Check all the obvious places such as your Windows startup folder, the Startup tab in msconfig, and any registry...
keys referencing this program under HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Current Version/Run in regedit. Also, you cannot underestimate malware that's located in a seemingly benign directory such as the Windows temp directory. It's therefore important to run a full system scan.
Remove malware step-by-step
Step 1: Use several tools
Step 2: Try free tools
Step 3: Check obvious places
Step 4: Dig deeper
Step 5: Unload infected software
Step 6: Disable system restore, reboot in safe mode
Step 7: Check for software corruption or hardware problem
Step 8: Don't rely solely on a search engine
Step 9: Check for vendor-specific removal tools
Step 10: Hash suspect files
Step 11: When in doubt, reload
Step 12: Create a formal security incident response plan
About the author
Kevin Beaver is an independent information security consultant, author, and speaker with Atlanta-based Principle Logic, LLC. He has more than 18 years of experience in IT and specializes in performing information security assessments. Kevin has written five books including Hacking For Dummies (Wiley), Hacking Wireless Networks For Dummies, and The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He can be reached at kbeaver @ principlelogic.com.
This tip originally appeared on SearchWindowsSecurity.com.