Well, this is definitely a virus, but it's not the mother of the virus.
If you open any web page, it will automatically generate a temporary folder, then the virus has penetrated into your computer ... you can do further inspection.
It is recommended to check all the locations that can be started in the registry. Let me give you some examples of specific key positions.
HKLM \ Software \ Microsoft \ Windows NT \ Current Version \ Winlogon \ Userinit
HKLM \ Software \ Microsoft \ Windows NT \ Current Version \Winlogon\Shell
HKLM \ Software \ Microsoft \ Windows \ Current Version \ Running
HKCU \ Software \ Microsoft \ Windows \ Current Version \ Running
HKLM \ Software \ Category \ Protocol \ Filter
HKLM \ Software \ Class \ Protocol \ Processor
HKCU \ Software \ Microsoft \ Internet Explorer \ Desktop \ Component
HKLM \ Software \ Microsoft \ Active Installer \ Installed Components
HKLM \ Software \ Microsoft \ Windows \ Current Version \ Explorer \ SharedTasks Scheduler
HKLM \ Software \ Microsoft \ Windows \ Current Version \ ShellServiceObjectDelay Load
HKLM \ Software \ Microsoft \ Windows \ Current Version \ Explorer \ Shell Execution Hook
HKLM \ Software \ Microsoft \ Windows \ Current Version \ Shell Extension \ Approval
HKLM \ Software \ Class \ Folder \ Shellex \ Column Processor
HKLM \ Software \ Microsoft \ Windows \ Current Version \ Explorer \ Browser Assistant Object
HKCU \ Software \ Microsoft \ Internet Explorer \ URL Search hooks.
HKLM \ Software \ Microsoft \ Internet Explorer \ Toolbar
HKLM \ Software \ Microsoft \ Internet Explorer \ Extension
HKLM \ System \ Current Control Set \ Service
HKLM \ System \ Current Control Set \ Control \ Session Manager \ Start execution.
HKLM \ Software \ Microsoft \ Windows NT \ Current Version \ Image File Execution Options
HKLM \ System \ Current Control Set \ Control \ Session Manager \KnownDlls
HKLM \ Software \ Microsoft \ Windows NT \ Current Version \ Winlogon \ UIHost
HKLM \ Software \ Microsoft \ Windows NT \ Current Version \ Winlogon \ Notification
HKLM \ System \ Current Control Set \ Service \ WinSock2 \ Parameters \ Protocol _ Directory 9
HKLM \ System \ Current Control Settings \ Control \ Print \ Monitor
HKLM \ System \ Current Control Set \ Control \ Security Provider \ Security Provider
HKLM \ System \ Current Control Set \ Control \ Lsa \ Authentication Package
HKLM \ System \ Current Control Set \ Control \ Lsa \ Notification Package
HKLM \ System \ Current Control Set \ Control \ Lsa \ Security Package
HKLM \ System \ Current Control Set \ Control \ Network Provider \ Order
Then check whether there is a virus driver in the driver, and you can use the method of verifying Microsoft digital signature.
Then check the WIN32 service.
Check BHO, message hook, SSDT, image hijacking and processing module again.