hiding. When you find one delete the complete key, to do that go to the left hand column and highlight the name of the key and press delete.
Note: If you found the executable name in the Task Manager or the Startup folder do your search and when you find the key copy the information to the location of the executable file then delete the key.
Keep searching until regedit comes up with the "Finished searching through the
registry." and click ok.
The virus executable name is not in the windows registry any more.
Next go to the folder where the executable is hiding and delete the complete folder, deleting only the infected file will not kill it off entirely. Sometimes the
thing is hiding in another file, if this is the case you have a 99% chance it is in that folder.
Restart your computer.
Did you kill it off? If so then run your AV scan in Safe Mode again but do a full scan of all files in all drives. If the scan comes back clean then you have eradicated the
However if you find you didn't kill it off then it is hiding in one of the startup files, it could be in a dll or a driver.
Do you have as image of the C: drive
and ghost32? You may have to use it.
You will find more information about the windows registry and how to clean it in the
Self Computer Repair Unleashed! 2nd Edition E-Book.