Steps to remove viruses and Spyware manually

Step – 1

a. Click on StartMy Computer.
b. Double click on drive c: to open it.
When the window opens with all the files and folders,
Click on Tools Menu –> Folder Options –> View Tab
Check-  Show hidden files and folders.
Uncheck – Hide extensions for known file types
Uncheck – Hide protected operating system files.
Click Apply Press on  OK

Step – 2

a. In the c:\WINDOWS\system32\drivers  folder, open the “etc” folder. -> Double click on the “hosts” file.(To select a program to open with-select notepad). -> Remove unwanted host entries and save the file. Only the Following Content is needed in the Hosts file.

#          # source server
#              # x client host       localhost


Step – 3

a. Navigate to C:\WINDOWS\SYSTEM32\DRIVERS & Right click on the date modified tab on the window. You will be getting a drop down list. Check the options date created. A new list will come up to show the created date of the files.
Screen Shot -1
b. Check for newly created files in that window by a Google search and delete it if found malicious.
Repeat the same in

  3. c:\WINDOWS\system32\drivers
  4. C:\WINDOWS\Temp (Delete All of the Files and Folders inside the Temp Folder. Non of them are needed. This files are temporary files. It will slow down the computer and there is a possibility that they may contain virus)
  5. User Profiles

       A. In Windows XP

  • C:\Documents and Settings\All Users\Application Data
  • C:\Documents and Settings\{Your User Profile}\Application Data
  • C:\Documents and Settings\{Your User Profile}\Local Settings\Application Data
  • C:\Documents and Settings\{Your User Profile}\Local Settings\Temp (Delete All of the Files and Folders inside the Temp Folder. Non of them are needed. This files are temporary files. It will slow down the computer and there is a possibility that they may contain virus)

       B. In Windows Vista and Windows 7

  • C:\Program Data
  • C:\Users\{Your User Profile}\App Data\Local
  • C:\Users\{Your User Profile}\App Data\Roming
  • C:\Users\{Your User Profile}\App Data\Local\Temp (Delete All of the Files and Folders inside the Temp Folder. Non of them are needed. This files are temporary files. It will slow down the computer and there is a possibility that they may contain virus)


Undeletable files.

In case an exe file is undeletable, Right click on the task bar, click on task manager- Select the exe file and click on “End Process”. Now that file can be deleted.
Note: If task manager is disabled the tool from Microsoft  process explorer to be used in normal mode.

.DLL & sys  —- Refer how to remove permissions

Right click on the file -> Click on Properties. -> Click on the Security Tab -> Advanced Tab -> Remove permission for all the user name and add the user “everyone” and give full control -> Click on Apply and OK. -> Restart the computer -> Now the file can be deleted.

Step – 4

Loading points.

a. Check the following loading points and delete newly created files.

Documents and Settings\All Users\Start Menu\Programs\Startup
Documents and Settings\[user name]\Start Menu\Programs\Startup
Documents and Settings\Administrator\Start Menu\Programs\Startup
Documents and Settings\Default User\Start Menu\Programs\Startup
WinNT\Profiles\All Users\Start Menu\Programs\Startup
WinNT\Profiles\[user name]\Start Menu\Programs\Startup
WinNT\Profiles\Administrator\Start Menu\Programs\Startup
WinNT\Profiles\Default User\Start Menu\Programs\Startup
Windows\Start Menu\Programs\Startup
Windows\All Users\Start Menu\Programs\Startup

Step – 5

a. Click on Start Menu –> Control Panel –> Add/Remove Programs icon. (In Windows XP)
In Click On Start Menu –> Control Panel –> Programs and Features icon.(Windows Vista and Windows 7)
b. Add/remove programs window opens up.
c. Remove the Unwanted Programfrom there. If you are not able to delete the programs   follow the steps below.
(i) Click on Start Menu –> My computer –> Local drive C:\ Program files.
(ii) Right click on the particular program folder-click on properties and check date created. Repeat the same to all new programs and close the program window.

If you are not sure about any Program name listed there check the program by Google search. If the program is new, go back to Add/remove programs list and remove/uninstall the program(s).  If you are not able to Uninstall it from  Add/Remove Programs rename the folder C:\ Program files\{Suspected Folder Name} with a name Infection and restart the computer. After the restart delete that Folder Infection.

Step – 6

Registry Clean-up (Be Careful while editing Registry. It is very Critical.  If you are not sure about it don’t do it. )

Press Windows Key and R key on your keyboard together, now you will get a Run window.

  • Type in regedit in run box  and press on Ok.
  • Take back up of registry on desktop.
  •  Remove the malicious entries in the locations listed below (File found on the right pane)

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

You can also delete malicious startup items from registry under following locations


Step – 7

Manage add-ons.

Open up the Internet Explorer -> Click on the Tools Option -> Click on Manage Add-Ons -> Disable unwanted add-ons -> Click OK and close the window.

Step – 8

Press Windows Key and R key on your keyboard together, now you will get a Run window.

Type in inetcpl.cpl –> Internet Properties window opens –> Click on the Tab Advanced–> Press on Reset the internet settings –> Click ApplyOK

Step – 9

MSCONFIG (To Control the Start Up Items)

Press Windows Key and R key on your keyboard together, now you will get a Run window.
In side the Run window type  MSConfig  and press on Ok. You will get a System Configuration Utility window -> Click on Startup Tab on the System Configuration Utility window. -> Uncheck unwanted start up items from the Startup Tab . -> Click on Services Tab. -> Uncheck unwanted services also. -> Click on Apply. -> Click on Ok. -> Restart the computer.

Step – 10

Run a Live update if Anti Virus product is installed. -> Start a Full system scan.


If you don’t have a Antivirus Program Install Norton Power Eraser, you can download it and get more information from the following link.

It is free so you don’t have to worry about the price. You just have to download and install and  run the Norton Power Eraser. It will take care of the rest.

Download Instructions:

  1. Go to the website
  2. Click Download Norton Power Eraser Icon
  3. On the File Download dialog, click Save.
  4.  Select the location to where you want the file saved, and click Save.
  5. Go to the location of the downloaded file and double-click the NPE icon.

Another computer may be necessary to download a antivirus, if the virus itself is persistant, i would advise ”Norton Power Eraser“. its main purpose is if a virus is persistant. here’s a link. read carefully before you use it, it should be used as a last resort or for peace of mind if you think you may be under any kind of threat from internet theft.

Because Norton Power Eraser uses aggressive methods to detect threats, there is a risk that it can select some legitimate programs for removal. You should use this tool very carefully. I hope it goes well for you.

If you wish you can try Norton Bootable Recovery Tool (NBRT)  also. For that you need a CD/DVD/USB. Find more about how to use the Norton Bootable Recovery Tool (NBRT) here. (For Norton users with a valid Product Key)


Kuttus is an IT professional and a part time blogger. He has started the 123seminarsonly to write his findings gained in daily work life. Kuttus writes articles which are mostly related to technology and Virus Removal. He has been interested in virus and Malware removal. He is working as a remote virus removal technician from the last 7 year.

More Posts - Website

Comments are closed.