You turn on the laptop, and instead of the usual desktop, it immediately starts browser with a suspicious site — advertising, casino or unknown search engine? This is not just annoying, but also signals serious problems: from malware before failures in the Windows registry. In 90% of cases the reason lies in virus startup, which masquerades as legitimate processes, but sometimes browser settings or even hardware faults are to blame.

In this article - a complete analysis of all possible causes and 7 proven ways to fix the problem, including screenshots, commands for manual cleaning and instructions for Windows 7/10/11. We won't advise you to "just reinstall the system" - instead we'll show you how find and remove the virus manually, even if the antivirus does not see it. Let's start with the simplest and end with advanced methods for experienced users.

1. Checking startup: where the virus is hiding

The first place you should look is task manager. Many viruses add themselves to startup, masquerading as harmless programs like Chrome.exe or UpdateService.exe. But even if the name looks familiar, this does not guarantee security: modern Trojans skillfully fake icons and descriptions.

How to check:

  • 🔍 Open Task Manager combination Ctrl + Shift + Esc → go to the tab Autoload.
  • ⚠️ Pay attention to programs with unknown publishers or in strange ways (for example, C:\Users\AppData\Roaming\random_name\).
  • 📁 Check it out File location (right click → Properties): Viruses often hide in folders with random letters.
  • 🚫 Disable suspicious elements and restart your laptop.
📊 How often do you check startup for viruses?
  • Never
  • Once a month
  • Only when problems arise
  • After every Windows update

If after disconnecting the problem the problem disappeared, it means that the virus was in startup. But Don’t rush to delete files manually: Some Trojans repair themselves after a reboot. Better first make a system backup or use specialized utilities like Autoruns from Microsoft.

⚠️ Attention: Viruses often disguise themselves as svchost.exe or explorer.exe. Do not disable system processes - this may lead to Windows crash!

2. Cleaning the browser: resetting settings and removing extensions

Sometimes the problem lies not in the system, but in the browser itself. Malicious extensions or changed settings may cause Chrome, Edge or Firefox open unwanted sites every time you start. This is especially common after installing “free” programs from torrents.

What to do:

  1. Open your browser and go to Settings → Extensions (chrome://extensions for Chrome).
  2. Remove all suspicious plugins (especially those with names like "Safe Browsing", "Video Downloader" or "Search Manager").
  3. Reset your browser settings to factory defaults:
    Chrome: Настройки → Дополнительные → Восстановить настройки и очистить
    

    Edge: Настройки → Сбросить настройки

    Firefox: Справка → Устранение неполадок → Обновить Firefox

  4. Check Browser Shortcut Properties (right click → Properties): in the field Object there should be no extra links after chrome.exe.

Remove unknown extensions

Reset browser settings

Check shortcut for unnecessary parameters

Clear cache and cookies -->

If after resetting the browser still opens an unwanted site, the problem is deeper - it may be a virus changed the hosts file or infiltrated the registry. In this case, only a comprehensive cleaning of the system will help.

3. Checking the hosts file: how viruses redirect traffic

File hosts is your laptop's "phone book" that matches domain names to IP addresses. Viruses often edit it to redirect you to fraudulent sites, even if you enter the correct address (for example, google.com leads to a phishing page).

How to check and fix:

  • 📄 Open the file hosts along the way:
    C:\Windows\System32\drivers\etc\hosts

    (open Notepad as administrator and drag the file there).

  • 🔎 In normal state, the file should contain only comments (lines with #) and one entry 127.0.0.1 localhost.
  • ❌ Remove all suspicious lines (for example, 185.12.45.67 google.com).
  • 💾 Save the file (if that doesn’t work, change the access rights via Properties → Security).

After editing, restart your laptop. If the file hosts changed again after reboot - that means it’s a virus actively defends himself and requires deeper cleaning (see section 5).

Example of an infected hosts file

127.0.0.1 localhost

# Viral entries:

185.123.45.67 google.com

91.201.64.54 yandex.ru

45.76.123.45 facebook.com

4. Scanning for viruses: which tools work better than antivirus

Standard antiviruses (like Windows Defender or Avast) are often missed rootkits and trojans, which are responsible for autostarting the browser. For a deep scan, you will need specialized utilities that scan boot sectors, registry and system processes.

The best tools to scan for viruses:

UtilityWhat is looking forHow to use
MalwarebytesRootkits, spyware, adwareDownload from the official website → Full scan → Delete everything found
AdwCleanerAdware, browser redirectsRun → Click ScanClear
HitmanProHidden threats that antiviruses missRun without installation → Scan
Kaspersky Virus Removal ToolTrojans, worms, encryption virusesDownload from Kaspersky website → Update databases → Full scan

Important: run scan in safe mode (while booting the laptop, hold F8 or Shift + Reboot). This will prevent the utilities from being blocked by a virus. If after cleaning the problem remains, the virus could infiltrate Windows system files, and a system restore will be required.

💡

If the antivirus does not find threats, but the browser still opens, check Job Scheduler (taskschd.msc). Viruses often create tasks with the trigger "When the computer starts."

5. Manual virus removal through the registry (for advanced users)

If automatic scanners do not help, you will have to dig deeper - to the Windows registry. Viruses are often registered in sections responsible for startup and are disguised as legitimate keys. An error when editing the registry can lead to system inoperability - be careful!

Registry keys to check:

  • 🔑 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  • 🔑 HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  • 🔑 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
  • 🔑 HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load

How to clean:

  1. Click Win + R, enter regedit and confirm.
  2. Follow the indicated paths and search suspicious entries (with random names or paths to AppData\Roaming).
  3. Delete them but do not touch system keys (For example, SecurityHealth or OneDrive).
  4. Check section HKEY_CLASSES_ROOT\exefile\shell\open\command - some viruses replace startup .exe-files.
⚠️ Attention: Before editing the registry be sure to create a restore point (Control Panel → Recovery → Set up system recovery). The error may make Windows inoperable!

6. System Restore or Reinstall Windows

If none of the methods work, there are two radical options left: system rollback to the state "before infection" or clean installation of Windows. The first method is faster, but only works if the virus does not have time to damage the restore points.

How to restore the system:

  • 🔄 Open Control Panel → Recovery → Run System Restore.
  • 📅 Select the restore point created before the problem occurs (preferably 1-2 weeks in advance).
  • ⚙️ Confirm the recovery and wait for the reboot.

If recovery does not help or there are no points:

  • 💿 Download Media Creation Tool from the Microsoft website and create a bootable USB flash drive.
  • 🔧 Boot from the flash drive and select Custom installation (save the files on a separate drive if necessary).
  • 🛡️ After installation, immediately update Windows and install an antivirus.
💡

Reinstalling Windows is a last resort. In 80% of cases, the problem can be solved by cleaning the registry and startup, but if the virus is deeply embedded in the system, this is the only reliable way.

7. Check for hardware problems (if there are no viruses)

In rare cases, the browser may open due to hardware failures:

  • 🖥️ Faulty keyboard (sticky keys, e.g. Win + E or Ctrl + T).
  • 🔌 Problems with BIOS/UEFI (if autostart of network services is specified in the settings).
  • 📡 Network adapter with virus firmware (found in cheap laptops with Chinese chips).

How to diagnose:

  • 🔧 Connect an external keyboard - if the problem disappears, the built-in one is to blame.
  • 🔄 Reset BIOS to factory settings (click F2/Del when loading → Load Default Settings).
  • 🌐 Test your laptop on another Internet connection (for example, from your phone via USB).

If the browser opens even in Safe Mode or on Linux live disk - this is 100% a hardware problem. In this case, it will only help keyboard replacement or flashing the BIOS (preferably at a service center).

FAQ: Frequently asked questions about browser autostart

❓ Why doesn’t the antivirus find the virus, although the browser opens itself?

Modern viruses use obfuscation technologies And polymorphic code, which changes every time you run it. They can hide in:

  • 📁 Temporary folders (%Temp%, AppData\LocalLow).
  • 🔄 Alternative data streams (ADS) - invisible to standard scanning.
  • 🖥️ Embedded in legitimate processes (for example, explorer.exe).

Use Malwarebytes paired with HitmanPro — they are better at detecting such threats.

❓ Could the problem be due to a browser extension if I haven’t installed anything?

Yes! Viruses often replace installers of popular programs (like Adobe Flash Player or Java) and quietly add extensions. They can also:

  • 🔄Modify Shortcut browser (adding the parameter --load-extension).
  • 📁 Replace browser files (for example, prefs.js in Firefox).
  • 🔑 Infiltrate Local Storage via JavaScript.

Check chrome://extensions for extensions with unknown permissions (for example, access to history or bookmarks).

❓ How to prevent re-infection?

To prevent the problem from returning:

  • 🔒 Install ad blocker (uBlock Origin) - it will intercept malicious scripts.
  • 🛡️ Use Firewall (For example, TinyWall) to block suspicious connections.
  • 🔄 Update Windows and browser regularly (viruses exploit vulnerabilities of old versions).
  • 🚫 Do not download programs from torrents - use official sites or Ninite.